Agentless Linux Security

Go agentless to protect Linux with unmatched speed and reliability.

Protect 50 Hosts Free Now

Sandfly - Linux Security Without Endpoint Agents

Sandfly is a Linux security solution that is tailor-made to detect and repel attackers, without the need for endpoint agents. With our agentless deployment, we have effectively eliminated the performance and stability problems that are often associated with traditional agent-based security systems.

As seasoned Linux professionals, we are dedicated to helping you identify and address security threats, including intruders, malware, and vulnerabilities. Sandfly does all this without causing any performance or stability impacts to your critical Linux infrastructure.

Learn Why

Intrusion Detection and Incident Response for Linux

Halt security incidents before they cause significant damage. Our agentless security solution deploys rapidly and provides you with the detailed forensic information necessary for an effective response, without the risks of deploying endpoint agents. Sandfly's wide-ranging Linux security detection capabilities improve your knowledge and eliminates manual tasks, ultimately saving you time and money by avoiding false positives and minimizing malware and intruder dwell time.

Learn How
Sandfly Alert Detail

Identify, Track, and Respond to SSH Credential Use and Abuse

Unmonitored SSH keys can result in serious security breaches on Linux. With Sandfly's SSH Hunter, you can maintain control over this vital data via fully automated key tracking and auditing. Sandfly gathers SSH public key data agentlessly, constructing a detailed profile of key locations, user associations, timestamps, and more, while identifying risk factors like duplicate and recently created keys.

Learn More
SSH Hunter Explorer Fullscreen

Automatically detect compromised Linux systems.

Protect Hosts Now

Protect All Linux Systems

Guarantee the protection of the widest range of Linux systems without modifications, from large cloud clusters to containers to embedded Linux. Sandfly ensures cross-platform defense and consistent support for the most Linux distributions of any security product on the market. Sandfly easily operates across different CPUs and legacy environments - the same environments often neglected by agent-based platforms. We can even operate on Linux systems up to a decade old.

Learn How


Sandfly only requires SSH access and has been tested on the platforms below plus many more. Nobody has wider and more reliable Linux coverage than Sandfly.


Sandfly provides comprehensive protection for numerous Linux variants and versions, supporting Intel, AMD, Arm, or MIPS CPUs without modifications.

High Performance & Low CPU Impact

Our unique random scanning works without killing bandwidth, impacting performance, causing system instability, or alerting intruders to its presence.

Read More

Task Queue 4.0

Comprehensive Linux Protection

Sandfly is the Linux security and forensic expert your team needs to stay ahead of threats.


Deploy Sandfly instantly to assist in threat hunting activities across all your Linux systems, including on-premises and cloud-based deployments. Sandfly's agentless scanning defends both host operating systems and the Docker images they run.


Deploy Sandfly's 1,100+ modules designed specifically to identify advanced Linux attacks, including credential theft, stealth rootkits, and evasive backdoors. Sandfly's singular focus on Linux ensures our expertise in identifying attack vectors.


Implement automatic response to threats for instant intrusion containment and control. Sandfly's agentless response features deliver automated protection across all your systems without the worry of complex compatibility and stability issues.

Secure your Linux systems with Sandfly's expertise.

Protect Hosts Now