Agentless Linux Security

Go agentless to protect Linux with unmatched speed and reliability.

Protect 50 Hosts Free Now

Sandfly - Linux Security Without Endpoint Agents

Sandfly is a Linux security solution that is tailor-made to detect and repel attackers, without the need for endpoint agents. With our agentless platform, we have effectively eliminated the performance, stability, and deployment problems that are often associated with traditional agent-based Endpoint Detection and Response (EDR).

Sandfly actively hunts for intruders on Linux 24 hours a day. With Sandfly, you simply point it at the hosts you need protected and it begins working immediately across your Linux fleet.

Learn Why

Intrusion Detection and Incident Response for Linux

Halt security incidents and find compromised Linux hosts before they cause significant damage. Our agentless security solution deploys rapidly and provides you with the detailed forensic information necessary for an effective response. Sandfly's wide-ranging Linux security detection capabilities can find compromised systems in seconds minimizing malware and intruder dwell time and without stability or performance impacts on the endpoint.

Learn How
Sandfly Alert Detail

Identify, Track, and Respond to SSH Credential Use and Abuse

Compromised SSH keys are a leading cause of security breaches on Linux. With Sandfly's SSH Hunter, businesses can maintain control over this vital data via fully automated key tracking and auditing. Sandfly gathers SSH public key data agentlessly, constructing a detailed profile of key locations, user associations, timestamps, and more, while identifying risk factors like duplicate and recently created keys.

Learn More
SSH Hunter Explorer Fullscreen

Automatically detect compromised Linux systems.

Protect Hosts Now

Protect All Linux Systems

Protect the widest range of Linux systems without modifications, from large cloud clusters to containers to embedded Linux. Sandfly ensures cross-platform defense for the most Linux distributions of any product on the market. Sandfly easily operates across different CPUs and legacy environments - the same environments often neglected by agent-based platforms. We can even operate on Linux systems up to a decade old.

Learn How


Sandfly only requires SSH access and has been tested on the platforms below plus many more. Nobody has wider and more reliable Linux coverage than Sandfly.


Sandfly provides comprehensive protection for numerous Linux variants and versions, supporting Intel, AMD, Arm, or MIPS CPUs without modifications.

High Performance & Low CPU Impact

Our unique random scanning works without killing bandwidth, impacting performance, causing system instability, or alerting intruders to its presence.

Read More

Task Queue 4.0

Comprehensive Linux Protection

Sandfly is the Linux security and forensic expert your team needs to stay ahead of threats.


Deploy Sandfly instantly to hunt for intruders across all your Linux systems, including on-premises and cloud-based deployments. Sandfly's agentless scanning defends both host operating systems and the containers they run.


Deploy Sandfly's 1,100+ modules designed specifically to identify advanced Linux attacks, including credential theft, stealth rootkits, and evasive backdoors. Sandfly's singular focus on Linux gives us the industry's best coverage.


Implement automatic response to threats for instant intrusion containment and control. Sandfly's agentless response features deliver automated protection across all your systems without the worry of complex compatibility and stability issues.

Secure your Linux systems with Sandfly.

Protect Hosts Now