Agentless Linux Security

Go agentless to protect Linux with unmatched speed and reliability.

Protect 50 Hosts Free Now

Sandfly - Linux Security Without Endpoint Agents

Sandfly is an agentless Linux security solution that is designed to detect and repel attackers, without the need for endpoint agents. With our agentless platform, we have eliminated the performance, stability, and deployment problems that are often associated with traditional agent-based Endpoint Detection and Response (EDR).

Sandfly actively hunts for intruders on Linux 24 hours a day in the cloud, on-prem, and even embedded systems. With Sandfly, you simply point it at the hosts you need protected and it begins working immediately across your Linux fleet.

Widest Linux Security Coverage in the Industry

Sandfly has the widest security coverage of Linux in the industry. Our agentless solution works on legacy systems through modern cloud deployments. We also work on notoriously difficult to monitor Linux-based appliances and embedded devices. Sandfly finds compromised systems in seconds, minimizing malware and intruder dwell time and without stability or performance impacts on the endpoint.

Learn How
Sandfly provides the widest LInux security coverage in the industry.

Identify, Track, and Respond to SSH Credential Use and Abuse

Compromised SSH keys are a leading cause of security breaches on Linux. With Sandfly's SSH Hunter, businesses can maintain control over this vital data via fully automated key tracking and auditing. Sandfly gathers SSH public key data agentlessly, constructing a detailed profile of key locations, user associations, timestamps, and more, while identifying risk factors like duplicate and recently created keys.

Learn More
SSH Hunter Explorer Fullscreen

Automatically detect compromised Linux systems.

Protect Hosts Now

Protect All Linux Systems

Protect the widest range of Linux systems without modifications, from large cloud clusters to containers to embedded Linux. Sandfly ensures cross-platform defense for the most Linux distributions of any product on the market. Sandfly easily operates across different CPUs and legacy environments - the same environments often neglected by agent-based platforms. We can even operate on Linux systems up to a decade old.

Learn How


Sandfly only requires SSH access and has been tested on the platforms below plus many more. Nobody has wider and more reliable Linux coverage than Sandfly.


Sandfly provides comprehensive protection for numerous Linux variants and versions, supporting Intel, AMD, Arm, MIPS and IBM POWER CPUs without modifications.

High Performance & Low CPU Impact

Our unique random scanning works without killing bandwidth, impacting performance, causing system instability, or alerting intruders to its presence.

Read More

Task Queue 4.0

Comprehensive Linux Protection

Sandfly is the Linux security and forensic expert your team needs to stay ahead of threats.


Deploy Sandfly instantly to hunt for intruders across all your Linux systems, including on-premises and cloud-based deployments. Sandfly's agentless scanning defends both host operating systems and the containers they run.


Deploy Sandfly's 1,200+ modules designed specifically to identify advanced Linux attacks, including credential theft, stealth rootkits, and evasive backdoors. Sandfly's singular focus on Linux gives us the industry's best coverage.


Implement automatic response to threats for instant intrusion containment and control. Sandfly's agentless response features deliver automated protection across all your systems without the worry of complex compatibility and stability issues.

Secure your Linux systems with Sandfly.

Protect Hosts Now