Sandfly Security’s mission is to provide a dedicated and reliable security solution for Linux systems. The company focuses on delivering high-performance, stable, and compatible security that operates without endpoint agents. Its primary goal is to protect the widest range of Linux environments from threats with no performance impacts or downtime. Sandfly Security aims to automate the process of hunting for intruders and signs of compromise, making advanced security accessible even to those who are not Linux forensics experts.
Sandfly Security has established a reputation for addressing a significant gap in the cybersecurity industry: intrusion detection on Linux platforms. The company is known for its agentless approach, which allows for immediate deployment without causing system instability. It is trusted on critical infrastructure globally and is recognized for its ability to secure a wide variety of Linux systems, from modern cloud deployments to older legacy devices. The platform’s ability to relentlessly monitor for threats without significant system impact has been highlighted as a key advantage.
Offerings, Capabilities, and Integrations
Sandfly Security provides an agentless endpoint detection and response (EDR) platform specifically for Linux operating systems. Its core capability is to detect and respond to security threats such as intruders, malware, and rootkits without installing any software on the monitored Linux endpoints. This agentless approach gives Sandfly Security a competitive edge by eliminating the performance, stability, and compatibility issues often associated with security agents, especially on critical or legacy systems. The company’s platform is designed for wide compatibility, protecting a vast range of Linux distributions and CPU architectures, from modern cloud deployments to older embedded devices. Sandfly Security’s offerings include advanced threat detection that focuses on attacker tactics rather than signatures, SSH key and password auditing to prevent lateral movement, and drift detection to alert on unauthorized system changes. The platform integrates with existing security stacks, including SIEMs, SOARs, and ticketing systems, allowing for seamless incorporation into a company’s security operations. These capabilities establish Sandfly Security’s reputation as a provider of a safe, high-performance, and reliable security solution for critical Linux infrastructure.
Products and Services
Sandfly Security’s flagship product is its agentless security platform for Linux, which provides intrusion detection and incident response. This platform is its primary offering and encompasses a suite of services and capabilities.
- Agentless Linux Security Platform: This is the core product, which automatically hunts for hackers, malware, and suspicious activity on Linux systems without requiring the installation of endpoint agents. It provides detailed forensic information about suspicious processes, users, and files.
- Intrusion and Compromise Detection: The platform is designed to detect various threats, including stealth rootkits, advanced persistent threats (APTs), and malware. It operates by hunting for intruder activity and tactics.
- SSH Credential Tracking and Auditing: A key service is the monitoring of SSH credential usage to find misconfigurations and potential abuse. It audits for weak and default passwords to prevent unauthorized access.
- Drift Detection: Sandfly Security offers a feature to detect unauthorized changes to a system’s profile, which is particularly useful for systems that should not be frequently modified.
- Customizable Threat Hunting: The platform allows users to create custom modules, referred to as “Sandflies,” to hunt for specific and emerging threats tailored to their environment.
- Integrations: Sandfly Security provides built-in integrations with various security tools such as Elasticsearch, Postgres, Sentinel, and Splunk, as well as generic syslog notifications for broader compatibility.
Target Customers
Sandfly Security’s target customers are organizations that rely on Linux systems, particularly those with critical infrastructure. This includes companies in sectors such as cloud services, data centers, and industries where Linux is prevalent in operational technology. The platform is designed to scale from small networks to very large enterprises, with customers protecting tens of thousands of Linux hosts. Sandfly Security is suitable for companies with a wide variety of Linux distributions and hardware, including modern cloud environments and legacy or embedded systems that are difficult to monitor with traditional agent-based solutions. Customers benefit from the platform’s ability to provide comprehensive security coverage without impacting system performance or stability, which is crucial for mission-critical applications. The automated nature of the platform also benefits organizations with limited in-house Linux security expertise by providing clear, actionable intelligence on threats.
Cloud Integrations and Marketplaces
Sandfly Security is designed for compatibility with public, private, and hybrid cloud environments. The platform can protect Linux systems running on major cloud providers, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
Sandfly Security integrates with other security tools such as SIEMs and SOARs. Specific built-in integrations include:
- Elasticsearch Replication
- Postgres Replication
- Sentinel Replication
- Syslog Notifications
Sandfly Security has a presence on the following cloud marketplaces:
- AWS Marketplace: Sandfly Security is available on the AWS Marketplace as an Amazon Machine Image (AMI). This allows for the deployment of its agentless Linux security and intrusion detection platform on the AWS cloud.
- DigitalOcean Marketplace: Sandfly Security is offered as a 1-Click Droplet on the DigitalOcean Marketplace for agentless intrusion detection and incident response.
Sandfly Security is not available on the Google Cloud Marketplace or the Microsoft Azure Marketplace.
Key People
- CEO / Founder: Craig Rowland.
- Vice President of Worldwide Sales and Business Development: Paul Jespersen.
- Chief Architect: Matthew Wilson.
- CFO: Mike Mandis.
Key Facts
- Headquarters Location: Christchurch, New Zealand.
- Number of Employees: 11-50.
- Annual Revenue: $1M to $10M.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No.
Analyst Recognition
Based on publicly available information, Sandfly Security is not featured in technology categories or reports by the analyst groups Gartner, Forrester, IDC, or Everest Group.
