Sandfly Security

Sandfly protects virtually any Linux system with no endpoint agents and no drama.

We're partnering with @Carahsoft to bring agentless Linux EDR to government agencies and critical infrastructure. Our agentless approach works where agents fail: air-gapped networks, embedded systems, and sensitive installations. Thanks @CraigAbod! Read the press release: sandflysecurity.com/blog/sandfly-s…

Our partnership with @SandflySecurity is bringing agentless Linux EDR to the Public Sector. Protect mission-critical systems without performance risk or agents. Learn more: carah.io/SandflySecurit… #LinuxSecurity #EDR #PublicSectorCyber

@ericsson has partnered with Sandfly to protect their telecommunications customers globally. Traditional endpoint agents introduce risks telecom operators can't accept in stability, performance, and compatibility. Ericsson's solution? Agentless Linux EDR for their Security Manager. Learn more below. sandflysecurity.com/blog/ericsson-…

Sandfly founder @CraigHRowland is on Destination Linux this week discussing browser extension risks, AI agents being tricked to go rogue, and more.

This thing looks pretty noisy. @SandflySecurity we don't have an install path and can run under random binary names. Being targeted for disabling like other EDRs is harder. We also patrol randomly without a fixed username so the system appears unmonitored to attackers.

We've gotten many questions about voidlink on Linux, and yes @SandflySecurity finds it out of the box as you see below with no need to update. The report below covers the details, but I have a few more here.

We have made major improvements to our unique and powerful agentless drift detection for Linux. With drift detection in operation, it's extremely hard for malicious activity happen on Linux without being noticed. Works on embedded/appliances, too!

Sandfly 5.6 introduces sweeping updates to our powerful agentless drift detection for Linux. Automated setup and built-in profile recommendations makes finding novel attacks against your entire Linux infrastructure fast and simple. See more below. sandflysecurity.com/blog/sandfly-5…

Agent-based EDR on Linux: kernel panics, compatibility gaps, performance overhead. What if we got rid of the agent? Our new white paper documents the agentless alternative. sandflysecurity.com/blog/the-advan…

An interesting project on finding rootkits with timing methods. Attentive admins can actually see system impacts with stealth rootkits on Linux. I covered this idea in a much cruder way in a recent presentation. Top is no rootkit vs. rootkit on bottom with a find command.

Sandfly founder @CraigHRowland joined @TuxDigitalNet Destination Linux for a deep dive into supply chain security realities: malicious VSCode extensions, React2Shell vulnerabilities, and why your open source hobby project may be targeted by serious threat actors.

Check out the full install tutorial here for additional help: digitalocean.com/community/tuto…

DigitalOcean Sandfly marketplace app here: marketplace.digitalocean.com/apps/sandflyse…

We now offer a free five host Profession License of Sandfly with @DigitalOcean 1-Click marketplace deployments. Try out agentless Linux security on your workloads for free. See link below.

It's a must-read if you run Linux infra on Droplets and want to deploy intrustion-detection w/o endpoint agents. 💯 Key Takeaways. 🗝️ 🔐 Agentless Linux security with Sandfly—no endpoint install, no performance hit. ⚡ Instant setup via the DigitalOcean Marketplace 1-Click App, cutting deployment time from hours to minutes. 🛡️ Hardened architecture using service accounts, SSH keys, and DO Cloud Firewalls for layered security. 📡 Continuous, low-impact monitoring with automated scans and trickle mode. 📈 Scales easily across diverse Linux environments; watch Droplet count limits and choose the right Droplet size for best performance.

A tutorial has been posted with our partners at @digitalocean showing you step-by-step how to deploy Sandfly to agentlessly protect your Linux droplets. Read more below: digitalocean.com/community/tuto…

Protect your @digitalocean workloads using Sandfly with a simple 1-Click marketplace install. In this video we show you how quick and easy it is: youtube.com/watch?v=ixWDyD…

Tor and VPNs can be effective, but often there is a lot more about anonymity than hiding your IP. In this @DestLinuxPod episode Sandfly founder @CraigHRowland discusses the reality of these technologies and how you might burn yourself. youtube.com/watch?v=W08glR…

Also read our blog and download the white paper on SSH key risks that are common on Linux here: sandflysecurity.com/blog/ssh-later…

SSH credential theft is a major attack vector on Linux. In this webinar we cover the common SSH key key risks on Linux. We also discuss how we approach the problem of monitoring SSH keys to help security teams identify problems. youtube.com/watch?v=bjei4T…