Sandfly Security develops an agentless Linux security platform focused on intrusion detection, incident response, and endpoint detection and response (EDR) for Linux systems. The platform is designed to operate without installing agents on monitored hosts, reducing performance impact and compatibility risks across diverse Linux environments. Key capabilities of the Sandfly platform include: - Agentless intrusion detection and incident response for Linux - Rootkit detection, including eBPF and loadable kernel module rootkits - Drift detection to identify unauthorized changes to Linux systems - SSH security auditing, credential and key auditing, and SSH Security Zones - Process anomaly detection, including hidden process de-cloaking - Linux malware and backdoor detection - Password auditing and Active Directory integration - Container (Docker) security scanning - MITRE ATT&CK framework tagging for detected threats - AI-powered analysis for threat investigation The platform supports a wide range of Linux distributions and is designed for use in on-premises, cloud, and hybrid environments. Sandfly has partnered with DigitalOcean and Ericsson, indicating applicability in both cloud and telecom sectors. It integrates with Splunk and Elasticsearch for log management and SIEM workflows. The company was founded by Craig Rowland, who previously worked in intrusion detection and vulnerability scanning, with companies later acquired by Cisco Systems. Sandfly Security has received seed funding from Gula Tech Adventures and Sorenson Capital, and counts former NSA Tailored Access Operations head Rob Joyce on its advisory board. The company operates globally and is headquartered in New Zealand.