Sift SecurityDemo
Sift SecurityTrial
Sift SecurityContact

AWS Monitoring & Investigations


Sift Security

Alert Management

Analysts can quickly review and respond to prioritized alerts specific to your AWS environment, including detection of volumes, changed ACLs, modified security groups, and user creation/deletion, prioritized and filtered with Sift's advanced machine-learning.

Threat Hunting

Hunters get high quality starting points within the complex AWS architecture, utilizing Sift's proprietary graph clustering algorithms, which identify potential attack chains.

Incident Response

Responders can rapidly investigate events in the dynamic AWS infrastructure and seamlessly take action to address downtime, slow performance, and stop attacks.


faced by IT and security departments when moving to the cloud

Complexity. Cloud infrastructure has grown increasingly complex with hundreds of APIs and dynamic, changing behavior. Hybrid architectures that are partially on-promise make it challenging for organizations to conduct investigations that traverse both the corporate and cloud infrastructure.

Loss of Visibility. IT has lost both visibility and control over their cloud infrastructure. Security and Dev ops need a way to monitor and be alerted when there is risk behavior in the AWS environment (e.g. insider threads, hacked accounts, or misconfiguration).

Automation has led to rapidly changing scale, increasing the risk of wide-ranging impact when problems occur.

Rapid Change such as dynamic IP addresses, scaling of load-balanced instances, changing routes and DNS entries, makes it difficult to support availability, performance, and security SLAs.


a next generation SIEM, designed for the cloud

Data is collected by CloudHunter in real-time from several AWS APIs including:

  • VPC Flow Logs
  • CloudTrail Logs
    • – EC2
    • – ELB
    • – IAM
    • – STS
    • – SignIn
    • – S3

Analysis is done by puting the numerous log events into a proprietary graph database and applying advanced machine-learning algorithms:

  • Logs are curated, structured and correlated
  • Automatic, anomaly detection, including GeoIP anomalies
  • Dashboards showing dynamic changes to the AWS environment such as user detection of instances
  • Custom rules engine with out of context behaviors, such as excessive failed logins

Graph Clustering Algorithms are used to highlight clusters of true risk by analyzing the riskiest relationships in Sift's proprietary graph database containing all of the AWS log events collected by CloudHunter. With CloudHunter, you can:

  • Prioritize alerts
  • Have immediate starting points for hunting
  • Visualize clusters of alerts
  • Find possibly related risks on adjacent instances
  • Integrate multiple detection types


  • Accelerates investigations 10x
  • Prioritizes alerts based on true risk using anomaly detection
  • Simplifies monitoring of cloud infrastructure
  • Quickly detect and trace root cause of alerts and errors
  • Optimizes workflow with API action playbooks
  • Implements critical security controls around API calls, user accounts, configuration changes
Sift Security