Analysts can quickly review and respond to prioritized alerts specific to your AWS environment, including detection of volumes, changed ACLs, modified security groups, and user creation/deletion, prioritized and filtered with Sift's advanced machine-learning.
Hunters get high quality starting points within the complex AWS architecture, utilizing Sift's proprietary graph clustering algorithms, which identify potential attack chains.
Responders can rapidly investigate events in the dynamic AWS infrastructure and seamlessly take action to address downtime, slow performance, and stop attacks.
Complexity. Cloud infrastructure has grown increasingly complex with hundreds of APIs and dynamic, changing behavior. Hybrid architectures that are partially on-promise make it challenging for organizations to conduct investigations that traverse both the corporate and cloud infrastructure.
Loss of Visibility. IT has lost both visibility and control over their cloud infrastructure. Security and Dev ops need a way to monitor and be alerted when there is risk behavior in the AWS environment (e.g. insider threads, hacked accounts, or misconfiguration).
Automation has led to rapidly changing scale, increasing the risk of wide-ranging impact when problems occur.
Rapid Change such as dynamic IP addresses, scaling of load-balanced instances, changing routes and DNS entries, makes it difficult to support availability, performance, and security SLAs.
Data is collected by CloudHunter in real-time from several AWS APIs including:
Analysis is done by puting the numerous log events into a proprietary graph database and applying advanced machine-learning algorithms:
Graph Clustering Algorithms are used to highlight clusters of true risk by analyzing the riskiest relationships in Sift's proprietary graph database containing all of the AWS log events collected by CloudHunter. With CloudHunter, you can: