Sift Security

Detection Use Cases

Sift Security provides two distinct detection mechanisms: a custom rules engine and an advanced anomaly detection platform. Both tools come with built-in support for common use cases and are extensible, enabling users to easily add detection features on the fly.

The Sift detection tools are advantageous because they leverage existing data are are lightweight, customizable, and extensible. Our detectors provide additional value on top of existing tools, such as firewalls and traditional AV and IDS, and are specifically tailored to detect common phases of cyber-attacks. Instead of providing individual alerts, Sift Security considers these alerts in context, prioritizing alerts that are components of a more serious attack.

This document describes some of the use cases supported out-of-the-box by our custom rules engine and advanced anomaly detection platform. Each detection is described in the context of the cyber kill chain, which can be partitioned into the following phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. For each detection described below, the types of data sources used to support it are listed.

Sift Security

Please enter your contact information below and press submit We will send the link to the whitepaper to the email address provided below

Please provide your name
Please provide your company email address Please check that email address is valid Please use a work email address
Please provide your company name
Please provide your job title

* By submitting this form, you are confirming you have read and agree to our Terms of Use and Privacy.