Accelerated AWS Investigating and Monitoring
The business requirements for migrating applications and infrastructure to the cloud have also brought challenges to the IT and security departments in trying to minimize the risk to the business from breaches, data loss, and downtime.
Cloud infrastructure has grown increasingly complex with 100s of different cloud services and thousands of APIs, making it extremely difficult for Security and Dev Ops to ensure the availability and security of the application infrastructure.
Loss of Control and Visibility
At the same time, dependencies on the cloud provider have decreased customers’ control and visibility of how security and IT practices are implemented, making it too easy to misconfigure the security, networking, or application behavior.
AWS popularized automation and APIs, making for a very easy-to-scale infrastructure. However, this capability also makes it easy for a simple mistake to have a wide-ranging impact such as shutting down all application instances in a worldwide cloud with the running of a single script.
Cloud infrastructures are continuously changing in real-time with dynamic IP addresses, scaling of load-balanced instances, changing routing paths, dynamic DNS entries, failover scenarios, and shifting data location. Many of the agile practices around continuous integration and release, can mean that dozens of releases of an application are done everyday. This provisioning and tear down of instances can wreak havoc on IT and security departments trying to troubleshoot production problems, much less investigate potential threats or breaches.
Sift Security Cloud Hunter
Sift Security Cloud Hunter allows Security and Dev Ops teams to more easily monitor and investigate their cloud infrastructure.
Cloud Hunter ingests cloud logs such as AWS’s VPC Flow and CloudTrail, creating a unique view of the key entity and relationships in the Cloud Hunter graph database.
Cloud Hunter then continuously analyzes these relationships along with all network and host events and actions, applying unsupervised machine-learning and anomaly detection to identify both known risks and new out-of-context behaviors. Cloud Hunter then generates only a few focused alerts, sorted by risk and impact, helping Security Operations on areas of true risk, and importantly, accelerates fault or security investigations using Sift’s proprietary unsupervised machine-learning.
Integrations and Workflow
The Cloud Hunter user interface enables rapid visual investigations, and the backend supports seamless action through API integrations with other products. The cloud logs can be combined with endpoint or application logs from AWS CloudTrail as well as VPC flow, to provide comprehensive visibility and support end-to-end investigations. Cloud Hunter can also be easily extended to read new data sources.
Cloud Hunter’s unique relationship graph and advanced anomaly-detection algorithms help hunting teams identify new threats before they can impact your organization.
Cloud Hunter prioritizes alerts from multiple sources, showing clusters of high risk and helping with false positives in the Security Operations Center. With Cloud Hunter sifting thousands of red alerts into a few prioritized high-risk alerts, Security Operations teams are more efficient and can now focus on where the true risk lies.
Accelerate Investigations 10x
Should an incident occur, Cloud Hunter provides crucial relationship context to incident response and Dev Ops teams about the complex and changing cloud infrastructure. Investigations into security incidents, downtime, and performance issues take minutes instead of the days needed from enterprise search technologies.
Cloud Hunter integrates seamlessly into customer workflows, mitigating threats automatically and saving investigation time. The status of AWS objects can be investigated in real time with a single-click in the graph view, showing if an EC2 instance is still running or the current S3 bucket permissions. Tickets can also be automatically opened in ServiceNow.
About Sift Security
Sift Security provides security operations teams an easier and faster way to discover, investigate and act on risks. Sift Security was built from the ground up to take advantage of a relational graph data structure, which forms the foundation for our intuitive visualization and cutting edge analytics.