Sift Security

Proactively Hunt for Threats Using Sift Security

Many mature security organizations have people or teams focused on proactively hunting for threats. One of Sift Security’s co-founders, Ram Sripracha, spent a lot of time in his previous role on Amazon’s security team hunting for threats using a leading enterprise search tool. This experience inspired him to create Sift Security to fill-in the gaps he found in existing security tools.

Sift Security in Action: An illustrative Threat Hunt

Consider an employee, Amos, who is leaving the company under unusual circumstances. We have reason to suspect that Amos might be stealing confidential information. Here is how Sift Security could be used to determine whether Amos poses an insider threat.

Sift Security

In our deployment of Sift Security, we are monitoring email metadata, network activity, and host audit logs. Since one of the most common channels over which data are expropriated is email, we begin the investigation at Amos’s email account. We narrow our investigation to the past few days, and look at all of the files Amos attached in email messages. We find 32 such attachments and begin investigating the largest one. We identify the message to which it was attached and the recipients to which it was sent. We find a target email address that appears to be a personal account belonging to Amos.

Please enter your contact information below and press submit. We will send the link to the whitepaper to the email address provided below.

Please provide your name
Please provide your email address Please check that email address is valid
Please provide your company name
Please provide your job title
* - required fields
{{error}}
{{message}}

* By submitting this form, you are confirming you have read and agree to our Terms of Use and Privacy.