Self-learning Cyber threat detection

The best of both worlds


CyberSift leverages decades of experience

but adds the power of anomaly detection

  • Incorporates both Anomaly and signature based systems resulting in a hybrid system that reduces the number of false positives that typically plague anomaly-based only systems.

  • This way, our customers can get the best of both worlds.

Supports various open source tools out of the box

  • Easily store, search and visualise output from tools such as OSSEC, SNORT and OPENVAS

  • Identify anomalous sequences of events flagged by OSSEC

  • Enhance anomaly detection with vulnerability information from OPENVAS

CyberSift ingests data from multiple sources: 

  • Syslog

  • Netflow

  • Windows event logs


  • Splunk

  • Packet capture, supporting:

    • DNS

    • HTTP

Context Addition Module

  • Enrich your logs with "context addition" which allows analysts to easily visualize relationships between nodes that communicate with malicious peers

  • Augment the IP information provided by your network devices with useful threat hunting information such as AS number and country

  • Detect and visualize known bad IP addresses from a wide variety of sources, including TOR IP addresses, C&C servers, and scanning hosts

Detect threats to your environment that slip past traditional defences

  • Leverages threat intelligence from industry leaders like IBM X-Force and others who collect and analyse information from the community.

  • CyberSift brings fully searchable audit logging, threat detection, and reports to all areas of the environment

Expert Engine detects abnormal behaviour

  • Detect zero day attacks by highlighting abnormal behaviour

  • Adjust abnormality severity by taking into consideration context addition

Docker Aware

  • Gain extra visibility into your container activity by detecting anomalous system calls

  • Augment OSSEC monitoring with signature-less, container aware security monitoring

Visibility into all areas of your environment

Easy to Scale

  • Installed software

  • Sensitive files changed on your hosts

  • Based on award winning FOSS technology (Elasticsearch)

  • Supported by major cloud providers (AWS and GCP)

Customizable and interactive reporting

  • Completely customizable and interactive reports

  • Grey LinkedIn Icon
  • icons8-Medium-48
  • Grey Twitter Icon
  • Grey YouTube Icon

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement. Music:

© 2020 CyberSift