All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.

© 2017 CyberSift

  • Grey LinkedIn Icon
  • icons8-Medium-48
  • Grey Twitter Icon
  • Grey YouTube Icon

CyberSift leverages decades of experience

but adds the power of anomaly detection

  • Incorporates both Anomaly and signature based systems resulting in a hybrid system that reduces the number of false positives that typically plague anomaly-based only systems.

  • This way, our customers can get the best of both worlds.

  • Leverages threat intelligence from industry leaders like IBM X-Force and others who collect and analyse information from the community.

  • CyberSift brings fully searchable audit logging, threat detection, and reports to all areas of the environment

Visibility into all areas of your environment

  • Installed software

  • Sensitive files changed on your hosts

  • Completely customizable and interactive reports

Self-learning Cyber threat detection

The best of both worlds

Supports various open source tools out of the box

  • Detect zero day attacks by highlighting abnormal behaviour

  • Adjust abnormality severity by taking into consideration context addition

Detect threats to your environment that slip past traditional defences

Expert Engine detects abnormal behaviour

  • Easily store, search and visualise output from tools such as OSSEC, SNORT and OPENVAS

  • Identify anomalous sequences of events flagged by OSSEC

  • Enhance anomaly detection with vulnerability information from OPENVAS

Context Addition Module

  • Enrich your logs with "context addition" which allows analysts to easily visualize relationships between nodes that communicate with malicious peers

  • Augment the IP information provided by your network devices with useful threat hunting information such as AS number and country

  • Detect and visualize known bad IP addresses from a wide variety of sources, including TOR IP addresses, C&C servers, and scanning hosts

Easy to Scale

Docker Aware

  • Gain extra visibility into your container activity by detecting anomalous system calls

  • Augment OSSEC monitoring with signature-less, container aware security monitoring

  • Based on award winning FOSS technology (Elasticsearch)

  • Supported by major cloud providers (AWS and GCP)

Customizable and interactive reporting

CyberSift ingests data from multiple sources: 

  • Syslog

  • Netflow

  • Windows event logs


  • Splunk

  • Packet capture, supporting:

    • DNS

    • HTTP