
Self-learning Cyber threat detection
The best of both worlds
CyberSift leverages decades of experience
but adds the power of anomaly detection
-
Incorporates both Anomaly and signature based systems resulting in a hybrid system that reduces the number of false positives that typically plague anomaly-based only systems.
-
This way, our customers can get the best of both worlds.
Supports various open source tools out of the box
-
Easily store, search and visualise output from tools such as OSSEC, SNORT and OPENVAS
-
Identify anomalous sequences of events flagged by OSSEC
-
Enhance anomaly detection with vulnerability information from OPENVAS

CyberSift ingests data from multiple sources:
-
Syslog
-
Netflow
-
Windows event logs
-
OSSEC
-
Splunk
-
Packet capture, supporting:
-
DNS
-
HTTP
-

Context Addition Module
-
Enrich your logs with "context addition" which allows analysts to easily visualize relationships between nodes that communicate with malicious peers
-
Augment the IP information provided by your network devices with useful threat hunting information such as AS number and country
-
Detect and visualize known bad IP addresses from a wide variety of sources, including TOR IP addresses, C&C servers, and scanning hosts
Detect threats to your environment that slip past traditional defences
-
Leverages threat intelligence from industry leaders like IBM X-Force and others who collect and analyse information from the community.
-
CyberSift brings fully searchable audit logging, threat detection, and reports to all areas of the environment

Expert Engine detects abnormal behaviour
-
Detect zero day attacks by highlighting abnormal behaviour
-
Adjust abnormality severity by taking into consideration context addition
Docker Aware
-
Gain extra visibility into your container activity by detecting anomalous system calls
-
Augment OSSEC monitoring with signature-less, container aware security monitoring
Visibility into all areas of your environment
Easy to Scale
-
Installed software
-
Sensitive files changed on your hosts
-
Based on award winning FOSS technology (Elasticsearch)
-
Supported by major cloud providers (AWS and GCP)
Customizable and interactive reporting
-
Completely customizable and interactive reports