cyber threat detection

Self-learning Cyber threat detection

The best of both worlds

 

CyberSift leverages decades of experience

but adds the power of anomaly detection

  • Incorporates both Anomaly and signature based systems resulting in a hybrid system that reduces the number of false positives that typically plague anomaly-based only systems.

  • This way, our customers can get the best of both worlds.

Supports various open source tools out of the box

  • Easily store, search and visualise output from tools such as OSSEC, SNORT and OPENVAS

  • Identify anomalous sequences of events flagged by OSSEC

  • Enhance anomaly detection with vulnerability information from OPENVAS

IDS Techniques

CyberSift ingests data from multiple sources: 

  • Syslog

  • Netflow

  • Windows event logs

  • OSSEC

  • Splunk

  • Packet capture, supporting:

    • DNS

    • HTTP

Context Addition Module

  • Enrich your logs with "context addition" which allows analysts to easily visualize relationships between nodes that communicate with malicious peers

  • Augment the IP information provided by your network devices with useful threat hunting information such as AS number and country

  • Detect and visualize known bad IP addresses from a wide variety of sources, including TOR IP addresses, C&C servers, and scanning hosts

Detect threats to your environment that slip past traditional defences

  • Leverages threat intelligence from industry leaders like IBM X-Force and others who collect and analyse information from the community.

  • CyberSift brings fully searchable audit logging, threat detection, and reports to all areas of the environment

Visualization engine

Expert Engine detects abnormal behaviour

  • Detect zero day attacks by highlighting abnormal behaviour

  • Adjust abnormality severity by taking into consideration context addition

Docker Aware

  • Gain extra visibility into your container activity by detecting anomalous system calls

  • Augment OSSEC monitoring with signature-less, container aware security monitoring

Visibility into all areas of your environment

Easy to Scale

  • Installed software

  • Sensitive files changed on your hosts

  • Based on award winning FOSS technology (Elasticsearch)

  • Supported by major cloud providers (AWS and GCP)

Customizable and interactive reporting

  • Completely customizable and interactive reports