Skip to main content

Posts

How Sift Security's Analytics Engine Detects Insider Threats

IntroWe work with a lot of organizations that are worried about insider threats. Their employees require access to sensitive customer data or other proprietary information. They are worried that a careless or disgruntled employee may expose that information to outsiders. Moreover, they are worried that they might not notice it if it happened.Insider threat detection is one of the main use cases of User and Entity Behavioral Analytics (UEBA). UEBA is the practice of modeling normal user and entity behavior in order to identify anomalies indicative of a cyber threat. This post describes how Sift Security’s detection and analytics engine can be used for insider threat detection.DatasetFor this post, we use the CERT insider threat tools datasets [1]. These are synthetic datasets from CERT that include background data and malicious attackers. Included are authentication, email, removable storage, and web browsing data. This post focuses on the first scenario in the r6 datasets, detecting…
Recent posts

Sift Security Receives Application Certification from ServiceNow

It comes as no surprise that security operation centers (SOC) are becoming commonplace inside an IT department. These centers allow analysts to respond to security incidents, threats, and events throughout their networks. Maintaining a SOC can be a monumental task. Although the finer points of SOC deployment are very much network-specific, there are several major components that every organization must include: people, process, and technology.Sift Security provides innovation around the technology and tools used for analyzing and responding to threats. Sift Security's next generation security operations platform supercharges threat hunting and incident response, by providing a scalable graph database that correlates high volumes of diverse data sources, removing the manual burden from your team. Bridging The Gap between Security and ITSolving technology pain points is just part of the challenge of running an efficient SOC. Once an incident is investigated, an SOC analyst’s job is t…

Sift Security Partners with Palo Alto Networks’ Application Framework

We are excited to be a committed developer for the Palo Alto Networks Application Framework, a unique, cloud-based consumption model that allows customers to quickly adopt and deploy security applications built by Palo Alto Networks, third-party developers, MSSPs and their own teams. Welcome to a world where organizations can instantly activate cloud-delivered security without needing to buy or deploy additional products.Link to announcement: https://researchcenter.paloaltonetworks.com/2017/06/palo-alto-networks-application-framework/

CloudHunter Demo Video

Sift Security’s CloudHunter product gives our customers great visibility into their AWS infrastructure without any modification to the environment being monitored. If you already have CloudTrail logs being saved to a S3 bucket, you can be exploring your infrastructure visually in less than 60 minutes. To get a better idea of what we provide out of the box, take a look at our demo video here.When you decide to take your monitoring of AWS to the next level, contact us at contact@siftsecurity.com

Data Exfiltration from AWS S3 Buckets

You will have no doubt heard by now about the recent Booz Allen Hamilton breach that took place on Amazon Web Services – in short, a shocking collection of 60,000 government sensitive files were left on a public S3 bucket (file storage in Amazon Web Services) for all to see. We are all probably too overwhelmed to care, given all the recent breaches we have been hearing about in the news. But with this breach it was different, it involved a trusted and appointed contractor whose job it was to follow security policies, put in place to avoid such incidents. So was this incident accidental or malicious? More, later about the tools we can use to tell the difference between the two. First, lets recap what happened.The IncidentAccording to Gizmodo, the 28GB of data that was leaked not only contained sensitive information on recent government projects, but at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Clearance – meaning anyone who got their h…