Skip to main content

Posts

Moving Beyond "Death Star" Graph Visualizations

I was recently talking to a security leader at a large bank that is investing in graph capabilities for security detection and investigation. He shared that he and his colleagues were not satisfied with the current state of graph visualizations, which they affectionately described as a “Death Star” - see the graphic below (and compare to above). While some “Death Star” visualizations can look very pretty, they are typically not very useful and suffer from performance problems. At Sift Security, we focus on highlighting the structure of the graph without overloading the browser and the user with information. * Patent pending
Challenges with the “Death Star” Visualization When we speak to our customers (Security Analysts, Incident Responders, Threat Hunters) about their objectives for graph visualization, what we typically hear is a desire to simplify and accelerate investigations. The typical user is not a data scientist, but is a junior or mid level analyst looking to get their job d…
Recent posts

How Sift Security's Analytics Engine Detects Insider Threats

Intro We work with a lot of organizations that are worried about insider threats. Their employees require access to sensitive customer data or other proprietary information. They are worried that a careless or disgruntled employee may expose that information to outsiders. Moreover, they are worried that they might not notice it if it happened.
Insider threat detection is one of the main use cases of User and Entity Behavioral Analytics (UEBA). UEBA is the practice of modeling normal user and entity behavior in order to identify anomalies indicative of a cyber threat. This post describes how Sift Security’s detection and analytics engine can be used for insider threat detection.
Dataset For this post, we use the CERT insider threat tools datasets [1]. These are synthetic datasets from CERT that include background data and malicious attackers. Included are authentication, email, removable storage, and web browsing data. This post focuses on the first scenario in the r6 datasets, dete…

Sift Security Receives Application Certification from ServiceNow

It comes as no surprise that security operation centers (SOC) are becoming commonplace inside an IT department. These centers allow analysts to respond to security incidents, threats, and events throughout their networks. Maintaining a SOC can be a monumental task. Although the finer points of SOC deployment are very much network-specific, there are several major components that every organization must include: people, process, and technology.
Sift Security provides innovation around the technology and tools used for analyzing and responding to threats. Sift Security's next generation security operations platform supercharges threat hunting and incident response, by providing a scalable graph database that correlates high volumes of diverse data sources, removing the manual burden from your team.
Bridging The Gap between Security and IT Solving technology pain points is just part of the challenge of running an efficient SOC. Once an incident is investigated, an SOC analyst’s job …

Sift Security Partners with Palo Alto Networks’ Application Framework

We are excited to be a committed developer for the Palo Alto Networks Application Framework, a unique, cloud-based consumption model that allows customers to quickly adopt and deploy security applications built by Palo Alto Networks, third-party developers, MSSPs and their own teams. Welcome to a world where organizations can instantly activate cloud-delivered security without needing to buy or deploy additional products.
Link to announcement: https://researchcenter.paloaltonetworks.com/2017/06/palo-alto-networks-application-framework/

CloudHunter Demo Video

Sift Security’s CloudHunter product gives our customers great visibility into their AWS infrastructure without any modification to the environment being monitored. If you already have CloudTrail logs being saved to a S3 bucket, you can be exploring your infrastructure visually in less than 60 minutes. To get a better idea of what we provide out of the box, take a look at our demo video here.When you decide to take your monitoring of AWS to the next level, contact us at contact@siftsecurity.com