Skip to main content


Sift Security + Visa Threat Intelligence

Incident responders and threat hunters depend on high fidelity threat intelligence to get early notification of attacks.  Threat intelligence is most useful when it describes attacks targeting peer organizations and it includes important contextual information.  This contextual information can include what types of attacks the indicators of compromise (IoCs) represent, when they were first observed, and how they are related to other IoCs.  
Sift Security has teamed up with Visa Threat Intelligence (VTI) to help merchants determine if they have been a target of a breach and to avoid future breaches. VTI provides high fidelity IoCs curated by Visa’s Risk and Fraud team, who work with merchants to collect and analyze TTP’s (Tactics, Techniques & Procedures) used by crime organizations during a breaches targeting merchants.  Sift Security combines VTI into our security graph analytics platform to enable timely notification of potential breaches and effective threat hunting.  
To help…
Recent posts

Using the Security Event Graph to Drive Alert Prioritization

One of the biggest differentiators at Sift Security is our security event graph: We map security events into a graph database. We then analyze the graph structure to prioritize alerts. Specifically, we look for clusters of interrelated alerts, score the clusters, and surface the clusters to the analyst. The analyst can then investigate each cluster in order, quickly assessing the threat and resolving the alerts in bulk.  
Our algorithms do the important work of sifting through isolated alerts and separating the false alarms and low priority alerts from high priority security incidents. We identify the high priority incidents by analyzing how alerts are related to each other. Key to this approach is our security event graph. This graph is stored in a graph database, a relationship-centric database that enables rapid execution of complex queries that would be very expensive to make in a traditional RDBMS.  The graph structure enables us to rapidly traverse relationships and find interr…

Sift Security + ServiceNow Security Operations Integration

We are excited to announce a new integration with ServiceNow’s Security Operations platform, which is a leader in security operations and incident response orchestration and automation. ServiceNow Security Operations includes a wealth of valuable context that is invaluable to SOCs in terms of providing the information needed to efficiently triage and respond to alerts. Sift Security's graph visualization integrates seamlessly with ServiceNow and offers a much easier way to interface with the valuable context from ServiceNow, further simplifying and speeding up incident investigations.

Key Features Sift Security supports the following data types from ServiceNow: Incidents, Threat Intelligence, Vulnerabilities, Organizations, Assets, and Users. Integration points include: ServiceNow Plug-in - pivot from ServiceNow to Sift Security to investigate a selected incident Sift Security Risks - view a list of incidents created in ServiceNow, that need to be investigated. Each incident will inc…

Sift Security Integrates Splunk into its solution

We’ve come across a lot customers who use Splunk, but are also excited about the advantages of Sift Security’s unique graph analytics and visualization. These customers have been asking for an easier and more efficient way to integrate Sift Security with their existing Splunk environment.
In an effort to continue providing our customers with what they need in their environment, we are excited to announce the integration of Splunk into our Sift Security solution. Customers can now get the benefits of Sift Security’s graph algorithms and visualizations, integrated with their Splunk solution at the same time. Highlights of the integration include:
Sift Security’s Graph Data Model leverages Splunk Common Information Model Splunk customers can set up recurring (real time) queries From the Sift Security graph canvas, users can pull additional data from Splunk on demand

Check out our Sift Security, Splunk Integration user guide and demonstration video, and learn more on how Splunk customers can b…

Moving Beyond "Death Star" Graph Visualizations

I was recently talking to a security leader at a large bank that is investing in graph capabilities for security detection and investigation. He shared that he and his colleagues were not satisfied with the current state of graph visualizations, which they affectionately described as a “Death Star” - see the graphic below (and compare to above). While some “Death Star” visualizations can look very pretty, they are typically not very useful and suffer from performance problems. At Sift Security, we focus on highlighting the structure of the graph without overloading the browser and the user with information. * Patent pending
Challenges with the “Death Star” Visualization When we speak to our customers (Security Analysts, Incident Responders, Threat Hunters) about their objectives for graph visualization, what we typically hear is a desire to simplify and accelerate investigations. The typical user is not a data scientist, but is a junior or mid level analyst looking to get their job d…