Skip to main content

Sift Security white paper about big data and anomaly detection

Big Data and Data Science Security White Paper

We are excited to announce our first white paper, describing the unique strengths of Sift Security's data science technology. There are a lot of overblown promises about big data in every industry, including cybersecurity, so we wanted to give you some concrete information about what we do and why it works.

Read the paper to learn about:

  • The relational graph that transforms reams of system logs and netflow data into meaningful connections between entities like users, hosts, and processes. We put the flood of flashing alerts from antivirus and firewall products into proper context, where serious threats stand out like bright clusters.
  • The anomaly detection pipeline, based on recent mathematics research at Stanford and MIT. It's scalable, of course, and works out of the box to start finding suspicious patterns of behavior. While many anomaly detection products require a period of perfect clean data to learn "normal" behavior, our product can operate on real data collected from an enterprise, even one already under attack.
  • The feedback loop running on top of our other algorithms that helps the product get more accurate with use. Over time, Sift Security customizes its estimates of risk to the specifics of a company’s environment.

Of course we can't give away all the details in a blog post! To learn more, get your own copy of the white paper: email contact@siftsec.com.

Comments

Popular posts from this blog

Cloud Hunter Release

I just wanted to take some time to post some details on our recent release of Cloud Hunter, which allows customers to visually explore and investigate their AWS cloud infrastructure.  At Sift, we felt this integration would be important for 2 main reasons:Investigating events happening in AWS directly from Amazon is painful, unless you know exactly what event you're looking for.There are not many solutions that allow customers to follow chains of events spanning across the on-premises network and AWS on a single screen.At Netflix, we spent a lot of time creating custom tools to address security concerns in our AWS infrastructure because we needed to supplement the AWS logs, and created visualizations based on that data.  The amazing suite of open source tools from Netflix are the solutions they used to resolve their own pain points.  Hosting microservices in the cloud with continuous integration and continuous deployment can be extremely efficient and robust.  However, tracking ev…

Sift Security Launch!

We are excited to announce the launch of Sift Security's Threat Hunting and Incident Response Platform.Our team has been working for more than two years to design the next generation of security operations technology. Our mission is to make it easier and faster for security operations teams to get their jobs done.We take care of a few major headaches, helping you get to the real work.Gathering data
With out-of-the-box support for a dozen data sources and a simple tool for incorporating more, we get all the data you need for an investigation in one place, ready for when you need it.Integrating data
Our relational graph structure enables you to track entities across data types, quickly following a chain of events from the network to endpoints and applications.Evaluating data
Machine learning algorithms developed at Stanford and MIT help bring the most important events to your attention, so you can focus on what’s strange or new.Our team enjoyed making the platform, which builds on some…

Applying Machine Learning to Cybersecurity

In a recent article on the OPM hack, the author describes a pretty typical security situation for a large enterprise:The Office of Personnel Management repels 10 million attempted digital intrusions per month—mostly the kinds of port scans and phishing attacks that plague every large-scale Internet presence—so it wasn’t too abnormal to discover that something had gotten lucky and slipped through the agency’s defenses.Enormous pressure at scale from criminals makes automated systems essential for security. While humans can inspect packages coming into the building, only a computer can work quickly enough to inspect packets. Firewalls are the prototypical example: you allow certain traffic through according to a set of rules based on the source and destination IPs and the ports and protocols being used.In recent years, there's been a lot of buzz about machine learning in cybersecurity--wouldn't it be great if your automated system could learn and adapt, stop threats you don’t ev…