Skip to main content

Anomaly Detection White Paper

We are pleased to release a new Data Science White Paper, focused on our approach to Anomaly Detection. This paper, which is available upon request, picks up where our October 2015 Data Science White Paper left off, describing in detail our approach and the use cases we support.

The paper starts with a motivating example, describing the traces a sophisticated attacker leaves behind and how the traces can be detected. We then describe our algorithms within the context of the example and provide other use cases covered by our approach. We finish with a summary of the strategic advantages of the platform.

Read this paper to learn more about:

  • Our unsupervised anomaly detection approach, including detection of rare events, spikes, and out of context events.
  • Entity level alert roll-ups, which help users prioritize investigations.
  • The specific security use cases we address, which we map to the Lockheed cyber kill chain.
  • The key advantages of our approach and algorithms.

To learn more, get your own copy of the white paper by emailing contact@siftsec.com

Comments

  1. This article is very nice as well as very informative. I have known very important things over here. I want to thank you for this informative read. I really appreciate sharing this great. If you want essay related topic you can take online essay writing service help through custom essay writing service before the exam.

    ReplyDelete

Post a Comment

Popular posts from this blog

Sift Security Tools Release for AWS Monitoring - CloudHunter

We are excited to release CloudHunter, a web service similar to AWS CloudTrail that allows customers to visually explore and investigate their AWS cloud infrastructure.  At Sift, we felt this integration would be important for 2 main reasons:
Investigating events happening in AWS directly from Amazon is painful, unless you know exactly what event you're looking for.There are not many solutions that allow customers to follow chains of events spanning across the on-premises network and AWS on a single screen. At Netflix, we spent a lot of time creating custom tools to address security concerns in our AWS infrastructure because we needed to supplement the AWS logs, and created visualizations based on that data.  The amazing suite of open source tools from Netflix are the solutions they used to resolve their own pain points.  Hosting microservices in the cloud with continuous integration and continuous deployment can be extremely efficient and robust.  However, tracking events, especi…

Sift Security Launch!

We are excited to announce the launch of Sift Security's Threat Hunting and Incident Response Platform.Our team has been working for more than two years to design the next generation of security operations technology. Our mission is to make it easier and faster for security operations teams to get their jobs done.We take care of a few major headaches, helping you get to the real work.Gathering data
With out-of-the-box support for a dozen data sources and a simple tool for incorporating more, we get all the data you need for an investigation in one place, ready for when you need it.Integrating data
Our relational graph structure enables you to track entities across data types, quickly following a chain of events from the network to endpoints and applications.Evaluating data
Machine learning algorithms developed at Stanford and MIT help bring the most important events to your attention, so you can focus on what’s strange or new.Our team enjoyed making the platform, which builds on some…

Applying Machine Learning to Cybersecurity

In a recent article on the OPM hack, the author describes a pretty typical security situation for a large enterprise:The Office of Personnel Management repels 10 million attempted digital intrusions per month—mostly the kinds of port scans and phishing attacks that plague every large-scale Internet presence—so it wasn’t too abnormal to discover that something had gotten lucky and slipped through the agency’s defenses.Enormous pressure at scale from criminals makes automated systems essential for security. While humans can inspect packages coming into the building, only a computer can work quickly enough to inspect packets. Firewalls are the prototypical example: you allow certain traffic through according to a set of rules based on the source and destination IPs and the ports and protocols being used.In recent years, there's been a lot of buzz about machine learning in cybersecurity--wouldn't it be great if your automated system could learn and adapt, stop threats you don’t ev…