Skip to main content

Sift Security Tools Release for AWS Monitoring - CloudHunter

Sift Security Tools Release for AWS Monitoring - CloudHunter
We are excited to release CloudHunter, a web service similar to AWS CloudTrail that allows customers to visually explore and investigate their AWS cloud infrastructure.  At Sift, we felt this integration would be important for 2 main reasons:
  1. Investigating events happening in AWS directly from Amazon is painful, unless you know exactly what event you're looking for.
  2. There are not many solutions that allow customers to follow chains of events spanning across the on-premises network and AWS on a single screen.
At Netflix, we spent a lot of time creating custom tools to address security concerns in our AWS infrastructure because we needed to supplement the AWS logs, and created visualizations based on that data.  The amazing suite of open source tools from Netflix are the solutions they used to resolve their own pain points.  Hosting microservices in the cloud with continuous integration and continuous deployment can be extremely efficient and robust.  However, tracking events, especially for security use cases, becomes exceedingly complex.  With compute instances and load balancers constantly being spun-up and torn down, sometimes changing from one minute to the next, security and operations groups can often find themselves in the dark about what's happening in their own environment.

Today, CloudHunter ingests events from AWS CloudTrail and VPC Flow logs, similar to how CloudTrail helps customers to perform compliance with internal policies or regulatory standards.  We load this data into our graph database and run our anomaly detection algorithms over that data the same as any other data source.  The result is that we will allow you to explore your infrastructure visually, and will alert you about suspicious activity in the cloud.  What kinds of things do we find?  Here are a few:
  1. In our own infrastructure, we already found people who were not using multi-factor authentication when making changes to AWS, and were able to resolve it quickly.
  2. We can see the geographies and IP addresses being used to modify our infrastructure and easily report on the employees who are traveling the most.
  3. We know exactly who has modified security groups, the interfaces involved, and the traffic allowed through.
  4. We know who's making permission changes to our S3 buckets, and when.
  5. We get alerts when somebody does something strange, like deleting security groups or S3 buckets.
The best part is that there is no agent to install, it works right out of the box with the AWS infrastructure you already have in place.  Since we don't have a monitoring agent deployed, there is no impact on the performance of your services. Still, CloudHunter can monitor your AWS security similar to Amazon CloudWatch, that is a monitoring service for AWS cloud infrastructure and the app running on AWS.

You may be asking what's next.  Our next step is to empower users to take actions right from the graph, using the APIs exposed from Amazon.  I, for one, would certainly like to be able to right click and run a "playbook".  It would be great, for example, to be able to get the current permissions for a S3 bucket or run a forensic procedure for an EC2 instance that seems to be compromised.  If you have any ideas, we would love to hear from you!

We have a data sheet about CloudHunter available to learn more.
For any further information, please e-mail us at contact@siftsecurity.com

Comments

  1. Hats off to your presence of mind

    It is really a great work and the way in which u r sharing the knowledge is excellent.

    Aws Online Training

    ReplyDelete
  2. Nice blog, here I had an opportunity to learn something new in my field. I have an expectation about your future post so please keep updates...
    Thanks... AWS Training in Chennai | Web Designing Training in Chennai

    ReplyDelete
  3. Hi, I have read your blog. Really very informative and excellent post I had ever seen about AWS. Thank you for sharing such a wonderful blog to our vision. Learn AWS Training in Bangalore to know more details about this technology. AWS Training in Chennai.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. Wow nice informative blog.. This information is much more useful for all people..
    Keep in blogging...
    AWS Training in Chennai | Dot Net Training in Chennai

    ReplyDelete
  6. Hi, Very good and useful post information on AWS monitoring, it will greatly helpful in understanding about AWS for AWS enthusiasts. Thanks for sharing your good knowledge on AWS.

    Best Regards,
    AWS Training in Hyderabad

    ReplyDelete
  7. really cool post, highly informative and professionally written and I am glad to be a visitor of this perfect blog, thank you for this rare info! , Regards,
    servicenow training in hyderabad
    devops training in hyderabad

    ReplyDelete
  8. Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing.Nice article i was really impressed by seeing this article, it was very interesting and it is very useful for me...
    AWS Training in Chennai | Best AWS Training in Chennai

    ReplyDelete
  9. Great... Excellent sharing.. This is very helpful for beginners. Read that provide me more enthusiastic. This helps me get a more knowledge about this topic. Thanks for this.hunt aws jobs in hyderabad

    ReplyDelete
  10. The information shared was very much useful My sincere thanks for sharing this post Please Continue to share this post
    Cloud Computing Training in Chennai

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. This comment has been removed by the author.

    ReplyDelete
  13. thanks for your awesome information , it will be very helpful . hope you will provide more information related to this topic . here are the some top aws training in hyderabad institutes list which will be more help ful.

    ReplyDelete
  14. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.

    Aws Online Training

    ReplyDelete
  15. nice blog has been shared by you. before i read this blog i didn't have any any knowledge about this but now i got some knowledge about this but now i got some knowledge.
    android training in chennai

    ReplyDelete
  16. thanks for your awesome information , it will be very helpful . hope you will provide more information related to this topic . here are the some top aws training in hyderabad institutes list which will be more help ful.
    aws training in hyderabad

    ReplyDelete
  17. SV Soft Solutions is offering best AWS online training with 100% job assistance and high quality training facilities and well expert faculty .
    to Register you free demo please visit AWS Online Training Institute with Job Support

    ReplyDelete
  18. Hello! Thank you so much for answering the big question about Microsoft Office 365 and Amazon Web Services (AWS) work together. You can also visit this page and learn more about another Microsoft product . we are provide a best coaching center in Bangalore.and we are provide a authorized exam center in bangalore. Amazon Web Services Training in Bangalore |
    DataScience Training in Bangalore |

    ReplyDelete

Post a Comment

Popular posts from this blog

Applying Machine Learning to Cybersecurity

In a recent article on the OPM hack, the author describes a pretty typical security situation for a large enterprise:The Office of Personnel Management repels 10 million attempted digital intrusions per month—mostly the kinds of port scans and phishing attacks that plague every large-scale Internet presence—so it wasn’t too abnormal to discover that something had gotten lucky and slipped through the agency’s defenses.Enormous pressure at scale from criminals makes automated systems essential for security. While humans can inspect packages coming into the building, only a computer can work quickly enough to inspect packets. Firewalls are the prototypical example: you allow certain traffic through according to a set of rules based on the source and destination IPs and the ports and protocols being used.In recent years, there's been a lot of buzz about machine learning in cybersecurity--wouldn't it be great if your automated system could learn and adapt, stop threats you don’t ev…

Sift Security and WannaCry

😢 The WannaCry ransomware attack has left security teams around the world scrambling to make sure they are protected and to assess whether they have been victimized. To protect themselves, organizations need to have visibility into which systems are vulnerable and be able to rapidly roll out patches.  To understand whether they have been targeted, they need visibility into the channels over which the ransomware is distributed.  To understand whether they have been infected, they need visibility into the endpoints.
Over the past weekend, I was bombarded with questions from current customers, potential customers, former colleagues, friends, and family.  Am I vulnerable? How do I protect myself? How do I know if I’ve been hit? What do I do if I’ve been hit? What can you do to help me?
This post focuses primarily on the last question. What can we at Sift Security do to help an organization respond to a massive ransomware attack? I break this down into four categories, visibility, analyt…