Skip to main content

Sift Security Tools Release for AWS Monitoring - CloudHunter

Sift Security Tools Release for AWS Monitoring - CloudHunter
We are excited to release CloudHunter, a web service similar to AWS CloudTrail that allows customers to visually explore and investigate their AWS cloud infrastructure.  At Sift, we felt this integration would be important for 2 main reasons:
  1. Investigating events happening in AWS directly from Amazon is painful, unless you know exactly what event you're looking for.
  2. There are not many solutions that allow customers to follow chains of events spanning across the on-premises network and AWS on a single screen.
At Netflix, we spent a lot of time creating custom tools to address security concerns in our AWS infrastructure because we needed to supplement the AWS logs, and created visualizations based on that data.  The amazing suite of open source tools from Netflix are the solutions they used to resolve their own pain points.  Hosting microservices in the cloud with continuous integration and continuous deployment can be extremely efficient and robust.  However, tracking events, especially for security use cases, becomes exceedingly complex.  With compute instances and load balancers constantly being spun-up and torn down, sometimes changing from one minute to the next, security and operations groups can often find themselves in the dark about what's happening in their own environment.

Today, CloudHunter ingests events from AWS CloudTrail and VPC Flow logs, similar to how CloudTrail helps customers to perform compliance with internal policies or regulatory standards.  We load this data into our graph database and run our anomaly detection algorithms over that data the same as any other data source.  The result is that we will allow you to explore your infrastructure visually, and will alert you about suspicious activity in the cloud.  What kinds of things do we find?  Here are a few:
  1. In our own infrastructure, we already found people who were not using multi-factor authentication when making changes to AWS, and were able to resolve it quickly.
  2. We can see the geographies and IP addresses being used to modify our infrastructure and easily report on the employees who are traveling the most.
  3. We know exactly who has modified security groups, the interfaces involved, and the traffic allowed through.
  4. We know who's making permission changes to our S3 buckets, and when.
  5. We get alerts when somebody does something strange, like deleting security groups or S3 buckets.
The best part is that there is no agent to install, it works right out of the box with the AWS infrastructure you already have in place.  Since we don't have a monitoring agent deployed, there is no impact on the performance of your services. Still, CloudHunter can monitor your AWS security similar to Amazon CloudWatch, that is a monitoring service for AWS cloud infrastructure and the app running on AWS.

You may be asking what's next.  Our next step is to empower users to take actions right from the graph, using the APIs exposed from Amazon.  I, for one, would certainly like to be able to right click and run a "playbook".  It would be great, for example, to be able to get the current permissions for a S3 bucket or run a forensic procedure for an EC2 instance that seems to be compromised.  If you have any ideas, we would love to hear from you!

We have a data sheet about CloudHunter available to learn more.
For any further information, please e-mail us at contact@siftsecurity.com

Comments

  1. Hats off to your presence of mind

    It is really a great work and the way in which u r sharing the knowledge is excellent.

    Aws Online Training

    ReplyDelete
  2. Nice blog, here I had an opportunity to learn something new in my field. I have an expectation about your future post so please keep updates...
    Thanks... AWS Training in Chennai | Web Designing Training in Chennai

    ReplyDelete
  3. Hi, I have read your blog. Really very informative and excellent post I had ever seen about AWS. Thank you for sharing such a wonderful blog to our vision. Learn AWS Training in Bangalore to know more details about this technology. AWS Training in Chennai.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. Wow nice informative blog.. This information is much more useful for all people..
    Keep in blogging...
    AWS Training in Chennai | Dot Net Training in Chennai

    ReplyDelete
  6. Hi, Very good and useful post information on AWS monitoring, it will greatly helpful in understanding about AWS for AWS enthusiasts. Thanks for sharing your good knowledge on AWS.

    Best Regards,
    AWS Training in Hyderabad

    ReplyDelete
  7. really cool post, highly informative and professionally written and I am glad to be a visitor of this perfect blog, thank you for this rare info! , Regards,
    servicenow training in hyderabad
    devops training in hyderabad

    ReplyDelete
  8. Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing.Nice article i was really impressed by seeing this article, it was very interesting and it is very useful for me...
    AWS Training in Chennai | Best AWS Training in Chennai

    ReplyDelete
  9. Great... Excellent sharing.. This is very helpful for beginners. Read that provide me more enthusiastic. This helps me get a more knowledge about this topic. Thanks for this.hunt aws jobs in hyderabad

    ReplyDelete
  10. The information shared was very much useful My sincere thanks for sharing this post Please Continue to share this post
    Cloud Computing Training in Chennai

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. This comment has been removed by the author.

    ReplyDelete
  13. thanks for your awesome information , it will be very helpful . hope you will provide more information related to this topic . here are the some top aws training in hyderabad institutes list which will be more help ful.

    ReplyDelete
  14. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.

    Aws Online Training

    ReplyDelete
  15. nice blog has been shared by you. before i read this blog i didn't have any any knowledge about this but now i got some knowledge about this but now i got some knowledge.
    android training in chennai

    ReplyDelete
  16. thanks for your awesome information , it will be very helpful . hope you will provide more information related to this topic . here are the some top aws training in hyderabad institutes list which will be more help ful.
    aws training in hyderabad

    ReplyDelete
  17. SV Soft Solutions is offering best AWS online training with 100% job assistance and high quality training facilities and well expert faculty .
    to Register you free demo please visit AWS Online Training Institute with Job Support

    ReplyDelete
  18. Hello! Thank you so much for answering the big question about Microsoft Office 365 and Amazon Web Services (AWS) work together. You can also visit this page and learn more about another Microsoft product . we are provide a best coaching center in Bangalore.and we are provide a authorized exam center in bangalore. Amazon Web Services Training in Bangalore |
    DataScience Training in Bangalore |

    ReplyDelete
  19. very good blog
    Big Data and Hadoop is an ecosystem of open source components that fundamentally changes the way enterprises store, process, and analyze data.
    hadoop training in bangalore

    ReplyDelete
  20. I really appreciate your post and you explain each and every point very well. Thanks for sharing this information. And I’ll love to read your next post too. Automated Web Application Monitoring

    ReplyDelete
  21. Hi Admin, I went through your article and it’s totally awesome. You can consider including RSS feed for easy content sharing, So that you can drive huge traffic to your blog. Hadoop Training in Chennai | Big Data Training in Chennai

    ReplyDelete

Post a Comment

Popular posts from this blog

Sift Security and WannaCry

😢 The WannaCry ransomware attack has left security teams around the world scrambling to make sure they are protected and to assess whether they have been victimized. To protect themselves, organizations need to have visibility into which systems are vulnerable and be able to rapidly roll out patches.  To understand whether they have been targeted, they need visibility into the channels over which the ransomware is distributed.  To understand whether they have been infected, they need visibility into the endpoints.
Over the past weekend, I was bombarded with questions from current customers, potential customers, former colleagues, friends, and family.  Am I vulnerable? How do I protect myself? How do I know if I’ve been hit? What do I do if I’ve been hit? What can you do to help me?
This post focuses primarily on the last question. What can we at Sift Security do to help an organization respond to a massive ransomware attack? I break this down into four categories, visibility, analyt…

Next-Generation SIEMs

Intelligence, Speed, Simplicity, AutomationOverviewMajor network and security trends, including exponentially increasing network traffic, cloud architectures, complex attack surfaces, and advanced adversaries, have created new challenges for security operations in adapting to this changing threat landscape.
Increased Traffic, Hybrid Cloud Architectures, and Sophisticated Adversaries Are Overwhelming SOCs
The Security Operations Center is faced with alert overload, often paralyzed with too much information to filter, prioritize, and act upon. The end result is an inability to find the true risk amongst thousands of alerts every day with the largest of organizations easily facing millions of alerts per day.Incident responders are challenged at finding relevant information or seeing the relationships amongst disparate indicators of compromise that are buried within logs, causing delays in assessing, understanding, and mitigating incidents.T…