Being the scalable cloud offering that it is, “CloudHunter can be integrated with an organization’s workflow in minutes,” explains King. “Users can easily add additional integrations to support required use cases for their organization.” These integrations can be initiated manually from the user interface or automatically when rules are triggered, both of which are easily customizable. The platform’s capability to analyze historical data, such as logs that existed prior to its installation, allows users to generate behavioral detections quickly.
As such, CloudHunter’s robust and scalable data model provides comprehensive and relevant visibility into every nook and cranny of cloud infrastructures including APIs, networks, hosts, and more.
Its powerful detection capabilities—which combine third-party alerts as well as Sift’s proprietary, customizable detection stack—includes both simple and correlation rules, anomaly detection, machine learning, and graph-clustering algorithms. Together, the suite of analytics detects simple compliance and configuration risks, advanced multi-stage attacks, and anomalous behavior. The highest priority alerts and attack chains are surfaced as incidents for immediate investigation. Powerful visualization is yet another one of CloudHunter’s unique propositions. With its graph database, organizations can visually explore data in a graph canvas. Alerts and incident management capabilities are further rendered easier, thanks to the stack’s visualization of threats. Sift also offers a library of out-of-the-box dashboards, and the ability for users to easily create their own dynamic visualizations and dashboards. This makes it easy to schedule reports at regular intervals.
CloudHunter can be integrated with existing workflow in under an hour
Since its launch in 2017, CloudHunter has been leveraged by several organizations from the government, healthcare, tech, and even financial services. CloudHunter is currently available with robust support for AWS including Linux OS logs and third-party agents, and key Azure services such as compute, storage, and authentication. Assistance for Windows logging (Audit logs, DHCP, Domain Controller) is also provided. “Looking ahead, support for additional Cloud Service Providers like Google Cloud Platform (GCP) is planned; we will begin catering to cloud endpoint services such as File Integrity Monitoring. We increasingly see customers with stakeholders that need evidence of strong security posture and compliance, such as the board of directors, regulators, customers, and partners, and that’s what we strive to address,” concludes King.