Neil King, CEOAs cloud technologies continue to evolve, so do the threats and vulnerabilities associated with them. In fact, the two go hand in hand. Companies are increasingly shifting higher value workloads to the cloud, which makes them attractive targets. Furthermore, due to different priorities and the lack of relevant expertise, organizations are often exposing a significant attack surface for bad actors to exploit. Today, one of the most commonly reported threats related to cloud infrastructure is organizations misconfiguring Amazon S3 buckets, inadvertently enabling man-in-the-middle (MITM) attacks and ultimately, the exposure of sensitive data. Instances of compromised user credentials, privilege escalation, and malicious actions such as data exfiltration and cryptocurrency mining are on the rise. “We increasingly see sophisticated organizations that want to ensure proper configuration, proactively identify potential breaches in their cloud environment, hunt for threats, and be ready to rapidly respond to threats with accelerated manual response and automation where appropriate,” says Neil King, CEO at Sift Security. Through their novel CloudHunter Platform, Sift Security offers tailor-made solutions for protecting cloud infrastructures.
Being the scalable cloud offering that it is, “CloudHunter can be integrated with an organization’s workflow in minutes,” explains King. “Users can easily add additional integrations to support required use cases for their organization.” These integrations can be initiated manually from the user interface or automatically when rules are triggered, both of which are easily customizable. The platform’s capability to analyze historical data, such as logs that existed prior to its installation, allows users to generate behavioral detections quickly.
As such, CloudHunter’s robust and scalable data model provides comprehensive and relevant visibility into every nook and cranny of cloud infrastructures including APIs, networks, hosts, and more.
Its powerful detection capabilities—which combine third-party alerts as well as Sift’s proprietary, customizable detection stack—includes both simple and correlation rules, anomaly detection, machine learning, and graph-clustering algorithms. Together, the suite of analytics detects simple compliance and configuration risks, advanced multi-stage attacks, and anomalous behavior. The highest priority alerts and attack chains are surfaced as incidents for immediate investigation. Powerful visualization is yet another one of CloudHunter’s unique propositions. With its graph database, organizations can visually explore data in a graph canvas. Alerts and incident management capabilities are further rendered easier, thanks to the stack’s visualization of threats. Sift also offers a library of out-of-the-box dashboards, and the ability for users to easily create their own dynamic visualizations and dashboards. This makes it easy to schedule reports at regular intervals.
CloudHunter can be integrated with existing workflow in under an hour
Since its launch in 2017, CloudHunter has been leveraged by several organizations from the government, healthcare, tech, and even financial services. CloudHunter is currently available with robust support for AWS including Linux OS logs and third-party agents, and key Azure services such as compute, storage, and authentication. Assistance for Windows logging (Audit logs, DHCP, Domain Controller) is also provided. “Looking ahead, support for additional Cloud Service Providers like Google Cloud Platform (GCP) is planned; we will begin catering to cloud endpoint services such as File Integrity Monitoring. We increasingly see customers with stakeholders that need evidence of strong security posture and compliance, such as the board of directors, regulators, customers, and partners, and that’s what we strive to address,” concludes King.