Cloud Sight™ by Threat Stack, Inc
Continuous Monitoring For Elastic Infrastructure
Using cloud infrastructure, you know you can accelerate delivery of applications and scale to meet the needs of modern business.
But in the world of virtual datacenters, software-defined networks, and servers that come and go, who handles security?
Don't worry: Cloud Sight was built specifically for the elastic requirements of the cloud.
Cloud Sight continously monitors and records system activity (such as logins, processes, network activity, and file changes).
Using a lightweight agent that is designed to be as simple as possible to deploy, we capture an unprecented level of security data, and retain it securely off-box.
Correlating it all, we provide a powerful view into your system’s security posture.
Cloud Sight’s Process Behavioral Profiling (PBP)™ technology powers our detection and analytics.
Leveraging your historical data and our platform, we automatically build a profile of normal application behavior for each unique server role.
This profile serves as a trusted baseline from which to detect potentially malicious activity, and can be applied to any number of elastic instances in a role.
Cloud Sight does the legwork of post-processing so that the alerts we generate are based on historical context -- not just a small window of observed system activity.
We couple these alerts with our DVR-like recording of system activity: a record of who did what and when, along with our observed history of deviations.
Accurate alerts + meaningful context = prompt, efficient response.
Cloud Sight is built in the cloud, for the cloud. We support transient instances, so you can maintain valuable security history even beyond the lifetime of an individual instance.
Furthermore, as a native, cloud-formed application, Cloud Sight's architecture auto-scales itself so you don’t have to.
It’s cloud ready, by design, after all.
Resisting attacks starts with building a strong defense.
Cloud Sight allows you to instantly create firewall rules based on a server profile that can be automatically applied to similar systems through logical grouping.
Furthermore, our APIs allow you to integrate our system into your workflow, so you can respond faster.
How do we know if we are already compromised? Given a baseline of normal system activity, is there anything anomalous? Who is logged in, from where, and what did they do? What processes are running and why? What happened on an instance that existed 6 weeks ago? What DNS and network traffic is each process is generating and is this normal? … and more!
Think of Cloud Sight as a surveillance camera for system activity, capturing and retaining the relationships between system activities.
Cloud Sight naturally expediates investigations and incident response forensics. No more parsing through log files for hours or hiring a third-party security consultant to determine the extent of a breach.
The rich audit trail created by Cloud Sight can also be integrated to external applications via APIs.
Unlike traditional intrusion detection systems, our alerts come pre-packed with context.
Get alerted as soon as Cloud Sight detects suspicious activity. From an alert, determine when a user logged in and what commands they ran, along with other important information to enable rapid response.
Cloud Sight will also send you a daily report summarizing new or potentially suspicious behavior observed on your systems.
