Jan 3 Release Notes
This is the first, alpha release of the SenseDeep security service. This article describes the initial core features for SenseDeep.
SenseDeep is a cloud security service. It detects threats to your cloud-based infrastructure in real-time and prevents attacks from escalating. SenseDeep tells you when your server has been hacked, when you are vulnerable and what is your security exposure.
Our goals are to make it easier to know if you've been hacked in the cloud. SenseDeep answers three key questions in the cloud:
- Have I been hacked?
- Am I being attacked?
- Am I vulnerable?
SenseDeep is a cloud-based application and service that helps secure your critical cloud infrastructure.
- SenseDeep App security portal (https://app.sensedeep.com)
- Intrusion detection host agent for EC2
- Configurable security rules
- Alerting and notification
SenseDeep Web App Portal
- Security dashboard to manage simple or complex sites from a single web portal.
- Status, vulnerability and audit dashboard.
- Clearly identify compromised and vulnerable services and hosts.
- Drill down to specific hosts and alerts.
- Powerful alert operations management.
- Automated alert responses and defenses.
- Suite of defenses including: instance control, run process, run lambda, block attacker, run command, etc.
- Flexible notification options for email, SMS, web hooks and lambda functions.
- Audit trail.
- User access control and role based security.
- Maintenance mode for hosts or services to suppress alerts.
SenseDeep Host Intrusion Detection Agent
- Host-based micro-agent to monitor host from the inside-out.
- Real-time rules engine captures relevant system information at high speed.
- Detect probing of network ports, http web servers and account logins.
- Detect unauthorized login attempts and execution of banned programs.
- Detect modifications to system critical files.
- Detect denial of service attacks.
- Captures full alert context at the point of attack.
- Extremely small embedded agent (< 4MB and less than 10% the size of other IDS).
- Minimal CPU impact (< 1%).
- Unique dynamically downloaded and updated rules for each host.
- Securely manage system updates.
- Detects and notifies of any attempt to interfere with the SenseDeep agent.
- Agent tamper-resistant via cloud tether.
- Securely self updating.
- Automatic rule selection based on unique host configuration fingerprint.
- Growing library of configurable threat packages for platforms, frameworks and applications.
- User configurable rule overrides.
- Agent local defenses to block and impede attackers or run local commands.
- Cloud defenses to isolate compromised hosts.
- SMS and email notifications.
- Run HTTP hooks.
- Run Lambda functions.
- Real-time alerts to SenseDeep service portal.
- Extensive AWS integration.
- Supports Auto-Scale to automatically add and remove hosts.
- Automatically retrieve instance IDs, tags and information.
- Automated defenses to stop and terminate compromised hosts.
- Gateway to AWS SNS notifications.