To help you quickly get the most out of SenseDeep, this page explains a few of the concepts and terms used by the app.
SenseDeep divides your security status into three separate metrics:
- Attack Status
- Threat Status
- Background Events
The Attack status indicates if you are under attack. It is your most important security status. The attack status will be set to either:
- None → You are not under attack and everything is normal.
- Targeted → You are currently being targeted by attackers.
- Compromised → Your service has been hacked.
The Threat status indicates if you have vulnerabilities in your site and if you are at risk of being hacked in the future. The Threat status is a numeric value between 0 and 100% with an associated word-based status. The following thresholds are to determine the status:
- > 10 — none — no vulnerabilities have been detected in your site.
- > 35 — low risk vulnerabilities have been found.
- > 65 — moderate risk vulnerabilities have been found.
- > 90 — high risk vulnerabilities have been found.
- > 90 — severe risk vulnerabilities have been found.
To best secure your compute resources, it is necessary to monitor servers and containers from the inside out. Some indicators of being hacked and Advanced Persistent Threats are only detectable from inside the server. SenseDeep provides a lightweight server agent that you should install on all your Linux EC2 and on-premises servers. This will closely monitor your EC2 servers for any signs of compromise.
See the instructions for installing the SenseDeep agent at Add Host.
SenseDeep also monitors your cloud configuration for security threats and vulnerabilities. It does this by regularly auditing your cloud configuration and by listening for AWS cloud watch events for important changes in your account in real-time.
Currently, the cloud audit features are in beta-test and are limited in scope. You can enable these from your Account Preferences. When enabled, you can also request an immediate cloud audit from the Threat Dashboard by clicking on Rescan for Threats.
When SenseDeep detects a security issue, it will generate an Alert and modify your security status. It will then update the dashboard and alert you via email, SMS or other mechanism. Active alerts are listed on the Active Alerts page. From there, you can examine and respond to each alert as appropriate. You can also drill down from the Dashboard to the source alert that cause the change in system security status.
Some alerts indicate real security threats and some indicate latent vulnerabilities with your site. Others may be acceptable risks that you are fully aware of and do not wish to address at this time. Your SenseDeep workflow involves dispatching alerts by either ignoring them, fixing the underlying issues or creating automated responses to suppress future similar alerts.
Responses can be created to automatically dispatch alerts without human intervention. The SenseDeep App makes it easy to create automated responses that eliminate needless or unwanted alerts.
SenseDeep can notify you immediately of any changes to your security posture. You can be notificed by email, SMS, web hook or AWS Lambda function, or any combination of these.
SenseDeep uses modular packages of security functionality. These packages are dynamically configured depending on your site and are customizable to meet the unique configuration of your site. In the future, it will be possible for you to create your own packages if required.