Getting Started with Servers
SenseDeep detects security threats to EC2 servers via a lightweight server agent that is installed on Linux EC2 servers or containers. The SenseDeep agent is able to detect threats that are only visible inside a server and it is highly effective in detecting server compromises and Advanced Persistent Threats.
The SenseDeep agent is a host-based micro-agent that monitors all critical system functions at wire-speed. It is tiny, at less than 4MB, and uses less than 1% of the systems CPU resource.
The agent is tethered to the SenseDeep cloud service. Any attempt to tamper or bypass the SenseDeep agent is detected and you will be suitably alerted.
The SenseDeep agent is installed by running the SenseDeep Agent Installation Script. This script should be run on each EC2 instance you wish to secure. You can run the script from the EC2 user-data initialization script or alternatively, and prefereably, it can be baked into a custom AMI used by your EC2 instances.
The install script utilizes a SenseDeep registration token to authenticate the agent with your SenseDeep account. The token is uniquely generated for your account and you can regenerate tokens at any time. Once installed, the agent acquires a unique auth token for its exclusive use that is used to authenticate the agent and to secure all communications with SenseDeep.
SenseDeep understands AWS autoscale and will seamlessly integrate newly scaled servers for management. If servers are terminated by AWS autoscale during a scale-in event, the servers will automatically be removed from SenseDeep management without disruption or manual intervention.