SenseDeep® includes the following components:
- SenseDeep App
- SenseDeep Agent Manager
- SenseDeep Server Agent
- Manages simple and complex sites from a single web portal.
- Manages multiple AWS regions and on-premises resources.
- Has extensive AWS integration with AWS VPC, IAM, EC2, AutoScale, RDS, including Aurora, IAM, CloudWatch Events, CloudWatch Logs, Lambda, SNS, and S3.
- Displays an aggregated status and vulnerability dashboard that clearly identifies compromises and vulnerabilities.
- Supports drill down from a compromised service to quickly determine root cause.
- Identifies service vulnerabilities and compromised hosts and services.
- Correlates alerts and provides a unified list of outstanding security issues.
- Has powerful batch operations management on alerts.
- Invokes automated alert responses and defenses.
- Provides a rich library of defenses including: instance control, run process, run lambda, block attacker, etc.
- Provides a server log file viewer with real-time live tail display.
- Notifies via email, SMS, Lambda and web hooks.
- Keeps a full audit trail of all account changes.
- Controls access via user and role based security.
SenseDeep Agent Manager
- Audits cloud configuration and identify vulnerabilities.
- Calculates and maintains current threat score.
- Automatically retrieves instance IDs, tags and information.
- Checks AWS account in real-time using Cloud Watch Events.
- Supports dynamic sites using AWS AutoScale to automatically add and removes hosts.
- Manages portions of sites using filters to select hosts and resources via AWS tags.
- Supports servers in multiple regions or on-premises.
- Is a host-based micro agent to monitor hosts from the inside-out.
- Executes security rules to ensure threat-free operation.
- Captures full alert context at the point of attack.
- Updates rules dynamically upon configuration changes and updates.
- Collects server logs and stores via Cloud Watch Logs. Dynamically creates log streams as required.
- High performance Systemd Journal event log capture.
- Securely manage system updates.
- Applies local defenses to block or impede attackers.
- Detects and alerts any attempt to kill or tamper with the agent.
- Defends itself against all attacks including "kill -9"
- Has minimal CPU impact (< 1%) and is extremely small (< 4MB and less than 10% the size of other IDS agents).
Extensive Threat Detectors
- The SenseDeep agent and cloud-side manager have a real-time event based threat detector engine.
- Detects probes of network ports.
- Detects probes of http web servers.
- Detects probes of account logins.
- Detects modifications to critical system files.
- Detects execution of unexpected processes.
- Detects unauthorized login attempts.
- Detects attempts to circumvent security.
- Detects denial of service attacks.
- Automatically configures security rules based on the unique cloud and server configuration.
- Permits custom rule overrides.
- Provides a growing library of configurable threat packages for platforms, frameworks and applications.
- SenseDeep has simple pricing: $10 per month, plus 2 cents a server per hour.