Analyze AWS CloudTrail Logs with High Confidencce

In today's digital landscape, transitioning to the cloud presents a wealth of opportunities and efficiencies, but it also brings new challenges for enterprise security teams.

Traditional anomaly detection tools often fall short in identifying high interest events when activities transcend system boundaries and operate beyond the scope of a single application.

That's where Novelty Detector for AWS comes into play.

Find unknown unknowns

thatDot Novelty for AWSlearns what is normal in your CloudTrail Logs.

Monitor Credential Use

Cut out the noise that comes with operating on public cloud infrastructure. Novelty Detector for AWS isolates and elevates the true outsider threats, reducing false positives by 10x and making analysts more productive.

Learn Normal Behaviors

Spotting misuse by trusted insiders can be nearly impossible. Too many false positives cause analysts to ignore real ones. Novelty Detector for AWS alerts when insider behavior becomes a problem.

Detect Configuration Change

Even an honest mistake can cost your business tens of thousands of dollars. Catch configuration changes that expose key data and shut down unused services before they impact you.

Identify Attacks, FAST

Even when attacks aren't subtle, they can be tough to spot in a noisy environment. Novelty Detector for AWS generates actionable, contextually-rich alerts in real time.

Key Features

Normally, you won't be watching the Novelty Detector dashboard. Your security monitoring system can be integrated to alert you to the anomalies that matter most. Set up integrations with tools like PagerDuty or Slack, configuring score thresholds to receive alerts based on your priorities.

  • Categorical Anomaly Detection: Traditional methods primarily rely on statistical anomalies, often leading to a high rate of false positives. Novelty Detector for AWS utilizes categorical anomaly detection to swiftly and confidently surface signs of credential misuse, reducing false positives significantly.
  • Real-time Monitoring: Monitoring your AWS CloudTrail logs is essential for detecting and mitigating security threats promptly. Novelty Detector for AWS is designed to work seamlessly with CloudTrail logs, providing real-time insights into events that demand your attention.
  • Behavioral Fingerprinting: Our solution goes beyond mere anomaly detection. It creates behavioral fingerprints that help you understand user and machine behaviors, patterns, and scale. This in-depth analysis allows you to identify unusual activities effectively.
  • Actionable Insights: Novelty Detector for AWS generates observations with novelty scores, highlighting the relevance of each event. While novelty doesn't trigger immediate security events, it helps you identify what makes an observation novel, streamlining manual or automated categorization and action

Why Novelty for AWS?

Find behaviors that you weren't aware of.

Traditional methods, like AWS CloudTrail Insights, often focus on simple variances in the number of API calls, resulting in numerous false positives and missed security events.

In contrast, thatDot's Anomaly Detector goes beyond numbers, categorizing strings and providing a contextual awareness that is vital for identifying novel behaviors. This categorical approach ensures that you focus on high-value, high-confidence events, reducing alert fatigue and improving the efficiency of your security analysts.

Stop wading through pages of false positives, each requiring extensive research from your staff to prove or dismiss. Only Novelty Detector for AWS provides alert prioritization, threat classification, and research context in one alert.

High-Value Alerts

Novelty Detector for AWS enables security analysts to concentrate on high-value alerts, leading to a 10x increase in productivity. With limited resources and time, it's crucial to make the most of your security team's efforts.

Rich Data Analysis

Novelty Detector for AWS analyzes a rich set of data, including strings, to discover more true anomalies while filtering out unsurprising numeric outliers.

Contextual Awareness

By considering various factors, such as user behavior and time of day, Novelty Detector for AWS offers a comprehensive view of events, helping you find and address malicious activities quickly.

DARPA-developed, field-proven.

Novelty Detector for AWS is built using thatDot's proven Novelty Detector platform, which was developed as part of a DARPA-funded project to completely reimagine anomaly detection.

Novelty Detector uses categorical data to build a comprehensive behavioral fingerprint of your data. This deep contextual understanding eliminates false-positives and provides WHY an anomaly was identified, making it immediately actionable.

Existing anomaly detection techniques rely on numerical data and threshold analysis, which breaks down in the face of high data dimensionality and produces high volumes of false-positives.

Noise Cancellation for your AWS CloudTrail Logs

Interested, request trial access today.

Novelty Detector for AWS delivers high-value, high-confidence events, enabling you to quickly identify true anomalies, assess their maliciousness, and eliminate the noise. In an era where security breaches are on the rise, efficient and accurate anomaly detection is essential.

Novelty Detector for AWS is in early access release and ready for you to try out. Sign up to start your free trial and say goodbye to false alarms!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Noise cancellation for your AWS CloudTrail logs