Sift Security Exits Stealth with an Easier, Faster and Smarter Approach to Threat Hunting and Incident Response

Underpinned by graph data structures and novel data science; $3.25 million angel round

MENLO PARK, Calif.--()--Sift Security exited stealth today, announcing a next-generation cybersecurity threat hunting and incident response platform. Sift Security is backed by a $3.25 million round of angel investment, funded by Freeman Group, a private investment and asset management firm based in Dallas, which put in $3 million, and individual investors with experience at some of the world’s largest and best-known security and technology companies such as VeriSign, McAfee, Sophos, Trend Micro, Guavus and Apple.

Sift Security’s Threat Hunting and Incident Response Platform is purpose built to take advantage of the power of relational graph data structures, scalable search and cutting-edge anomaly detection. Using these technologies, the platform graphically represents what is happening on your infrastructure in near real time, which allows security personnel to visualize incidents. Target customers are enterprise and government agency security operations and incident response teams and managed services providers (MSPs).

“Hunting for and responding to threats can be very frustrating using the current generation of tools, particularly when tracking complex threats across disparate data sources,” according to Colin Estep, Sift Security’s CSO. “In addition to being exorbitantly expensive, those legacy systems are difficult to deploy and use, requiring experts in security to decipher the data streams and data scientists to find patterns in them. They generate more alerts than a human team can possibly sift through, leaving real threats hidden in a pile of false positives. They also fail to connect the dots, to link the stages of an attack across systems and platforms.”

Estep comes to Sift from Netflix, where he was an incident responder, having served in similar roles at Apple and the FBI.

“No one’s really cracked the problem of how to use analytics, big data and machine learning to solve the problems of threat hunting and incident response,” Estep added. “I have been working with the Sift Security team as an advising early user, and I recently joined the company because, in my view, its approach and technology represent a breakthrough that can be the first to solve this important problem.”

To solve this challenge, Sift assembled a team of experts in big data, graph theory and machine learning. According to Neil King, CEO, “Our mission is to make it easier, faster and less frustrating for security operations teams to get their jobs done.” Sift Security takes advantage of three technological shifts to achieve this mission: relational graph data structures and analytics; fast and scalable machine-learning algorithms initially developed at Stanford and MIT; and the commoditization of scalable search.

Graphs are data structures that emphasize the relationships between entities (user, server, file, etc.), like a user authenticating to a host or an email attaching a malicious file. For example, the same device will appear in network, host, application and cloud logs, and the graph ties the activity from all those sources together. It is optimized to answer complex questions about entity behavior, which means security experts don’t need to perform manual correlation during the course of an investigation. The product also gives the user direct visual access to the graph, helping even inexperienced investigators see what has happened and identify the root cause of incidents.

By building its security operations platform on this graph foundation, Sift Security overcomes the weaknesses inherent in current enterprise search-based tools. The Sift Security Platform offers distinct advantages:

  • Simplifies investigations, eliminating the need for manual correlations. Identifies relationships between users, files, malware, emails, internal or external IP addresses, or any other data elements, from disparate data sources, and stores them in an efficient graph structure
  • Identifies hidden threats and reveals traces of threats residing in disparate data sources. Filters and prioritizes potential threats using link analysis and cutting edge machine learning technologies recently developed at MIT and Stanford, including robust principal component analysis and neural networks
  • Simple to use. Performs investigations via a visual graph interface and workflow, making it easy to see how relationships connect across data sources and throughout complex attack chains. Even junior analysts can easily validate alerts and take investigations to completion
  • Scales cost-effectively. Enterprises can capture all the data required for automated analysis and rapid investigations, leveraging robust, open-source big data technologies, including commoditized search. Enterprises can now afford a security data lake and have the insights they need, when they need them

According to Allen Spiegler, CIO of Los Angeles LGBT Center, "I get plenty of alerts, but without context, they aren't very useful. So there was a spike in traffic on this host. What process caused it? Which user was responsible? I used to have to go into the logs and find out myself. With Sift Security, I can get the context I need quickly and figure out what really caused the problem."

Sift Security can be deployed in the cloud as a managed service or installed on-premise on commodity hardware, starting with a single instance and scaling to large clusters of servers. Any type of structured or semi-structured data can be fed into Sift Security, including logs from hosts and network devices, applications, cloud instances and external sources, such as threat intelligence feeds. Data can also be fed directly from existing log management tools such as SIEMs. Unlike most existing tools, Sift Security does not price its software based on data volumes, leading to more predictable pricing and more cost-effective scalability.

“Sift Security reduces the time to investigate from weeks to hours, or even minutes,” according to Ken Silva, a security executive with leadership experience at Ionic Security, Booz Allen Hamilton, VeriSign and the NSA.

The Sift Security threat hunting and incident response platform is immediately available for proof of concept trials. Customers can be up and running in a few hours, with minimal support resources to install and start using it.

Email to get in touch with the security experts at Sift Security about a test installation, or visit for more information. Sift Security is based in Menlo Park, California.

Screenshot 1
Screenshot 2


Montner Tech PR
Deb Montner, 203-226-9290

Release Summary

Sift Security exited stealth today, announcing a next-generation cybersecurity threat hunting and incident response platform. Sift Security is backed by a $3.25 million round of angel investment.


Montner Tech PR
Deb Montner, 203-226-9290