Our team will be pleased to help you address any need and answer any question!
Platform
Sharelock in action
From a logical standpoint, the Sharelock platform performs three activities:
- Ingestion: Sharelock ingests user or machine activity data (e.g., incoming data from the application log files, sensors, etc.
- Baseline setting: It learns the individual behavioural baselines according to the predefined Indicators of Behaviour.
- Anomaly detection: it detects Behavioral Anomalies that are then down-filtered to Threat Alerts and Recommendations.
And it does it for Humans and Machines.
“One coincidence is just a coincidence; two coincidences are a clue, three coincidences are a proof”
(Agatha Christie)
Sharelock Augmentable AI architecture
From the company’s inception, this famous Agatha Christie saying has been guiding our product strategy and, specifically, the ability to create unlimited IoB (Indicators of Behavior) on any given dataset, so to detect multiple anomalies from the same source.
Why? To dramatically increase accuracy and reduce false positives. Most of today’s market products analyze behaviors on the entire dataset log record and detect anomalies for each user against an ‘average overall behavior”, translating into a massive amount of false alarms.
The key features of the Sharelock IoB’s are:
- Built upon a triplet of the dataset (e.g. Office 365 log file), the most appropriate ML model from our catalog, and a log field within the log record, allowing us to design unlimited IoB’s on the same dataset.
- Standardized output, on a 0-100% risk score.
- Indicators bound to Identities, that either trace back to the IGA platform or, more importantly, use our predictive Identity-enrichment ML models.
Sharelock Machine Learning models
Sharelock’s ML models fall into two distinct categories: Anomaly detection and Identity attribute enrichment.
- Sharelock owns the ML models in order to retain full model control for readability and adaptability purposes. We tend to avoid Blackbox approaches, where the ability to perform the retrospective analysis is utterly complex, and the computational costs are very high.
- Sharelock ML models are unsupervised, hence not requiring the manual preparation of a training dataset, which is the biggest hurdle clients face with competitive products.
The ‘Anomaly detection’ models aim to detect and score (with a probability index) behavioral anomalies.
The ‘Identity enrichment” models aim to address the original sin of many business application log files, where too frequently account details and other identity-related attributes are missing.
Born-for-the-Cloud architecture
Sharelock is a “born-for-the-cloud” platform, solely designed using orchestrated Kubernetes containers and leveraging highly scalable open-source technologies.
For Activity Log collection, Sharelock utilizes GrayLog, the leading open-source log collection engine. Graylog integrates natively with a broad set of business applications and supports multiple log collection mechanisms for ad-hoc integrations.
