Sharelock logical architecture

Sharelock logical architecture

“One coincidence is just a coincidence; two coincidences are a clue, three coincidences are a proof”

(Agatha Christie)

Sharelock Augmentable AI architecture

From the company’s inception, this famous Agatha Christie saying has been guiding our product strategy and, specifically, the ability to create unlimited IoB (Indicators of Behavior) on any given dataset, so to detect multiple anomalies from the same source.

Why? To dramatically increase accuracy and reduce false positives. Most of today’s market products analyze behaviors on the entire dataset log record and detect anomalies for each user against an ‘average overall behavior”, translating into a massive amount of false alarms.

The key features of the Sharelock IoB’s are:

  1. Built upon a triplet of the dataset (e.g. Office 365 log file), the most appropriate ML model from our catalog, and a log field within the log record, allowing us to design unlimited IoB’s on the same dataset.
  2. Standardized output, on a 0-100% risk score.
  3. Indicators bound to Identities, that either trace back to the IGA platform or, more importantly, use our predictive Identity-enrichment ML models.
Sharelock <bold>Augmentable</bold> AI architecture

Sharelock Machine Learning models

Sharelock’s ML models fall into two distinct categories: Anomaly detection and Identity attribute enrichment.

  1. Sharelock owns the ML models in order to retain full model control for readability and adaptability purposes. We tend to avoid Blackbox approaches, where the ability to perform the retrospective analysis is utterly complex, and the computational costs are very high.
  2. Sharelock ML models are unsupervised, hence not requiring the manual preparation of a training dataset, which is the biggest hurdle clients face with competitive products.

The ‘Anomaly detection’ models aim to detect and score (with a probability index) behavioral anomalies.

The ‘Identity enrichment” models aim to address the original sin of many business application log files, where too frequently account details and other identity-related attributes are missing.

Sharelock Machine Learning models

Born-for-the-Cloud architecture

Sharelock is a “born-for-the-cloud” platform, solely designed using orchestrated Kubernetes containers, and leveraging highly scalable open-source technologies.

Forget about Frankenstein clunky platforms built in a pre-cloud era, with monolithic technology stacks, and simplistic ML-models patched on-top at a later stage.

Born-for-the-Cloud architecture

Sharelock Log collection capabilities

Sharelock utilizes GrayLog, the leading open-source log collection engine.

Graylog integrates natively with a broad set of business applications such as Microsoft Office 365, Google G-Suite, Slack, Jira, MS Teams, and Zoom.
Graylog supports multiple log collection mechanisms for ad-hoc integrations, allowing a very flexible adaptation to any integration scenario such as applications, network devices, sensors, etc.

Sharelock Log collection capabilities

Don't hesitate to

Get in Touch

Our team will be pleased to help you  address any need and answer any question!