Threatsift | AMGINE


From Chaos to Harmony, Smart Security is Total Security

Threatsift® is not just a product, it is a continuous process to capture it all.
Respond to cyber security incidents in an effective and consistent manner.

What is Threatsift®

Threatsift®, is an unified system designed for enhanced investigation. In brief, the system is capable of automating the overall process of detection/block, analysis, respond, and management to eliminate advanced/persistent threats and defective work process.

SIEM concentrates mainly on log-based information-collection, detection, alert through deployed appliances, and are inadequate to correlate the incidents due to the absence of threat resources and attack history management.

In short, separated/alienated analysis and response lead to discrepancy between detection, analysis, response and management.

Main Features of Threatsift®

  • The quality and time required to analyze malicious codes generated in large numbers through automatic analysis of encroachment resources are normalized.
  • Analyze the association of collected information, apply the validation techniques and know-how of the introduction to visualization
  • Optimized Deployment for Infringement Characteristics and Operating Environment
  • Based on the analysis of asset management and related accident knowledge for encroachment through automatic analysis and collectivization of collected information
  • Enables protocol analysis, file extraction, ThreatFlow calculation, and detection of abnormal traffic from a single platform


Automated-analysis on extensive threat resources and suspected malicious resources


Automated-extraction of information on each threat resource

Intellect profiling

Actor profiling threat intelligence utmost case building

Integrated solution

Comprehensive visualization and case based history management

Before Threatsift

Chaos of Analyst

Before Threatsift

  • Fragmented Information Management
  • Unextractable Linkage Information
  • Ineffective Response Planning

After Threatsift

Harmony of Threatsift

Before Threatsift

  • Comprehensive Information Management
  • Extractable Static/Dynamic Analysis
  • Effective Response Planning

Definition for Threat Normalization

Threat Normalization [θret nɔ́:rməlizéiʃən]

Process of optimization for unified storage & analysis to meet the requirements to secure the process management quality(real-time, accuracy, efficiency, etc.) on various and atypical threat information(malware, network resources, communication channels, reputation Information, threat level, etc.) collected for decisive threat response.

The Power of Threat Normalization

Without Threat Normalization

  • Unclear Criterion of Integrated Information
  • Absence of Association Key
  • Inevitable Manual Collection

With Threat Normalization

  • Definite Criterion of Integrated Information
  • Existence of Association Key
  • Manual Collection Eliminated

The Type of Threat Normalization

Resource Normalization

  • Domain : Ownership / DNS Records / Malicious History
  • IP : ISP / Class Info / Malicious History / Base10
  • Binary(PE/APK) : HASH / API Sequence / C2 Connection
  • EML : Session / Body / Attachment

Event Normalization

  • Event Log : Timestamp(UTC) / Schema / Value Type
  • Collection Channel : Resolution / Rotation / Reliability

Reputation Normalization

  • Threat Level / Whitelist / Blacklist / Reputations
  • Malicious Activity Categorization