Threatsift | AMGINE


From Chaos to Harmony, Smart Security is Total Security

Threatsift is not just a product, it is a continuous process to capture it all.
Respond to cyber security incidents in an effective and consistent manner.

Before Threatsift


Chaos of Analyst

Before Threatsift

  • Fragmented Information Management
  • Unextractable Linkage Information
  • Ineffective Response Planning

After Threatsift


Harmony of Threatsift

Before Threatsift

  • Comprehensive Information Management
  • Extractable Static/Dynamic Analysis
  • Effective Response Planning


Automated-analysis on extensive threat resources and suspected malicious resources


Automated-extraction of information on each threat resource

Intellect profiling

Actor profiling threat intelligence utmost case building

Integrated solution

Comprehensive visualization and case based history management

What is Threatsift

Threatsift, is an unified system designed for enhanced investigation.

In brief, the system is capable of automating the overall process of detection/block, analysis, respond, and management to eliminate advanced/persistent threats and defective work process.

In particular, Threatsift is a perfect substitution for SIEM(Security Information & Event Management).

SIEM concentrates mainly on log-based information-collection, detection, alert through deployed appliances, and are inadequate to correlate the incidents due to the absence of threat resources and attack history management.

In short, separated/alienated analysis and response lead to discrepancy between detection, analysis, response and management.

Definition for Threat Normalization

Threat Normalization [θret nɔ́:rməlizéiʃən]

Process of optimization for unified storage & analysis to meet the requirements to secure the process management quality(real-time, accuracy, efficiency, etc.) on various and atypical threat information(malware, network resources, communication channels, reputation Information, threat level, etc.) collected for decisive threat response.

The Power of Threat Normalization

Without Threat Normalization

  • Unclear Criterion of Integrated Information
  • Absence of Association Key
  • Inevitable Manual Collection

With Threat Normalization

  • Definite Criterion of Integrated Information
  • Existence of Association Key
  • Manual Collection Eliminated


Resource Normalization

– Domain : Ownership / DNS Records / Malicious History

– IP : ISP / Class Info / Malicious History / Base10

– Binary(PE/APK) : HASH / API Sequence / C2 Connection

– EML : Session / Body / Attachment

Event Normalization

– Event Log : Timestamp(UTC) / Schema / Value Type

– Collection Channel : Resolution / Rotation / Reliability

Reputation Normalization

– Threat Level / Whitelist / Blacklist / Reputations

– Malicious Activity Categorization