The Fusion of Cloud Automation
and Human Intelligence

Sherlock Puts the Power and Scale

of the Cloud to Work for You

Sherlock Architecture

Sherlock SOC

The Stack

Sherlock automatically deploys a stack of security tools and controls in the cloud. It connects to all your environments and seamlessly ingests all your security and performance data.

The Setup

Sherlock fully virtualizes your SOC in the cloud. Setup takes hours, not weeks. We relieve the burden on you and your team.

Your Data

Sherlock never commingles your data. Your data always remains under your control. This reduces risk and simplifies compliance with standards like GDPR, PCI, HIPAA, and ISO.

The Hunt

Sherlock constantly hunts for attackers. The Sherlock team scours your data for indicators of compromise (IoC) using the latest automation, machine learning, real-time threat intelligence, and 20 years of security expertise.

All Code

There are no appliances to set up, no traffic to reroute, no hardware to maintain. Your Sherlock virtual SOC is delivered as a library of custom code for rapid, repeatable deployment in the cloud.

The Team

If there is an attack, the Sherlock team springs to action: we investigate, track, block, quarantine, and prevent the breach. Our USA-based team is on the job every day, all day, all the time.

Sherlock Features

Managed SIEM

Cloud-native, fully-managed SIEM with integrated threat intelligence and threat hunting powered by machine intelligence.

Threat Scanning

Automated, continuous scanning of systems, applications, and networks for suspicious activity and vulnerabilities.


Decoy systems deployed inside your cloud and on-premise environments to detect malicious activity in real-time.

Compliant by Design

The Sherlock architecture accelerates and simplifies compliance for standards like PCI, HIPAA, ISO 27001, NYDFS, SOC 2, and GDPR.

Threat Intelligence

Sherlock uses the best public and private threat intelligence data, optimized and customized for your specific business risks.

DevOps Ready

Sherlock can seamlessly integrate into DevOps teams for a CI/CD pipeline that is secure, by default and by design.

A Typical Sherlock Deployment

Sherlock is automatically deployed on the AWS cloud and connects to all your environments.

The Sherlock SIEM ingests all your security, application, network, and user behavior data. Machine learning and automated threat hunting scours this data for evidence of compromise.

Security controls deployed throughout your cloud and on-site environments forward information to our integrated dashboard, where we conduct investigations.

Sherlock SOC Analysts investigate and respond to threats, handling incidents for you and notifying you of any actions taken.


* Sherlock includes a stack of
cloud-native controls:

  • Sherlock SIEM: data analytics platform with integrated hunting.
  • Sherlock Threat Scan: Automated system and network scanner.
  • Sherlock Decoy: Deceptions to spot hackers pivoting in the environment.
  • Sherlock Endpoint: anti-malware, file integrity monitoring, system integrity monitoring and more.

We also support many
third-party technologies

Sherlock and Your Network

The Sherlock Subscription

Explore the packages

Share This