CiperWorks platform receives multiple and parallel client calls when the client application requires encryption, decryption and right-to-forget operations. These calls generate traffic in the CipheraWorks Microservice farm.

The service calls are logged in the CwHawk platform in fine granularity. This is also done in such a way that it does not impact the performance of the CipherWorks service calls. CwHawk periodically interpret the logs and learns the invocation pattern for the specific client.

CwHawk learns the invocation pattern for every Hour Of the Day (HOD) and every Day Of the Week (DOW) for all the CipherWorks services for a specific client. CwHawk saves these invocation patterns in a high performance storage for future use.

When CwHawk periodically interpret the logs, it also verifies if the current invocation rate conforms to the calling patterns in the history. If the current invocation rates exceeds certain threshold, then CwHawk computes a Risk Score.

The Risk Score is published in the CwHawk logs. Enterprises can hook their monitoring systems to the CwHawk logs and continuously monitor the CwHawk logs. Any time CwHawk posts a Risk Score which is higher than a threshold an alert needs to be generated to the Security Administrators.

Thus, CwHawk can detect any internal or external adversary accessing the CipherWorks in an unauthorized fraudulent manner.

CwHawk has many configuration parameters which can customized for any client. These configuration parameters can be modified using CipherWorks Administrator Console.