Blue Hexagon Blog

PCSL Validation On Network Threat Detection

As a young company engaged in the relatively new approach of applying deep learning techniques to the process of detecting and preventing cyberthreats we understand that there may be a tendency for outsiders to regard what we say about our technology with a jaundiced eye. Data security is a huge problem for everyone and, despite venture investments in cybersecurity innovators of $5.4 billion, it doesn’t seem to be getting any better. According to CNBC, last year hackers made off with $600 million in ill-gotten gains, and had a negative economic impact of more than $4 trillion worldwide.

Since our launch in February we’ve been talking about our Blue Hexagon threat detection platform in public and private, citing an efficacy rate of greater than 99.5% for identifying and blocking both known and unknown malware samples, at line rate, and with a threat detection rate of less than a second. These early results were based on internal tests and also from early customer deployments where we regularly detect threats that others have missed. Our users are convinced, but others have commented that a 99.5% efficacy rate (with nearly no false positives) is too good to be true.

That’s why we recently we put our platform in the hands of the PCSL IT Consulting Institute, an independent security testing lab and member of the Anti-Malware Testing Standards Organization, and let them put it through the paces. PCSL’s testing framework was specifically designed to measure security platforms against metrics that matter to CISOs in three critical areas:

  • Efficacy – detection rates across a wide range of threat categories, and threat samples in various file types and sizes
  • False Positives – accuracy of detection; a false positive means incorrectly identifying benign files as malicious
  • Speed of detection – network threat detection speed, including network processing and AI inference times

The testing framework was specifically designed to incorporate threats in executables, MS Office documents, and PDFs across a wide variety of threat categories, including financial malware, cryptominers, ransomware, trojans/spyware, and more. The test also included a large volume of benign consumer applications, enterprise applications, OEM files and more, to test Blue Hexagon’s false-positive rates.

We’re excited to share the results from this testing. There were a total of more than 2 million malicious and benign samples across a broad range of threat families, and Blue Hexagon scored a 100% detection efficacy with 0% false positives.

Threat Detection Rates By Threat Family

Blue Hexagon Threat Detection Rates By Family

False Positive Rates By Category

false positives by category
Blue Hexagon False Positive Rates By Category

What’s more, we were able to achieve these efficacy numbers with a time to detection at an average of 125 milliseconds. This includes network processing time. The incredible detection time of 125ms on live network data needs to be stressed, this is very very hard to achieve, and our team has worked really hard to get the detection speed we need to beat the adversary.

Threat Detection Times

Threat detection times

Following the testing process, PCSL IT Consulting Institute CEO Jeffrey Wu commented, “Our core methodology measures threat detection efficacy, false positives, and threat detection speed. Blue Hexagon has taken an extremely ambitious approach to tackling network threats using deep learning, and their perfect score of efficacy—while having zero false positive alerts—against our rigorous testing process and extensive sample of malware supports their claim as one of the most accurate network threat prevention products in the industry today.”

As we kick off Cybersecurity Awareness Month, we’re optimistic about our industry’s future with AI and deep learning in particular. After all, we started Blue Hexagon because we believed that deep learning techniques could be applied to address the fundamental challenges of effective perimeter defense from cyberthreats. While our results with customers had exceeded our expectations, we now have independent verification from PCSL of our claims of network threat detection efficacy, low false positives and exceptionally fast threat detection times. What’s more, these results show that our approach of using deep learning means todays enterprises can finally overcome the limitations of traditional perimeter defenses.

I encourage you to download the full PCSL report and see how we did for yourself. And if you still have any questions, feel free to reach out. We especially love hearing from skeptics and showing them how, because of deep learning, we’ve entered a new era in cybersecurity.