Blue Hexagon Blog

Unleashing Deep Learning-Powered Threat Protection for AWS

Today at AWS re:Inforce, Amazon Web Services (AWS) announced the availability of Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring, a new feature that allows security teams to gain insight and access to network traffic across their Virtual Private Cloud (VPC).

Blue Hexagon is excited to announce Blue Hexagon for AWS and our integration with Amazon VPC traffic mirroring. Using Amazon VPC traffic mirroring, security teams can now replicate network traffic at any Elastic Network Interface (ENI) within their VPC for inspection by Blue Hexagon, without the need to install and manage agents on Amazon Elastic Compute Cloud (Amazon EC2) instances.

Blue Hexagon is one of just a few AWS Partner Network (APN) Partners debuting an integrated solution with VPC traffic mirroring but that’s not the only reason we are excited about this announcement. The implications for organizations engaged in or considering cloud migration are significant.

Cloud is a critical consideration for any organization’s security strategy (in factBlue Hexagon worked with AWS to create a deep learning training infrastructure optimized for cybersecurity). But there are inherent limitations with existing cloud security solutions:

  • Virtual versions of signature and sandbox based threat detection cannot keep up with the current landscape of modern morphing attacks. They suffer from the same limitations as their on-prem counterparts. Additionally, it is almost impossible to run malware sandboxes in AWS because most popular offerings are cloud hosted themselves.
  • Agent-based threat detection, where agents for threat detection solutions are installed on virtual machines, can be prohibitively expensive, and deliver sub-optimal results.
  • Network traffic analytic solutions that identify anomalies have challenges in baselining what is normal due to the dynamic and short lived nature of cloud workloads.

In contrast, deep learning is ideally suited for threat detection in environments with large amounts of data, such as networks and the cloud. Because of the rich data available in VPC traffic payloads and headers, deep learning-based threat detection efficacy is very high. Additionally our approach rapidly uncovers malicious threats moments after they appear within a workload without requiring any baselining or a priori knowledge of the traffic.

Now, with the availability of AWS VPC traffic mirroring,  Blue Hexagon for AWS can inspect a copy of the AWS cloud workload traffic for known and unknown threats in less than a second, at almost 100% detection rates. The speed of threat detection is ideal to keep pace with the speed of cloud workloads.

Blue Hexagon for AWS focuses on securing both north-south traffic where an attacker is trying to credential brute-force or exploit a vulnerability within a workload, and east-west traffic where threats from one infected virtual machine are trying to move laterally to another. The combination of both perimeter security and lateral movement security prevents the initial intrusion and further infection within the AWS environments. This is all accomplished without deploying or managing agents on any virtual machine.

Threat prevention is just as seamless.

When a threat is detected, Blue Hexagon generates a notification into AWS Simple Notification Service (Amazon SNS) which is then consumed and orchestrated by any downstream services like AWS GuardDuty or an AWS Lambda. These services can invoke an AWS Cloud Formation Template (CFT) to shut down or quarantine the infected workload, ensuring complete security for business-critical applications. The duration from infection to remediation is thus accomplished in seconds.

Customers benefit from the speed, efficacy, and coverage of the Blue Hexagon deep learning platform, as well as from the following:

  • Seamless deployment of deep learning powered threat detection without requiring the installation of any agents;
  • Consistent deep learning-powered threat detection across enterprise networks and AWS cloud environments; and,
  • A single configuration and detailed threat dashboard for both network and cloud threats, complete with indicators of compromise and threat families.

Check out a demo of the Blue Hexagon and AWS Traffic Mirroring integration here, and our datasheet here. Customers attending AWS re:Inforce are invited to attend the AWS Security Pioneer Chalk Talk Session featuring Blue Hexagon- “Outsmarting Attacks With Deep Learning” SEP328 on Tuesday June 25, 1:45 – 2:45 pm with Arri Ciptadi, Principal Machine Learning Scientist, Blue Hexagon and J Michael Bako, Solutions Architect, Amazon Web Services.