The rise of cloud-based Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) has driven rapid enterprise workload migration to the cloud. However, this sea change to the cloud comes with its own challenges, and for most enterprises, security of cloud compute and network is at the top of the list. Specifically, many organizations are struggling to translate the policies and protections from their traditional network perimeter to their new cloud-based environments. Configuration and security posture management tools are not enough to deal with modern cloud threats, many of which are multi-stage attacks that manifest at runtime when cloud workloads and data are at their most vulnerable.
To address this challenge, Blue Hexagon Agentless Cloud-Native AI Security is the only solution that combines with Google’s Packet Mirroring service to provide comprehensive L3-L7 network visibility into your GCP environment and advanced threat defense against a broad spectrum of cloud threats including those that manifest at runtime. With Google Packet Mirroring, every packet – including payloads and headers – hitting a network interface in Google Compute Engine and Google Kubernetes Engine is replicated out in real-time to the Blue Hexagon platform that uses the power of Deep Learning AI to provide actionable visibility and real-time threat defense as well as continuous compliance.
Runtime Cloud Security – Use Cases
Cloud Network Visibility
Blue Hexagon provides both North-South and East-West visibility and insights into important protocols such as HTTP, HTTPS, DNS and RDP communications from every workload regardless of platform (Kubernetes, Container, VM), operating system, region, or project within GCP. The security visibility is fundamentally deeper than that provided by cloud VPC flow logs, enabling the richer context and analytics necessary to unearth real threats while minimizing false alerts. Through Intranode Visibility for your GKE clusters, Blue Hexagon even provides security insights into traffic between pods in the same GKE node
Cloud Ransomware and Malware Protection
Blue Hexagon classifies every single file being transferred in and out of your VPCs to identify any malicious code in transit. This includes ELF malware that commonly infects containers with backdoors, webshells, JavaScript based attacks, and malicious Archives. Obfuscated files are also deobfuscated to check for malicious code.
Cloud Cryptojacking Protection
Mining cryptocurrency by hijacking cloud resources is a common cloud attack. Blue Hexagon can identify malicious code associated with crypto mining as it is downloaded to an infected asset as well as identify mining traffic based on deep packet inspection indicating an existing infection.
Command and Control (C&C or C2) Protection
Blue Hexagon uses Deep Learning AI combined with signal processing algorithms to uncover signals embedded within command-and-control (C&C) channels over HTTP, HTTPS, and DNS to convict them as malicious. Further, Blue Hexagon checks every single network transaction across L3-L7 protocols against Blue Hexagon Lab IOCs.
Unauthorized Activity Detection
Blue Hexagon detects both internal and external network scans that are indicative of reconnaissance; brute-forcing over protocols such as SSH and RDP, which is a common tactic for initial access and lateral movement within the cloud; and unauthorized access to cloud resources from malicious entities outside the network.
Cloud Compliance – Network IDS / NDR
Blue Hexagon helps you achieve compliance as you are required to deploy a network Intrusion Detection System (IDS), next-gen Network Detection and Response (NDR), or a network-based malware defense system in your GCP cloud environment. Blue Hexagon also detects embedded exploit code in transit, mapping them to published CVEs; including unknown zero-day malware that could potentially exploit undiscovered CVEs.
Agentless AI Security Benefits
Agentless
Blue Hexagon is deployed in a fully agentless manner with zero downtime or changes to existing or future workloads. Agentless security inspection provides a host of benefits discussed here, including eliminating security vendor supply chain risk and ensuring security teams and SecOps can consistently turn on runtime security visibility and threat defense without compromising on coverage or introducing DevOps friction.
Autoscaling
Blue Hexagon is deployed as a load balancer backed by an autoscale group to meet the cloud-scale demands of your network, providing a true multi-VPC, multi-region, and multi-project security solution for your GCP organization.
Autonomous Response
Blue Hexagon integrates natively via APIs with your security ecosystem providing autonomous response capabilities within your GCP environment. Get notified via slack or email, ingest security findings into your CIEM/SIEM, and trigger response and remediation playbooks in your EDR or network firewall tools.
Cloud Privacy
Blue Hexagon Agentless AI Security for GCP, along with GCP Packet Mirroring, is deployed in the customer’s VPC. Network traffic inspection is performed in real-time in the VPC, not in a separate vendor cloud, ensuring privacy requirements are met. Mirrored packets never leave your VPC, with only Deep Learning AI verdicts sent to the Blue Hexagon threat console for your security teams.
One Dashboard
Blue Hexagon helps visualize and correlate threats detected, including kill chain and indicators of compromise, across all public cloud and on-premise deployments of Blue Hexagon. Every threat detection is accompanied by human-understandable AI Explanation mapped to MITRE ATT&CK™ TTPs.
Next Steps
Read more about Blue Hexagon Agentless Cloud Security for GCP
Sign up for a free trial or threat assessment of your GCP cloud