Blue Hexagon Integrates With Microsoft Defender Advanced Threat Protection (ATP) For Real-time Prevention Against Cyberattacks

The Blue Hexagon deep learning-powered network threat protection delivers subsecond threat detection and integrates with Microsoft Defender Advanced Threat Protection (ATP) to stop these same threats from executing on endpoints, effectively stopping patient zero and lateral movement.

SUNNYVALE, Calif.–(BUSINESS WIRE) — Blue Hexagon, a deep learning innovator in cyberthreat protection, announced an integration between its Blue Hexagon for Network product and Microsoft Defender Advanced Threat Protection (ATP). Network and endpoint security should work together in a robust manner to deliver comprehensive protection within an enterprise. The combination of the Blue Hexagon Deep Learning-powered Network Threat Protection and Microsoft Defender ATP allows enterprises to detect network threats in real-time with deep learning, and then orchestrate real-time prevention across all Windows endpoint devices protected by Microsoft Defender ATP

Microsoft Defender ATP is designed to help enterprise networks prevent, detect, investigate, and respond to advanced endpoint threats. Blue Hexagon for Network is a network threat protection platform harnessing deep learning, pre-trained deep learning models are deployed on the Blue Hexagon hardware or virtual appliance at the enterprise network edge, to inspect files and protocol headers for threats. When network threats are detected, Blue Hexagon sends alerts and threat indicators to Microsoft Defender ATP in less than a second to orchestrate appropriate endpoint security policies. Microsoft Defender ATP may then take appropriate action; this can include blacklisting of files on endpoints protected by Microsoft Defender ATP, thereby stopping them from being executed and causing harm to end users, or complete isolation of an infected endpoint that is communicating with a malicious command and control server.

“Keeping users secure from the massive volume and speed of constantly evolving threats is a key enterprise challenge that current signature and sandbox-based threat detection techniques are unable to cope with. Our integration with Microsoft Defender Advanced Threat Protection (ATP) allows customers to detect network threats at point of entry and immunize their enterprise at scale. Unlike existing solutions which only focus on header-based analysis, this joint solution inspects payloads entering an enterprise from both a network and endpoint vantage point providing defense in depth against malicious threats,” said Balaji Prasad, Vice President of Products, Blue Hexagon. 

We strongly believe that a tighter integration between the endpoint and network security control planes can create significant value for our customers. The integration of Blue Hexagon sub-second network threat detection with Microsoft Defender Advanced Threat Protection (ATP) provides the ability to detect both payload and header-based threats in the network and then signal across all Microsoft Defender ATP-protected endpoints in an enterprise. This provides our customers with superior speed, coverage and efficacy of protection against known and unknown threats,” said Moti Gindi, General Manager, Windows Cyber Defense, Microsoft Corp.

The Blue Hexagon for Network Threat Protection and Microsoft Defender ATP integration delivers key advantages to security teams:

  • Enables prevention of network threats to be orchestrated on endpoints in real-time in a few seconds, keeping them out of the enterprise;
  • Preemptively blocks, removes or alerts on malicious files on endpoints, preventing users from becoming “patient zero,” and stops lateral movement before malicious files execute on the endpoint;
  • Isolates infected endpoints that are observed fetching malicious code over the network as part of fileless attacks even when no files are written to disk, and stops further lateral movement or exfiltration from the malicious code executing in memory;
  • Isolates infected endpoints that exhibit malicious communication to command and control servers over clear as well as encrypted channels; and,
  • Delivers complete attribution and characterization of new threats that can provide additional contextual enrichment for threat hunting and response operations.

About Blue Hexagon:

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats. The company’s real-time, deep learning platform is proven to detect known and unknown threats with speed, efficacy, and coverage that set a new standard for cyber defense. Blue Hexagon is headquartered in Sunnyvale, CA, and backed by Benchmark and Altimeter Capital. For more information, visit or follow @bluehexagonai.