Cloud Detection and Response

Get continuous cloud-native security, visibility and compliance for AWS, GCP, and Azure—with asset inventory and misconfiguration, and 1 Sec or faster threat detection. Blue Hexagon dramatically improves your cloud security posture with its agentless, accurate and actionable solution—powered by deep learning

Continuous Hardening and Threat Detection

The rapid migration change to the cloud comes with several challenges. Many organizations are struggling to translate the policies and protections from their traditional on-premises networks to their new cloud-based environments. In addition, the skills shortage in cloud developers and the agility in deploying workloads and bringing up new networks and regions is leading to mistakes in configurations that allow a path in for attackers.

Attackers themselves are getting more sophisticated and organized in their tactics. Threats have proven that they can evolve faster than traditional signatures, intelligence feeds, and sandboxes can deliver defenses. As a result, security teams are in the unenviable position of trying to take security tools that are increasingly outdated even in the traditional architecture, and then try to migrate them to a completely new architecture that the tools were never designed for.

Blue Hexagon’s Cloud Security Platform provides organizations with a path forward. The solution allows the customer to both harden their cloud (cloud visibility, cloud compliance, misconfiguration detection) as well as to detect active threats

(workload threats, storage threats, and network threats) without relying on outdated signatures, IOCs and threat intelligence feeds.

Blue Hexagon provides sub-second identification of both known and unknown threats with near 100% accuracy, and natively works with cloud infrastructure for visibility and enforcement.

Instead of trying to bolt on the old security model to the cloud, organizations can adopt a new generation of security that works naturally with the new generation of infrastructure. Blue Hexagon connects to your cloud assets using CSP APIs in minutes to deliver an agentless, cloud-scalable SaaS solution for multi-cloud organizations.

Securing the cloud is not possible with just point-in-time periodic checks. Organizations cannot guarantee a perfectly hardened cloud with no misconfigurations at all points in time. Combining continuous threat detection with misconfiguration detection is the only way to limit overall risk to your cloud assets.

They both go hand-in-hand and need to exist together in the same platform for effective risk prioritization and mitigation.

“Blue Hexagon provides a real-time platform utilizing deep learning and artificial intelligence that really helps us keep up with existing and emerging threats.”

—CIO of a US Financial Service Company

AI Security for Actionable Outcomes

Blue Hexagon’s cloud security platform connects to your cloud infrastructure in an agentless manner in minutes using CSP native APIs to collect raw data ranging from resources in every region in every account, their configurations, cloud control plane activity, network activity, storage activity, serverless packages, containers pushed to repositories.

This raw data is then analyzed by the Blue Hexagon platform in the center with proprietary deep learning models to detect Windows and Linux malware, command and control, beaconing as well as behavior analytics algorithms to uncover unusual patterns of behaviors in the cloud control plane and data plane. Deep learning models also provide early access to threat intelligence around IOCs and IOBs which are also applied to the raw data being analyzed. Finally, the platform also allows SecOps teams to write their own detection-as-code (e.g. to uncover specific MITRE ATT&CK behaviors) to bolster or correlate with the native detections from the platform.

This ingestion, analysis, indexing and deep learning verdict on the raw cloud data leads to six concrete outcomes for DevOps and SecOps teams.

Hardening Outcomes: Blue Hexagon provides visibility into asset inventory and cloud activity, detects several hundred misconfigurations in more than a 100 different services across AWS, Azure, GCP and OCI and aids in compliance with multiple standards like CIS, HIPAA and PCI. Blue Hexagon provides coverage for 12 out of the 20 CIS recommended controls.

Threat Detection Outcomes: Blue Hexagon provides sub-second identification of both known and unknown threats with near 100% accuracy, and natively works with cloud infrastructure for visibility and enforcement. By applying deep-learning to network traffic, storage activity and workloads, BlueHexagon is able to identify both known and unknown threats with >99 % accuracy in network traffic, container/K8S workloads and cloud storage, usually in less than a second.

“With Blue Hexagon, visibility across our multiple Cloud Providers has given us a significant, measurable advantage over other solutions.”

—CISO at a major healthcare company

Cloud Native and Security Integrations

Blue Hexagon’s cloud security platform connects to your cloud infrastructure, in an agentless manner, within minutes using cloud-native APIs to collect data for security analysis. For example in AWS, Blue Hexagon will continuously ingest all AWS CloudTrail data, VPC Flow Log data, VPC Traffic Mirroring data, configuration data, and transactions to and from S3.

This raw data is enriched, aggregated and indexed in a single SaaS portal to enable visibility, hunting and alerting across multiple clouds, multiple regions and multiple accounts.

Output from the system, such as misconfigurations and security findings, can then be routed to a variety of response tools.

SIEM: Security findings and associated raw metadata can be sent to platforms like Azure Sentinel, Splunk or AWS Security Hub for further analysis or correlated with other tools.

Perimeter: IOCs derived from security findings like malicious IPs, domains or hashes can be provided as rules to perimeter security tools.

Workflow/Collaboration: Security findings can be added to ticketing systems such as Jira for further investigation or remediation or to collaboration systems like Slack. Cloud-native response automation is also possible by sending security findings to a serverless function and taking action in the function based on the findings.

Endpoint: Security findings around infected assets, malicious or network entities can be shared with EDR or EPP tools for prevention.

Try Blue Hexagon in your Cloud

Within literally a few minutes you can install Blue Hexagon and be ready to see cloud inventory, detect misconfigurations and active threats, to harden and defend your cloud.

Get Started