Blue Hexagon for Azure
Secure your Azure workloads
Enterprise migration to the cloud is accelerating, driven by digital transformation and IT agility. A recent study estimated that 83% of enterprise workloads will be in the cloud by 2020. In the same study, 66% of IT professionals surveyed said security was their biggest concern in adopting an enterprise cloud computing strategy.
As you migrate to Azure, security needs to be a key consideration. But retrofitting existing security to the cloud brings the following limitations:
- There is no single choke point in the cloud – it becomes a challenge to enforce security control in most architectures. Blue Hexagon can solve this by inspecting traffic sent to it from many parts of your virtual network.
- Virtual versions of network traffic analytic solutions that identify anomalies have challenges in baselining what is normal due to the dynamic and short-lived nature of cloud workloads.
We detect malware fast enough to keep up with the ephemeral nature of cloud workloads. Deployment is seamless as Blue Hexagon can consume traffic within a virtual network via different supported mechanisms.
Ease of Deployment
Blue Hexagon for Azure inspects continuous stream of traffic within the Azure workloads collected by various means like IXIA CloudLens, Gigamon GigaVUE® or Azure VTAP.
Detect Malware and C2
We apply deep learning inspection to your virtual network traffic — headers and payloads — to look for malware. Take an example where an attacker has discovered your Azure key in a public repository, and is trying to install coinminer on your VM instances. Blue Hexagon can detect malware in the payload such as the coinminer software, and threats in the headers such as the C2 communications to the attacker malicious domain. Malware verdict is delivered in less than a second.
When a threat is detected, Blue Hexagon generates a notification into Event Grid which can be picked up by a Virtual Function. These functions can be configured to shut down or quarantine the impacted workload or install a block rule on the Azure firewall. thereby ensuring quasi real-time threat protection for business-critical applications. Orchestration can optionally be done via 3rd party security controls on Azure as well.
Real-time Explainable AI
Blue Hexagon delivers human-understandable explanations via MITRE ATT&CK™ TTPs, in real time as the threat manifests in the workload. Every malware detected is automatically classified by the Blue Hexagon neural networks in real-time. Security teams can also gain perspective on where threats are in the kill chain and discover insights such as the following:
- Unique threats
- Repeat attackers
- Repeat victims
- Threats by family
- Threats by protocol
Security teams manage their on-premises and Azure Blue Hexagon deployments with a single dashboard. Our platform comes complete with integrated reporting for auditing or reporting to CXOs and security boards. The threat dashboard can be customized to drill into specific timeframes. Additionally, every section of the dashboard has a reporting component, enabling the specific trend or details to be saved into a PDF file, and emailed to relevant parties.