Network Detection and Response
for Google Cloud Platform
Protect Your Cloud With Real Time Deep Learning
Threat Protection at the speed of Google Cloud
Signature-based IDS and sandbox defenses cannot keep up with the speed and variants of new threats. And, sandbox-based malware analysis takes far too long and requires sending files out of your cloud instance which may not be always feasible. Gartner recommends deploying Network Detection and Response (NDR). “Applying machine learning and other analytical techniques to network traffic is helping enterprises detect suspicious traffic that other security tools are missing,” as per the 2020 Market Guide for Network Detection and Response.
Stop 0-day threats, before infiltration
Quickly find and stop active adversaries
Reduce SOC overload of thousands of alerts
Get real-time visibility & protection for Cloud & Network
Retrofitting existing security to the Google cloud brings several limitations:
IPS/Signature-based detection on virtual NGFW works only for known threats
Malware analysis takes time and sending to vendor “sandbox cloud” may not feasible
Agent-based threat detection can be expensive and delivers sub-optimal results
Anomaly detection requires baselining which is not ideal in an agile environment
Next-Gen Cloud NDR – Going beyond NTA
Blue Hexagon NG-NDR gives you real-time visibility & protection for the GCP cloud. Both headers and payloads (files) are analyzed in context, and attacker intent can be rapidly triangulated and specific threats are identified & named. This approach is far superior to pure anomaly detection which cannot go beyond vague threat attribution leaving the root cause analysis as post-mortem work for the already overburdened security analyst.
Blue Hexagon NG-NDR Deep Learning models can automatically analyze millions of expressed and non-expressed traits within payloads, protocols, or headers to conclusively identify the threats in question.
Deployment is seamless as we integrate with GCP Packet Mirroring. GCP Packet Mirroring for Virtual Private Clouds replicates VPC traffic captured at the network interface level of Compute Engine (GCE) or Kubernetes Engine clusters (GKE) including full payload data for inspection by Blue Hexagon.
Security As Code
Blue Hexagon NDR can be deployed natively in the GCP without agents – via integration with Google Cloud VPC Packet Mirroring. Compute Engine or Kubernetes Engine virtual machine instances can have their traffic mirrored and sent to a collector load balancer within the same network (VPC) / project or across networks/projects with appropriate peering and policy configuration. The collector load balancer aggregate the traffic and send it to one or more Blue Hexagon NDR instances deployed in an autoscaling capable managed instances group.
Multi-vector Defense against Malware and Cloud Threats
Cloud threat models extend across a wide range including exfiltration, unauthorized data access, evasion, denial of service, privilege escalation and identity spoofing by monitoring usage, account hijacking and abuse, insider threat, and data breach activities
This requires a multi-vector defense with 100% inspection for threats across compute, data, and network traffic. Blue Hexagon NG-NDR solution includes comprehensive detection of malware, malicious insider activities as well as any data triggered inspection, and orchestrated prevention in real-time.
Unparalleled Response – Hunt | Orchestrate | Prevent
Stop threats on entry or hunt and orchestrate with GCP, SOAR and SIEM integrations.
When a threat is detected, Blue Hexagon will generate an alert via Google Cloud Messaging which can then invoke a cloud function to shut down or quarantine the impacted workload, ensuring complete security for business-critical applications.
Remediation can be invoked in real time using GCP native services in addition to notifying the Security Command Center. Notifications can also be sent to SIEM and SOAR platforms for orchestration.
Real-time Explainable AI
Blue Hexagon delivers human-understandable explanations via MITRE ATT&CK™ TTPs, in real time as the threat manifests in the workload. Every malware detected is automatically classified by the Blue Hexagon neural networks in real-time. Security teams can also gain perspective on where threats are in the kill chain and discover insights such as the following:
|– Unique Threats||– Repeat Attackers|
|– Repeat Victims||– Threats by Family|
|– Threats by Protocol||– Threats by Tactics|
One Cloud Dashboard
Security teams manage their AWS, GCP, Azure and On-prem Blue Hexagon deployments with a single dashboard. Our platform comes complete with integrated reporting for auditing or reporting to CXOs and security executives. The threat dashboard can be customized to drill into specific timeframes. Additionally, every section of the dashboard has a reporting component, enabling the specific trend or details to be saved into a PDF file, and emailed to relevant parties.