Agentless Cloud Security for GCP
Agentless Cloud Security
for Google Cloud Platform
Protect Your Cloud With Real Time Deep Learning
Visibility, Threat Defense, and Compliance
at the speed of the cloud
Cloud security tools such as CSPMs have limited coverage, surface a ton of “findings” of limited value, and are oblivious to runtime risk and threats. Agent-based CWPP cannot be deployed uniformly, are hard to manage, and can be tampered with. Third-party agent code can also expose you to supply-chain attacks. Legacy NTA tools, retrofitted for the cloud, provide partial context, fail to effectively baseline a dynamic and ephemeral cloud environment, are noisy and require extensive manual tuning.
Blue Hexagon Agentless Cloud-Native AI-Security enables
Actionable Visibility, Real-time Threat Defense, and Continuous Compliance
for multi-vector, multi-cloud, multi-platform deployments for cloud-enabled organizations.
Powered by Deep Learning
Go beyond NTA
Blue Hexagon Deep Learning models can automatically analyze millions of expressed and non-expressed traits within payloads, protocols, or headers to conclusively identify the threats in question. All headers and payloads (files) are analyzed in context, and attacker intent can be rapidly triangulated and specific threats are identified & named.
Deploy Seamlessly
Within Minutes
Seamlessly deploy Blue Hexagon Agentless Cloud Security with GCP Packet Mirroring integration. GCP Packet Mirroring replicates Virtual Private Cloud traffic captured at the network interface level of Compute Engine (GCE) or Kubernetes Engine clusters (GKE) including full payload data for inspection by Blue Hexagon.
Agentless Runtime Security
Mirror traffic from Compute Engine instances or Kubernetes Engine nodes (including intra-node, inter-pod traffic) and send to a collector load balancer within the same network (VPC) / project or across networks/projects with appropriate peering and policy configuration. The collector load balancer aggregates the traffic and sends it to one or more Blue Hexagon instances deployed in an autoscaling capable managed instances group.
Multi-vector Defense against Malware and Cloud Threats
Cloud threat models extend across a wide range including exfiltration, unauthorized data access, evasion, denial of service, privilege escalation and identity spoofing by monitoring usage, account hijacking and abuse, insider threat, and data breach activities.
This requires multi-vector defense with 100% inspection for threats across compute, data and network. Blue Hexagon Agentless Cloud Security for GCP includes comprehensive detection of malware, malicious insider activities as well as storage data inspection, and orchestrated prevention in real time.
Unparalleled Response – Hunt | Orchestrate | Prevent
When a threat is detected, Blue Hexagon will generate an alert via Google Cloud Messaging which can then invoke a Cloud Function to shut down or quarantine the impacted workload, ensuring complete security for business-critical applications.
Remediation can be invoked in real time using GCP native services in addition to notifying the Security Command Center. Notifications can also be sent to SIEM and SOAR platforms for orchestration.
Real-time AI Explainability
Blue Hexagon delivers human-understandable AI explanations via MITRE ATT&CK™ TTPs, in real time as the threat manifests in the workload. Every malware detected is automatically classified by the Blue Hexagon neural networks in real-time. Security teams can also gain perspective on where threats are in the kill chain and discover insights such as the following:
| – Unique Threats | – Repeat Attackers |
| – Repeat Victims | – Threats by Family |
| – Threats by Protocol | – Threats by Tactics |
Actionable Visibility
One dashboard to monitor and visualize threats detected, including kill chain and indicators of compromise, across all cloud and on-prem instances of Blue Hexagon Cloud-Native AI Security.
Monitor every packet and payload entering and leaving GCP Compute Engine instances (all OSes incl. Windows), Docker containers, GKE Kubernetes Engine nodes (including intra-node inter-pod traffic), and Serverless Cloud Functions – without deploying agents or instrumenting code.
