Blue Hexagon for AWS

Malware protection needs to keep pace with the cloud

A recent study estimated that 83% of workloads will migrate to the cloud in 2020. In the same study, 66% of IT professionals surveyed said security was their biggest concern in adopting an enterprise cloud computing strategy. But retrofitting existing security to the cloud bring the following limitations:

  • Virtual versions of signature-based threat detection cannot keep up with malware variants. Additionally, it is almost impossible to run malware sandboxes in the cloud because most popular offerings are cloud hosted themselves.
  • Agent-based threat detection, where agents for threat detection solutions are installed on virtual machines, can be prohibitively expensive, deliver sub-optimal results, and isn’t ideally for server-less architectures
  • Virtual versions of network traffic analytic solutions that identify anomalies have challenges in baselining what is normal due to the dynamic and short-lived nature of cloud workloads.


We detect malware fast enough to keep up with the ephemeral nature of cloud workloads. Deployment is seamless as we integrate with AWS VPC Traffic Mirroring so you can replicate network traffic at any Elastic Network Interface (ENI) within your VPC for inspection by Blue Hexagon.

Ease of Deployment

We integrate with AWS VPC Traffic Mirroring so network traffic at any Elastic Network Interface (ENI) within a VPC can be sent for inspection by our deep learning platform. This is all performed without the need to install and manage agents on EC2 instances, simplifying deployments.

AWS VPC Traffic Mirroring
Deep Learning Inspection

Detect Malware and C2

We apply deep learning inspection to your VPC traffic — headers and payloads — to look for malware. Take an example where an attacker has discovered your AWS key in a public repository, and is trying to install coinminer on your VM instances. Blue Hexagon can detect malware in the payload such as the coinminer software, and threats in the headers such as the C2 communications to the attacker malicious domain. Inspection of encrypted C2 communications is also supported. Malware verdict is delivered in less than a second.

Orchestrated Prevention

When malware is detected,  Blue Hexagon can generate a notification into AWS Simple Notification Service (SNS) which can be consumed and orchestrated by any downstream services like AWS GuardDuty or an AWS Lambda. These services can issue commands to shutdown or quarantine the infected workload, ensuring complete security for business-critical applications.

Real-time Classification And Insights

Real-time Classification And Insights

Every malware detected is automatically classified by the Blue Hexagon neural networks in real-time. Malware family information and indicators of compromise are provided for deeper analysis. Security teams can also gain perspective on where threats are on the kill chain and discover insights such as the following:

  • Unique threats
  • Repeat attackers
  • Repeat victims
  • Threats by family
  • Threats by protocol

Integrated reporting

Our platform comes complete with integrated reporting for auditing or reporting to CXOs and security boards. The threat dashboard can be customized to drill into specific timeframes. Additionally, every section of the dashboard has a reporting component, enabling the specific trend or details to be saved into a PDF file, and emailed to relevant parties.

Integrated reporting

Ready to get started?
We’ll show you how fast we stop malware in your network.