Next-Gen Network Detection and Response for AWS
Protect Your Cloud In Real Time
Malware and threat protection at the speed of cloud
Signature-based security is limited to known threats only leaving you exposed to zero-days and malware variants e.g. 200 new Emotet variants per day last year. And, sandbox analysis takes far too long and requires sending files out of your network or cloud which may not be always feasible.
Cloud security teams are looking for a solution to
Stop 0-day threats, before infiltration
Quickly find and stop active adversaries
Reduce SOC overload of thousands of alerts
Retrofitting existing security to the cloud brings several limitations:
IPS/Signature-based detection on Virtual NGFW works only for known threats
Malware analysis takes time and sending to vendor “sandbox cloud” may not feasible
Agent-based threat detection can be expensive and delivers sub-optimal results
Anomaly detection requires baselining which is not ideal in an agile environment
Next-Gen NDR – Going beyond NTA
Blue Hexagon NG-NDR gives you real-time visibility & protection for AWS cloud. Both headers and payloads (files) are analyzed in context, and attacker intent can be rapidly triangulated and specific threats are identified & named. This approach is far superior to pure anomaly detection which cannot go beyond vague threat attribution leaving the root cause analysis as post-mortem work for the already overburdened security analyst.
Blue Hexagon NG-NDR Deep Learning models can automatically analyze millions of expressed and non-expressed traits within payloads, protocols, or headers to conclusively identify the threats in question.
Deployment is seamless as we integrate with AWS VPC Traffic Mirroring so you can replicate network traffic at any Elastic Network Interface (ENI) within your VPC. Additionally, the solution can be deployed with ingress routing without requiring agents or re-architecture.
Security As Code
Seamless embedding and activation on compute, network and storage as part of DevOps automation.
Blue Hexagon NDR can be deployed natively in the AWS VPCs using automated stack deployment with cloud formation template available to deploy NLB and Blue Hexagon. It can be based on either AWS traffic mirroring or ingress routing without requiring agents or re-architecture.
Multi-vector Defense against Malware and Cloud Threats
Powerful combination of header and payload analysis for pinpoint threat attribution without alert deluge.
We apply deep learning inspection to your VPC traffic — headers and payloads — to look for threats and malware. Take an example where an attacker has discovered your AWS key in a public repository, and is trying to install coinminer on your VM instances. Blue Hexagon can detect malware in the payload such as the coinminer software, and threats in the headers such as the C2 communications to the attacker malicious domain. Inspection of encrypted C2 communications is also supported. AI verdict is delivered in less than a second.
Unparalleled Response – Hunt | Orchestrate | Prevent
Stop threats on entry or hunt and orchestrate with AWS, SOAR and SIEM integrations.
When a threat is detected, Blue Hexagon can generate a notification into AWS Simple Notification Service (SNS) which can be consumed and orchestrated by any downstream services like AWS GuardDuty or an AWS Lambda. These services can issue commands to shutdown or quarantine the infected workload, ensuring complete security for business-critical applications.
Remediation can be invoked in real time using AWS native services in addition to notifying the AWS Security Hub. Notifications can also be sent to SIEM and SOAR platforms for orchestration.
Real-time Explainable AI
Blue Hexagon delivers human-understandable explanations via MITRE ATT&CK™ TTPs, in real time as the threat manifests in the workload. Every malware detected is automatically classified by the Blue Hexagon neural networks in real-time. Security teams can also gain perspective on where threats are in the kill chain and discover insights such as the following:
|– Unique Threats||– Repeat Attackers|
|– Repeat Victims||– Threats by Family|
|– Threats by Protocol||– Threats by Tactics|
Security teams manage their AWS, GCP, Azure and On-prem Blue Hexagon deployments with a single dashboard. Our platform comes complete with integrated reporting for auditing or reporting to CXOs and security executives. The threat dashboard can be customized to drill into specific timeframes. Additionally, every section of the dashboard has a reporting component, enabling the specific trend or details to be saved into a PDF file, and emailed to relevant parties.