Blue Hexagon for Encrypted Traffic
Attackers Are Hiding In Encrypted Traffic
More than 50 percent of enterprise web traffic is encrypted today. While encryption addresses privacy and legal requirements, you may now be blind to a large influx of traffic. In fact, Gartner predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.”
With Blue Hexagon, you’ll be able to identify threats that are hidden in encrypted traffic. Unlike JA3 signatures which generate too many false positives or analysis of “anomalous” header communications which can be unreliable and take too long, our models inspect encrypted traffic in real-time and delivers definitive verdict on threats without negatively impacting network speed and performance.
Detection of Threats In Real-Time
Our Deep Learning HexNetTM architecture detects suspicious patterns that can be observed in the SSL/TLS communications during different stages of the connection. Our models are trained on thousands of observations and characteristics that are used to separate a malicious encrypted tunnel from benign communications channels.
Address Multiple Use Cases
Blue Hexagon encrypted traffic analysis using deep learning addresses a variety of use cases:
- Download of a payload over an encrypted channel from a malicious or compromised website.
- Detection of encrypted command and control communications from a compromised endpoint from within the enterprise network.
- Download of a payload by a malicious entity already residing on an endpoint inside the enterprise network. This often happens in the later stages of the killchain following the initial delivery.
Encryption Deep Dive
Our platform comes complete with integrated threat dashboard to drill into specific details of a threat detected. Additionally, every section of the dashboard has a reporting component, enabling the specific trend or details to be saved into a PDF file, and emailed to relevant parties.