REPORT

SANS 2021 Ransomware Detection and Incident Response Report

In this report, we will address ransomware attacks head-on. These are a different type of attack and thus require that we approach incident detection and response differently.

Read Now

Blue Hexagon for Encrypted Traffic

Attackers Are Hiding In Encrypted Traffic

Analyst firm Gartner believes that, “Through 2019, more than 80 percent of enterprise web traffic will be encrypted.” While encryption addresses privacy and legal requirements, security teams now face a challenge where they are blind to a large influx of traffic. In fact, Gartner also predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.” Blue Hexagon offers a two-pronged approach to address threats in encrypted traffic:

Security teams can decrypt the traffic using Blue Hexagon partner firewall and switch solutions such as Palo Alto Networks, Gigamon, F5 Networks and A10 Networks before sending it to Blue Hexagon for inspection. This solution integrates and scales seamlessly with the network infrastructure architecture.
Enable Blue Hexagon deep learning inspection for Encrypted Traffic. Unlike JA3 signatures which can create false positives, or analysis of “anomalous” protocol header communications/netflow, Blue Hexagon inspects encrypted traffic in real-time and provides definitive verdict on threats without negatively impacting network speed and performance, or requiring additional devices.