Deep learning and cybersecurity
Let’s address your top cybersecurity concerns today
We know you have key threat detection challenges. Our deep learning platform is flexible enough to help you solve these challenges with speed and accuracy of threat detection, along with ease of deployment.
Lock Down My Perimeter
In the first half of 2019, there were 33,000 versions of the Emotet malware. Contrast this number with 28,000 Emotet variants in all of 2018. This is the scale and volume of malware that are facing industries today.
When malicious, morphing malware is unleashed at that scale, traditional defenses are overwhelmed.
IDS and IPS signature-based defenses work only for known threats, and cannot identify variants of threats.
Malware sandboxes are the industry’s go-to solution for unknown threats, but suffer from significant limitations. While malware sandbox vendors may tout threat verdict updates in 15 minutes, the reality is that the analysis of malware in a sandbox can take days to hours. There may be issues with detonating files depending on the file sizes and types. In addition, malware evasion techniques are widely used by threat actors to circumvent detection.
Our platform delivers:
- Tremendous savings in breach prevention by detecting malware and its manifestations such as command and control communications in less than one second. This enables organizations to quickly orchestrate a prevention strategy across all security products to stop an attack in its tracks before further propagation in the organization. This translates to tremendous savings with incident response, remediation, and cyber insurance policies, in addition to eliminating impact to brand and reputation.
- Cost savings and efficiencies with the ability to inspect hundreds of files and C2 in one second at 10G network throughput. Security teams need to only manage one high-value platform for detection of known and unknown malware and its manifestations.
- High efficacy threat verdicts and low false positives ensure that precious cybersecurity resources will not need to be dedicated towards debugging, tuning or triage.
Detect Malicious Communications
When malware is downloaded and executed on the network, the malware code sends a communications or beacon out to the attackers’ command-and-control servers to look for its next set of instructions.
Command-and-control servers, also called C&C or C2, are used by attackers to maintain communications with compromised systems within a target network.
As organizations have tightened controls for outbound traffic communication, threat actors have had to adapt and taken advantage of encrypted communications such as HTTPS and SSL to evade detection.
In fact, Gartner predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.”
Our platform detects malicious C2 communications by using deep learning to inspect network headers.
Our deep learning models also identify attacker mal-intent and threats in encrypted communications channels. In contrast to slower analytics or hunting solutions that use correlations over large volumes of data or signature mechanisms like JA3 which can be fast but result in lots of alerts, our models provide instant and accurate verdicts as they observe the connection evolution over time.
- Download of a payload over an encrypted channel from a malicious or compromised website.
- Detection of encrypted command and control communications from a compromised endpoint from within the enterprise network.
- Download of a payload by a malicious entity already residing on an endpoint inside the enterprise network.
Secure My AWS Workloads
The current security strategy for cloud has been trying to retrofit existing security solutions for the cloud, but this brings a number of limitations:
Virtual versions of signature-based threat detection cannot keep up with threat variants. Additionally, it is almost impossible to run malware sandboxes in AWS because most popular offerings are cloud hosted themselves.
Agent-based threat detection, where agents for threat detection solutions are installed on virtual machines, can be prohibitively expensive, deliver sub- optimal results, and aren’t ideally for serverless architectures.
Virtual versions of network traffic analytic solutions that identify anomalies have challenges in baselining what is normal due to the dynamic and short-lived nature of cloud workloads.
Our platform integrates with the Amazon VPC Traffic Mirroring feature so a copy of any VPC traffic can be inspected by our deep learning models. We deliver:
- The same consistent high-efficacy threat detection solution in the cloud as on-premises that allows you to view and manage threats on the same dashboard.
- Speed of detection that keeps pace with the ephemeral quality of cloud workloads. We rapidly uncover malicious threats moments after they appear within a workload without requiring any baselining or a priori knowledge of the traffic.
- Orchestrated prevention via AWS SNS and Lambda to shutdown and quarantine any infected workload using the agility of AWS services.
- Seamless deployment where Blue Hexagon for AWS can be easily deployed in new and existing networks without any changes or IP re-configuration.
- Auto scaling by deploying with a Network Load Balancer to meet any cloud scale needs.