Cloud Security Showcase
Blue Hexagon Cloud-Native Security empowers you to address multi-cloud visibility, threat defense, and compliance use cases, in one platform.
CIS Top 20
Blue Hexagon also supports 12 out of the CIS Top 20 controls as shown below. These include controls such as boundary defense, limitation and control of network ports/service, incident response, audit logs, account monitoring etc.
Cloud IDS and Virtual Patching
Many compliance standards mandate the use of an IDS to protect cloud infrastructure. Because Blue Hexagon provides both cloud network visibility as well as network threat detection, customers can leverage the solution to support their compliance goals.
Continuous Compliance
Blue Hexagon provides continuous compliance posture monitoring and instant reporting with comprehensive coverage of compliance standards (CIS, HIPAA, PCI-DSS and others). Each compliance violation has an associated guided remediation that provides detailed steps to fix the misconfiguration either via cloud console or the CLI.
Serverless Security
Blue Hexagon analyzes all serverless packages in a customer’s cloud for risks and vulnerabilities. Studies have shown that > 25% of serverless functions have embedded secrets or credentials in them. Blue Hexagon alerts on secrets detected inside serverless code as well as unusually elevated permissions that both lead to lateral movement risk.
Threat Hunting
Proactive detection is important but adding human analysts that can build a detection engineering workflow to hunt for threats provides an additional layer of security. Blue Hexagon’s Cloud XDR portal allows for building detection-as-code workflows via the Insights API or the portal itself to coorrelate behaviors and detections using the MITRE ATT&CK framework. Hunt directly for MITRE ATT&CK TTPs observed in your environments using not just IOCs like hashes, IPs and domains but complex indicators of attack on cloud control planes, storage access and network activity.
Encrypted Traffic Analysis
Encrypted traffic is widely utilized for command and control and can also be an indicator of other unusual activity. Blue Hexagon’s deep learning models look at each and every HTTPS transaction emanating from a customer’s cloud including the handshakes and tunnel characteristics to predict if a flow is indicative of a malicious communication. Analytics and anomalous findings related to other encrypted traffic such as SSH is also part of the platform
C2 and Beaconing
Blue Hexagon identifies different aspects of cryptojacking activity across the kill chain. First, it can identify backdoors that can lead to cryptominers in your container repositories. Second, it can identify cryptomining malware loaded over the network into workloads. Third, it can identify existing cryptomining infection by examining network protocol traffic for signs of cryptomining.
Malware Detection
Continuous visibility into all assets in all regions in all accounts in all clouds delivered in a single pane of glass. From instances in EC2, to S3 buckets to Azure VMs, all asset information and resource metadata is collected and made available, indexed and searchable in the product portal at gobluehexagon.ai. Each asset is tagged with useful metadata such as creation time, discovery time, customer specific tags. Each resource is then associated with both misconfiguration and threat findings so the riskiest assets in the inventory can be dealt with first.
Ransomware Detection
Defend against ransomware in the cloud and the lateral movement of malicious code. Get complete AI-powered ransomware threat kill chain detection to defend at the earliest stage,including zero-day ransomware malware.With deep learning, you can detect unknown ransomware with 99.8% accuracy and <0.01% FP rate. And, get zero-day coverage without the signature/sandbox limitations and delays.
Cloud Inventory
Continuous visibility into all assets in all regions in all accounts in all clouds delivered in a single pane of glass. From instances in EC2, to S3 buckets to Azure VMs, all asset information and resource metadata is collected and made available, indexed and searchable in the product portal at gobluehexagon.ai. Each asset is tagged with useful metadata such as creation time, discovery time, customer specific tags. Each resource is then associated with both misconfiguration and threat findings so the riskiest assets in the inventory can be dealt with first.
User, Entity and Resource Visibility
Every transaction made by an IAM role and user with external parties as well as with internal resources is continuously tracked, indexed and made queryable in the product portal
Try Blue Hexagon in your Cloud
Within literally a few minutes you can install Blue Hexagon and be ready detect cloud threats in runtime, continuously. And, protect your cloud workloads, network and storage.
