Cloud Security Showcase

Blue Hexagon Cloud-Native Security empowers you to address multi-cloud visibility, threat defense, and compliance use cases, in one platform.

CIS Top 20
Blue Hexagon also supports 12 out of the CIS Top 20 controls as shown below. These include controls such as boundary defense, limitation and control of network ports/service, incident response, audit logs, account monitoring etc.
Cloud IDS and Virtual Patching
Many compliance standards mandate the use of an IDS to protect cloud infrastructure. Because Blue Hexagon provides both cloud network visibility as well as network threat detection, customers can leverage the solution to support their compliance goals.
Continuous Compliance
Blue Hexagon provides continuous compliance posture monitoring and instant reporting with comprehensive coverage of compliance standards (CIS, HIPAA, PCI-DSS and others). Each compliance violation has an associated guided remediation that provides detailed steps to fix the misconfiguration either via cloud console or the CLI.
Serverless Security
Blue Hexagon analyzes all serverless packages in a customer’s cloud for risks and vulnerabilities. Studies have shown that > 25% of serverless functions have embedded secrets or credentials in them. Blue Hexagon alerts on secrets detected inside serverless code as well as unusually elevated permissions that both lead to lateral movement risk.
Supply Chain Attacks
Supply chain attacks are common in the cloud due to developers using open source and publicly available code to quickly deliver solutions. Entire containers and invidual packages have been affected by supply chain backdoor malware. To protect against supply chain attacks on containerized and K8S environments, it is critical to go beyond basic CVE checking with package managers to actually looking at each artifact (code, configurations, scripts) in container file systems prior to launch. This can identify backdoor Linux and Windows binaries as well as secrets that developers may have included inadvertently. In addition, most supply chain attacks once activated have evasive command and control built in that needs to be identified by network threat detection.
Threat Hunting
Proactive detection is important but adding human analysts that can build a detection engineering workflow to hunt for threats provides an additional layer of security. Blue Hexagon’s Cloud XDR portal allows for building detection-as-code workflows via the Insights API or the portal itself to coorrelate behaviors and detections using the MITRE ATT&CK framework. Hunt directly for MITRE ATT&CK TTPs observed in your environments using not just IOCs like hashes, IPs and domains but complex indicators of attack on cloud control planes, storage access and network activity.
Encrypted Traffic Analysis
Encrypted traffic is widely utilized for command and control and can also be an indicator of other unusual activity. Blue Hexagon’s deep learning models look at each and every HTTPS transaction emanating from a customer’s cloud including the handshakes and tunnel characteristics to predict if a flow is indicative of a malicious communication. Analytics and anomalous findings related to other encrypted traffic such as SSH is also part of the platform
C2 and Beaconing
Blue Hexagon identifies different aspects of cryptojacking activity across the kill chain. First, it can identify backdoors that can lead to cryptominers in your container repositories. Second, it can identify cryptomining malware loaded over the network into workloads. Third, it can identify existing cryptomining infection by examining network protocol traffic for signs of cryptomining.
Malware Detection
Continuous visibility into all assets in all regions in all accounts in all clouds delivered in a single pane of glass. From instances in EC2, to S3 buckets to Azure VMs, all asset information and resource metadata is collected and made available, indexed and searchable in the product portal at gobluehexagon.ai. Each asset is tagged with useful metadata such as creation time, discovery time, customer specific tags. Each resource is then associated with both misconfiguration and threat findings so the riskiest assets in the inventory can be dealt with first.
Ransomware Detection
Defend against ransomware in the cloud and the lateral movement of malicious code. Get complete AI-powered ransomware threat kill chain detection to defend at the earliest stage,including zero-day ransomware malware.With deep learning, you can detect unknown ransomware with 99.8% accuracy and <0.01% FP rate. And, get zero-day coverage without the signature/sandbox limitations and delays.

Cloud Inventory
Continuous visibility into all assets in all regions in all accounts in all clouds delivered in a single pane of glass. From instances in EC2, to S3 buckets to Azure VMs, all asset information and resource metadata is collected and made available, indexed and searchable in the product portal at gobluehexagon.ai. Each asset is tagged with useful metadata such as creation time, discovery time, customer specific tags. Each resource is then associated with both misconfiguration and threat findings so the riskiest assets in the inventory can be dealt with first.
User, Entity and Resource Visibility
Every transaction made by an IAM role and user with external parties as well as with internal resources is continuously tracked, indexed and made queryable in the product portal

Try Blue Hexagon in your Cloud

Within literally a few minutes you can install Blue Hexagon and be ready to harden your cloud and detect threats, continuously!

Get Started