Tom Guerrette is the Director of Solutions Architecture for Blue Hexagon.
It’s no surprise to any of us in the security industry that the threat landscape has transformed in the last 5 years in both speed and volume of attacks. According to The AV-Test Security Report, in 2017, 121.6 million new malware programs were discovered, which translates to:
In addition, Verizon Data Breach Investigation Reports have found that 37% of malware hashes are only seen once, and 99% of malware hashes are seen for only 58 seconds or less.
This means that the majority of malware is now unique zero-day variants. As a result, these attacks are bypassing traditional network perimeter defenses, such as signatures and sandboxes. Signature-based network threat detection only detects known threats. Dynamic analysis using malware sandboxes takes too long, has limitations with file sizes, and is subject to evasion tactics. In fact, the process from the completion of dynamic analysis of an unknown file to the actual signature creation is very manual in nature, and can take at best 24 hours.
We believe that deep learning can help.
Much of the progress we’ve seen in artificial intelligence in the past five years is due to deep learning, a subfield of machine learning. Deep learning, also known as artificial neural networks, is a complex mathematical system that can learn discrete tasks by analyzing vast amounts of data. While traditional machine learning requires human experts to define the set of features that will represent the data, there is no feature engineering involved in deep learning. The system learns the best representation of the data by itself to produce the most accurate results.
Blue Hexagon’s real-time deep-learning platform is deployed at the network perimeter to inspect the complete network flow for threats. The platform will inspect file attachments and network headers, including malicious domains and command and control (C2) communications.
Blue Hexagon’s platform detects network threats at an average rate of less than one second and with greater than 99.5% efficacy.
But what about prevention? A robust enterprise threat solution must incorporate both network and endpoint security.
The benefits of Blue Hexagon’s nearly real-time threat detection are the ability to then quickly orchestrate prevention to endpoints, network devices and proxies, the ability to stop malicious threats from being executed and the ability to prevent C2 communications.
This is the benefit of our integration with Carbon Black.
As shown in the diagram below, as soon as network threats are detected by Blue Hexagon, organizations can immediately orchestrate prevention in near real-time via the integrations with CB Response and CB Protection. Endpoints protected by Carbon Black will block malicious files and protect the endpoint against the impending threat, including the exploit and execution of unknown malware.
This means that the joint solution can: