Partner Perspectives: Better Together: Blue Hexagon Deep Learning-Powered Network Security and Carbon Black Endpoint Security

2019-04-02T12:30:42
ID CARBONBLACK:354F8C33258023CF29E32FDF86CF25D8
Type carbonblack
Reporter Shanleigh Reardon
Modified 2019-04-02T12:30:42

Description

Tom Guerrette is the Director of Solutions Architecture for Blue Hexagon.

It’s no surprise to any of us in the security industry that the threat landscape has transformed in the last 5 years in both speed and volume of attacks. According to The AV-Test Security Report, in 2017, 121.6 million new malware programs were discovered, which translates to:

  • 231 new malware samples every minute.
  • 4 new malware samples every single second.

In addition, Verizon Data Breach Investigation Reports have found that 37% of malware hashes are only seen once, and 99% of malware hashes are seen for only 58 seconds or less.

What does this mean to us as defenders?

This means that the majority of malware is now unique zero-day variants. As a result, these attacks are bypassing traditional network perimeter defenses, such as signatures and sandboxes. Signature-based network threat detection only detects known threats. Dynamic analysis using malware sandboxes takes too long, has limitations with file sizes, and is subject to evasion tactics. In fact, the process from the completion of dynamic analysis of an unknown file to the actual signature creation is very manual in nature, and can take at best 24 hours.

We believe that deep learning can help.

Deep Learning for Network Security

Much of the progress we’ve seen in artificial intelligence in the past five years is due to deep learning, a subfield of machine learning. Deep learning, also known as artificial neural networks, is a complex mathematical system that can learn discrete tasks by analyzing vast amounts of data. While traditional machine learning requires human experts to define the set of features that will represent the data, there is no feature engineering involved in deep learning. The system learns the best representation of the data by itself to produce the most accurate results.

Blue Hexagon’s real-time deep-learning platform is deployed at the network perimeter to inspect the complete network flow for threats. The platform will inspect file attachments and network headers, including malicious domains and command and control (C2) communications.

Blue Hexagon’s platform detects network threats at an average rate of less than one second and with greater than 99.5% efficacy.

Accelerated Prevention on Carbon Black Endpoints

But what about prevention? A robust enterprise threat solution must incorporate both network and endpoint security.

The benefits of Blue Hexagon’s nearly real-time threat detection are the ability to then quickly orchestrate prevention to endpoints, network devices and proxies, the ability to stop malicious threats from being executed and the ability to prevent C2 communications.

This is the benefit of our integration with Carbon Black.

As shown in the diagram below, as soon as network threats are detected by Blue Hexagon, organizations can immediately orchestrate prevention in near real-time via the integrations with CB Response and CB Protection. Endpoints protected by Carbon Black will block malicious files and protect the endpoint against the impending threat, including the exploit and execution of unknown malware.

This means that the joint solution can:

  • Enable network threat detection and endpoint prevention to be orchestrated in near real-time, keeping malware out of the network and reducing dwell time.
  • Block and remove malicious files, preventing patient zero and further lateral movement, without needing to wait for files to be executed on the endpoint.
  • Deliver both network and endpoint threat insights and indicators of compromise for security analysts.

For more information, visit Blue Hexagon's page on the Carbon Black Partner Locator and check out the joint integration video.

The post Partner Perspectives: Better Together: Blue Hexagon Deep Learning-Powered Network Security and Carbon Black Endpoint Security appeared first on Carbon Black.