Scott Miserendino, Vice President
Technology has enabled businesses to achieve new heights by making their processes more efficient. However, it has accompanied a rising number of threat vectors. Many organizations today lack the confidence in their ability to detect new and emerging threats—given that major breaches are making headlines nearly every day. Organizations are also fatigued with the large quantities of data and alerts cyber teams have to deal with on a daily basis. Not only does this issue present a problem for the most efficient use of an analyst’s time, but it also costs these companies a significant amount of money to store and index this information in their SIEM.
That’s where BluVector can help.
“At BluVector, we take a new and unique view of threat intelligence solutions. We believe threat intelligence solutions must involve the application of dynamic, learning-based approaches to understand the threat surface and defend networks,” says Scott Miserendino, Vice President, BluVector.
BluVector’s Advance Threat Detection (ATD) product uses patented AI malware detection to scan file content carved from the network traffic in only a few milliseconds per file. Simultaneously, BluVector’s Automated Threat Hunting (ATH) product can assist small or understaffed security operations teams to extract important insights in order to quickly and efficiently identify high-risk host and user account entities in their environment.
BluVector’s streamlined approach to applying artificial intelligence and data analytics allows the value to be extracted from seemingly meaningless and overwhelming log data without analysts having to look at everything individually. BluVector solutions intelligently store summaries or the most relevant raw logs and incorporate its patented retraining techniques, leveraging analyst feedback, to automatically tune its malware detection engine and tailor detection models.
This plays a vital role in reducing false positives and easing the burden on SOC teams.
“We focus analyst attention on the most relevant, high-risk entities instead of the seemingly infinite stream of alerts by automatically correlating log and alert data to devices and user accounts,” says Miserendino.
BluVector applies anomaly detection not just to user and device behaviors, but more comprehensively to all alerts to determine the difference between background noise and a new signal indicating a potentially dangerous change in activity in the network. As a result, BluVector is able to piece together complex adversarial campaigns involving multiple compromised devices and accounts to quickly highlight related malicious activities.
BluVector’s customers run some of the most complex, sophisticated, and highly targeted networks in the world. They require a proactive network detection and response solution that goes beyond a traditional signature and intelligence-based detection solutions to identify threats months in advance.
We focus analyst attention on the most relevant, high-risk entities instead of the seemingly infinite stream of alerts by automatically correlating log and alert data to devices and user accounts
For instance, when International Bank of Commerce, the 83rd largest bank in the U.S., faced a new zero-day ransomware threat known as Jaff, BluVector ATD platform, powered by the file-based Machine Learning Engine, sorted through the millions of files on its network. With that knowledge, the team used its containment software to halt the further spread of the malware.
BluVector products offer several distinct features that help it stand out in the crowded cyber security marketplace. Its network sensors and AI-based detection technology is designed for and operationally deployed in air-gapped networks, meaning they operate without the need to reach back to the Internet. With a little amount of data from the local network, BluVector’s solutions become smarter and tailor themselves to each customer individually. BluVector uses a technique known as targeted logging to identify what logs hold the most important context to understand individual detection events. This can result in approximately 100x reduction in the network logs that a typical customer needs to store in their SIEM and analysts need to review.