Review: BluVector enables machines to protect themselves

With machine learning that gets smarter and more network-aware over time, BluVector can tip the scales back in favor of defenders.

security automation robot protects defends from attack intrusion breach

Network security programs and the human IT operators who manage them are under constant threat. New attack techniques like malware deployed without files are straining resources and testing defenses in two critical ways. First, brand new threats and attack techniques often have at least a small window of time when they can bypass some defenses before defenders catch up. Second, even if critical threats like zero-day malware are stopped, the constant siege of attackers means that defenders are likely to get overloaded by both real alerts and false positives.

One possible solution that has only recently become an option is tasking machines and computers with protecting themselves. If a security program could be programmed to think and act like an analyst, then it could try and counter malware and human-backed intrusions at machine speed, a move that would give defenders a serious home court advantage.

The BluVector defense does just that, offering advanced detection and response, and even threat hunting, all performed at machine speeds. BluVector works almost right away, but also has deep machine learning capabilities, so it gets even smarter over time. It will learn the intricacies of each network that deploys it, tweaking its algorithms and detection engines in a way that makes the most sense for the environment.

BluVector is installed as either a hardware-based network appliance, or as a virtual machine. It can operate in-line with network traffic, stopping and remediating threats in real time as they attempt to enter a protected space, or as a retrospective tool that can scan the work performed by other programs and analysts, catching threats that they might have missed and recommending fixes. It is designed to work with all IPv6 traffic as well as older IPv4 streams, so it can operate in environments that are rich in internet of things (IoT) and supervisory control and data acquisition (SCADA) devices, such as those in industrial and manufacturing settings, as well as for normal office type environments.

It would be extremely easy for BluVector to operate like a black box, performing its magic behind the scenes without really explaining how it all works. The engineers who designed the system took a different path however, letting humans see everything the system is doing, and also why it is taking the actions it does, or, in the case of offline deployments, why it recommends a particular course of action.

BluVector dashboard John Breeden II/IDG

The main dashboard for BluVector provides a jumping off point for threat hunters to investigate incidents caught by the suite of detection engines. There is a lot of valuable information here, but it can be completely ignored if BluVector is allowed to operate independently without restrictions.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.