BluVector 2.0: Machine-learning malware detection
At RSA Conference 2016 Acuity Solutions announced the release of version 2.0 of BluVector, its machine-learning malware detection and cyber hunting solution, which now provides to enterprises the ability to train their BluVector appliance on their environment through a new artificial intelligence capability.
Acting as an X-Ray machine for network traffic, the appliance leverages machine-learning technology to enable security analysts and incident response teams to see beyond “known bad” threats identified by their signature-based workflow, find previously unclassified and undetected attacks, and understand how their organization is being targeted within milliseconds.
BluVector collects and analyzes millions of packets and thousands of objects per second, inspecting all files entering or leaving the network in real time and at network speed, and delivering alerts on security events.
The advanced threat detection appliance analyzes files from the HTTP, SMTP, and FTP protocols in milliseconds using Hector, BluVector’s patented machine-learning classification engine, extracts features from each file and then calculates a probability that the file is malicious based on a broad understanding of benign and malicious files. Security analysts are presented with the findings and all associated network metadata and given the opportunity to define a response path.
BluVector’s machine-learning technology leverages content classifiers that distinguish between malicious and benign content and are resilient against zero-day, polymorphic malware and tactics. Unlike signatures or behavioral heuristics, the classifiers can detect threats without prior knowledge with a high degree of accuracy while maintaining real-time performance. Purpose-built for in-memory analysis of diverse protocols and voluminous Web traffic on high speed gateway links, the solution can be scaled to higher than 10 Gbps data rates, with comparatively less hardware than scaling sandbox-based approaches.
New features in BluVector 2.0 include:
Environment-specific learning: AI for Cybersecurity – Organizations can now augment and evolve BluVector’s base machine-learning classifier with their own network data and malware samples to create customized detection classifiers, overcoming the common-model limitations of other security technologies. This results in detection capabilities that are unique to each organization and far more difficult for adversaries to test and exploit, as well as dramatically improved false positive and false negative performance.
Grid deployment – Enterprises can now adopt a distributed approach to managing BluVector deployments to simplify overall administration and architecture. In BluVector grid deployments, organizations can deploy multiple sensors across their networks to eliminate central-node, single point of failure issues often associated with other security solutions. Each sensor shares non-volatile state in a robust and transactional fashion, thereby removing the central manager, and providing data and configuration redundancy.
Cyber hunting tools – New capabilities in give security teams advanced cyber hunting tools enabling even the least experienced analysts to adjudicate threats in minutes.
BluVector easily integrates with organizations’ existing security solutions, including security information and event management (SIEM), threat intelligence data feeds and portals.