Increasing COVID-19 Cyberattack Preparedness

As precautions to slow the spread of COVID-19 disrupt organizations, especially the rapid conversion of their normally on-site workforce to remote roles, the potential for cyber threats and vulnerability to attacks is greater than ever. Organizations without heightened preparedness could experience breaches, exfiltration of financial or business data, broad disruption of productivity, and ransomware.

Adding to the complexity is an end-user workforce that is hyper-focused on both personal and professional preparedness for everything related to Coronavirus/COVID-19. From vendors reducing operations, the potential for SLAs being altered due to reduced staff, and freelance staffer payments, attackers know that email boxes are still their best bet for gaining access to an end-user’s machine. This access could potentially propagate across an organization’s networks.

The global pandemic is not only forcing workers to re-evaluate and reprioritize, it’s allowing hackers to find new ways to profit off their attacks. Here are several suggestions that could help to combat and prevent a major breach:

Update Firewalls to Blacklist Sites/Domains – As the creation of new URLs is easy and fast, hackers are setting up sites that appear to be news or informational resources about the real-world Coronavirus/COVID-19 threat. Updating firewalls or other website blocking solutions can help. If there’s an option to blacklist sites manually, it’s good to check in with trusted threat reporting sites to get new updated URLs to block. Forbes has published a good list that can serve as a starting point.

Another effective way to stay ahead of hackers is with a heuristic URL-based approach to detect phishing attempts.

Assume Executive Email Spoofing – Given that it’s a relatively easy task to determine the names and email addresses of C-suite executives at any company, hackers are already spoofing emails that appear to be from executives with messages that might seem related to Coronavirus updates. Communicate this heightened activity and risk with your employees. Have them double check email addresses and links before responding or clicking.

Look Out for Anomalous Network Activity – If your teams are more remote than ever, looking at network activity, both east-west and north-south, is as important as ever to detect malware or threats that are creeping between on-premises servers or between endpoints when connected to a network.

Communicate Increase in Hacking Attempts – When attempts do occur, assume that attackers will try again and again. It is helpful to inform employees to know that while the security team is very capable of tackling many threat events, letting employees know when volume attacks happen can keep future threats at the top of their minds. Designating a security team member to be the conduit to inform end-users can significantly improve prevention. In some organizations, this might be done by an internal communications team based on their guidelines.

Mobilizing SOC Operations – As larger organizations with a security operations center (SOC) often require that team members be on-site to manage data, networks and security, there are new challenges in the age of the Coronavirus. While not every SOC team can mobilize, SOC managers might already be working on “plan b” solutions to minimize SOC operations through virtualizing assets and decreasing the amount of on-site SOC operators at a time or other options. SOC managers and their teams that have been given the mandate from their CISO or C-suite to fully mobilize may have to decrypt traffic, alter access or shift resources, update passwords, troubleshoot remote operations, check VPNs and enable remote operations. Each step increases the possibility of a successful attack. Designating a person or team to monitor and evaluate each task in the list to mobilize can reduce the margin for error.

Document, Document, Document – As all SOC teams know, documentation is a requirement and a useful activity. Given the chance that team members might get ill or have to care for sick family members, SOC managers should ask critical team members to document tasks that had not been previously captured, or document tasks altered due to recent changes.

Minding Threat Gap Areas – SOC teams typically know where they’re more vulnerable and advanced threat actors are increasingly aware of, or have tools to test, those vulnerabilities. Identifying and mitigating those gap areas quickly or paying extra attention to those areas can significantly reduce the potential for such threats.

Keeping these suggestions in mind can help team leaders focus their teams on the potential work to be done to decrease cyberthreat risks within their organizations, and improve operations when they’re finally allowed back in the SOC again. If increasing your organization’s cyber threat detection is part of your upcoming goals, reach out to BluVector to hear more about how our advanced threat detection solution can help.

BluVector Wins U.S. Cyber Command Competition

Company’s AI-powered technology and team tops elite competition by quickly and accurately identifying malware threats

ARLINGTON– July 29, 2019 – BluVector announced today that it won DreamPort’s rapid prototyping event (RPE), in May 2019. Dubbed “RPE-005: The Chameleons and the Snakes,” the competition gave teams a specific detection challenge for a set period of time in a realistic, competitive neutral environment with unclassified sample malware families. DreamPort is a cyber innovation and collaboration center created by U.S. Cyber Command (USCYBERCOM) through a Partnership Intermediary Agreement awarded to the Maryland Innovation and Security Institute (MISI).

This event focused on the introduction and detection of malware signature diversity in a simulated USCYBERCOM cyber battlefield environment. Defender teams competed by creating tools to automate the classification of threats as benign or malicious. After several rounds, BluVector received the best combined performance scores as scored by USCYBERCOM.

BluVector’s next-generation intrusion detection system, powered by its leading-edge machine learning technology, helped the team to identify the file types more accurately than any other competing team. By looking at the content of a file for characteristics that represent good or malicious software, BluVector is able to accurately identify attributes of files designed to perform the functions typical of malware.

“When we’re dealing with malware and its potential to disrupt operations and damage organizations, accuracy and speed matter,” BluVector chief technology officer, Travis Rosiek said. “BluVector has more than a decade invested in our machine learning technology, which is reflected in winning this prestigious challenge.”

BluVector became part of Comcast in March 2019. The company will be showing its BluVector Cortex product at several upcoming events including Black Hat 2019 (August 3-8), DoDIIS (August 18-21), TechNet Augusta (August 19-23) and DSEI 2019 (September 10-13).

Cybersecurity Predictions for 2019

As a cybersecurity company, our employees are always looking ahead to see what’s on the 2019 threat horizon. The great news is that, as we reported regularly on BluVector Threat Report, BluVector continues to use its AI-driven security network knowledge to find new threats without signatures.

Yet, I was curious. So, I decided to ask our leadership about what they’re thinking about in 2019 (you can read Dave Capuano’s comment in Forbes’ 60 Cybersecurity Predictions For 2019). As you can imagine, there’s no simple, single view about what cybersecurity trends or developments will signify the biggest changes in the industry or the challenges that organizations face. Yet, as an AI-driven network security platform company, we know that the powers of machine learning and AI are a growing focal point for companies… and a growing concern as attackers are starting to incorporate these technologies into their attacks (as we talked about in our recent On-Demand Webinar: Weaponizing AI: The Future of Cybersecurity.

"Disinformation and hate speech have outgrown the digital infrastructure’s ability to identify, manage and contain them. As a result, a discussion about the need for a content delivery ecosystem that promotes (and values) 'truth' has gone mainstream. This year, the cold reality will hit us that there really is no single truth; truth has become debatable regardless of the evidence, and determining truth is less about representing facts than about picking sides.

In 2019, I predict that it will become clear that the information and analytics systems that are on the bleeding edge of creating and policing truth – particularly AI-based technologies - are themselves part of the 'bias' problem. This will lead to the start of a fundamental shift in how we think about truth – not in binary terms – but as points on a spectrum, with underlying information systems and analytics systems under fire for their inability to either measure or enforce the integrity of their underlying data sets and analytics methods."

Kris Lovejoy, CEO, BluVector

"In 2019, I predict that organizations will finally realize that reactive cybersecurity doesn’t work anymore. Reactive cybersecurity examples include check the box compliance (which hasn’t evolved in 15 years), an over-reliance on signatures/threat intelligence ("a next generation form of signatures") or waiting to respond to a breach.

I’m hopeful organizations who rely on outdated and reactive approaches to cybersecurity will evolve and incorporate a proactive approach to cybersecurity and mitigating threats. As we've seen over the years, cyber threat actors adapt faster than compliance standards or signatures can be updated. If organizations don’t evolve and become more proactive in their approach to cybersecurity, and cyber adversaries become more destructive and disruptive, I also predict that more and more organizations will be gravely impacted and go out of business."

Travis Rosiek, CTSO, BluVector

"I predict that within the next year we will have the first confirmed use of artificial intelligence/machine learning in the delivery, development or deployment of malware. Today, many in the security industry assume that adversaries will leverage AI/ML to improve their breach success rates and return on investment. We have yet to identify such complexity, however, in the wild. This will change in 2019. Analysts are becoming more aware of the tell-tale signs of the use of AI/ML in how malware is constructed by their creators and what behaviors it performs once deployed."

Dr. Scott Miserendino, VP, Research and Development, BluVector

How to Observe Computer Security Day

Computer Security Day is a time of reflection for both IT teams and their end-users before the holiday-rich month of December begins. It's time to take a few minutes to identify your security risk level and how to minimize it. Here are eight "smack you in the face" considerations that you can use to increase and update your security posture:

  1. Find a security buddy and cube/office swap. You don’t have to officially “buddy up” like summer camp. Instead, find a fellow employee in your department to change cubes or offices to see what potential violations might be easily observed and remediated. Such things might include passwords written on yellow stickies or paper under your keyboard, in your drawer or elsewhere. These make it very easy for unauthorized people to access your computer.
  2. Auto complete passwords become auto enablers. By having all your auto completes set up for all your devices or, especially, secured networks, SharePoint, etc., means that you give nearly open-door access to any person using your computer.
  3. Enable 2FA whenever possible. Sure, this ties your cell number to your work accounts, but this drastically improves the level of security. It also closes the loop on potential unauthorized access from another device.
  4. Get a password storage app. Most people now have a smartphone. There are a wide variety of password apps that can easily help you securely store all your passwords in one place. Yes, this ESPECIALLY includes IT and NOC teams. They’re safe, offer corporate-type levels of encryption, easy to use and with a broad selection of apps, users can find a UI that best suits them.
  5. Watch your company’s security videos. Yes, boring. Yet, it is a good way to rediscover what your corporate compliance rules are, how you’re aligning to them and how you can further increase your company’s security.
  6. Nag your non-secure co-workers. We’re not going to tell you to NARC on your co-workers (that’s #7) but if they’re leaving their computer completely open over the weekend or for long lengths of time, feel free to remind them.
  7. When nagging doesn’t work, report the violation. Let’s face it, corporate access is a privilege and not a right. If a co-worker is acting completely negligent of the rules and increasing the potential for a breach or unauthorized access, reach out to your security team. They can tell you what can be done to alert the user, or they can find another reason to check their access remotely. Often, this can remain an anonymous request.
  8. It’s yours, not your family’s laptop. Your device is often secured to your account and it is yours to secure. If you happen to work over a vacation or somewhere where someone needs your company-sanctioned device, just say no. Since your spouse does not understand the training or rules you’re complying with, why let them use your device. Note: IT teams will treat any violation on your work device as your responsibility. This especially comes into play with children who often don’t fully understand the ramifications of being secure, only to decide to download an old version of Flash so they can play an old browser-based game.

BluVector Wins Multimillion-Dollar Contract with U.S. Government Agency

Company Grows New Annual Contract Value by 130% in 1H 2018

BluVector, a leader in AI-driven network security technology, today announced it has won a multimillion-dollar contract with a U.S. government agency. BluVector is an AI-driven sense and response network security platform that makes it possible to accurately and efficiently detect, analyze and triage sophisticated threats including fileless malware, zero-day malware and ransomware in real time.

As is the case in virtually every industry, government security teams must prepare to face the rapidly increasing volume and sophistication of threats. This problem is made even more difficult by a shortage of trained talent armed with the right capabilities to protect against these emerging threats. The U.S. government has taken the opportunity to confront these challenges head-on, investing in the future through projects focused on artificial intelligence, machine learning and other forward-leaning technologies, such as those deployed by BluVector.

BluVector provides a revolutionary solution to these escalating risks, leveraging supervised machine learning to deliver highly-accurate detection rates of advanced threats in milliseconds. Furthermore, the platform automatically aggregates threat and network data that incident response teams use as context for decision making, shortening the response window and vastly improving analyst efficiency.

"The U.S. government has stated that cyber threats are now the greatest risk to the country," said Kris Lovejoy, CEO, BluVector. "BluVector, born within the defense and intelligence sectors to solve the government’s hardest malware detection challenges, brings over a decade of experience in detecting threats against the government. We're continuing to serve the growing security needs of federal agencies by helping them lower risk, increase compliance and improve threat detection and response capabilities."

BluVector has experienced significant traction in the commercial and public sectors, serving companies ranging from the middle market to some of the largest enterprises and federal agencies in the world. In the first half of 2018, BluVector has already grown its new annual contract value by 130 percent versus all of 2017. These wins have spanned numerous industries, including financial services, healthcare, manufacturing and technology.

When Cyberattacks Act Like Digital Hurricanes

As the United States' East Coast prepares for the impact of hurricane season, we are reminded of the level of preparation that cyber security teams need to go through to protect their networks in the face of a potential disaster.

The sciences of predicting weather and threat intelligence draw many similarities. Just as meteorologists can see a storm brewing and track its initial movements, cyber threat intelligence professionals can often see a threat campaign emerging. Further, the actual path of a storm and its damage is impossible to predict, much like the difficulty in predicting who will be the target of threat campaigns, what tools will be used, or what the impact will be. Like it is for most uncertainties, weather-related or cyber, preparation is key.

Earlier this year, BluVector’s CTO, Travis Rosiek, wrote a piece for Cyber Security: A Peer-Reviewed Journal called "Chief Information Security Officer Best Practices for 2018: Proactive Cyber Security" where he detailed a better approach to cyber security preparedness in the wake of cyber security attacks.  The piece, which you can read the PDF version here, helped us reexamine how security teams build better responses to cyber security disasters. Interestingly, these tactics parallel the preparation we're seeing in anticipation of this season’s hurricanes.

Data: Predicting a hurricane's path is no easy task, so meteorologists leverage a variety of weather models that rely on a massive amount of data to make predictions about how a hurricane will move and grow. These models often use machine learning to adapt models to previously seen hurricanes, improving prediction capabilities over time.

Similarly, with a cyberattack, having as much data as possible about an impending threat early on enables security teams to better understand and prepare for the threat. Solutions that leverage machine learning to learn from the behaviors of past attacks can also help organizations predict and defend against incoming threats, even if they do not exactly match previously seen events.

Target: As we're seeing in areas most likely to be affected by hurricanes this season, a critical first step is physical preparedness. Officials are removing people from high-risk areas and preparing for power outages and food shortages, so as to minimize the impact the storm has on the regions’ most valuable assets: their people.

In the cyber realm, there are numerous ways organizations can prepare for potentially damaging threats. One of the most basic and essential tactics for reducing threat risk, however, is regularly backing up critical data stores. While organizations must also worry about data leaks and not just destruction, this backup process ensures companies can survive most business continuity disruptions caused by cyber threats.

Protection: In a hurricane, sea walls and other tools might reduce the initial surge of a storm, but there's often just no way to stop all the damage. Therefore, areas likely to be impacted must develop a responsive infrastructure in order to stop or reduce the damage, using secondary protection techniques such as effective storm drainage.

In protecting against a cyber-attack, a firewall might hold back the attack's surge, but like a sea wall, it often isn’t sufficient. However, having a secondary level of protection behind that wall can greatly reduce the damage. When organizations take a proactive approach toward addressing these risks, such as by investing in tools specifically designed to pick up on threats that bypass the first layer of defense, they are often able to prevent the damage entirely.

Duration: The winds generated by hurricanes can cause a massive amount of damage during the first few hours or days of the storm. However, it is often the longer-lasting flooding and standing water that cause the greatest amount of long-term damage. Roads, homes, and other infrastructure are no match for this length of abuse.

When it comes to cyber, an initial attack can be devastating, but more often than not, it is threats that have achieved significant dwell time that cause the most damage. Dwell time is calculated as the amount of time a threat remains active within a network or computing device before it is detected. The longer the attack is live within a network, the greater the potential impact due to data exfiltration, lateral movement, or other malicious actions.

Response: Whether in the case of a hurricane or a cyber incident, the response can spell the difference between an inconvenience and a catastrophe. In both scenarios, responders must make split-second decisions with less than perfect information. When it comes to hurricanes, this may entail sending emergency medical resources to one area versus another, without having boots on the ground to provide recon on affected regions.

For cyber incident responders, relevant context and prioritization is absolutely critical to effective response. To gain this context and prioritization, organizations must invest in solutions that correlate detection data with supporting information throughout their environment. With this accurate information, a security organization can rapidly respond to the highest priority threats before damage is done.

Cleanup: After the event has occurred, the critical activity of cleanup begins. This is a time to assess what caused the damage, where the damage happened and where to put any available resources. For those who have experienced hurricanes before, they know this is where leadership matters most. Having the right direction and course of action is crucial to the speed of cleanup and the ability to better prepare for these types of events in the future.

So too is it the case with cyber security, where the head of a security organization must determine how to remediate any damage sustained in a security incident, and what preparations are necessary to protect against the next attack.

Hurricanes have the tendency to be much more dangerous than a cyber event. They put lives at risk, destroy homes and damage physical property. Our thoughts go out to those who have prepared their areas to face these storms, as well as disaster management leaders, first responders and anyone else affected by hurricanes.

BluVector Expands Real-Time Detection of Fileless Malware on the Network

BluVector Demonstrates New Features Extending its Fileless Malware Detection and Response Capabilities at Black Hat 2018

Arlington, Va.— August 2, 2018BluVector, a leader in AI-driven network security technology, today announced the latest version of BluVector® Cortex™, the company’s flagship platform, capable of sensing and responding to the world’s most sophisticated threats in real-time.

This latest upgrade focuses on further innovation within the platform’s network-based fileless malware detection, offering the ability to detect the greatest range of fileless attacks and automatically block these threats through its rich partner ecosystem.

"BluVector Cortex continues to evolve ahead of the industry with the expansion of its real-time detection of zero-day fileless malware on the network, providing the greatest breadth of fileless coverage and the only solution that empowers threat analysts with targeted logging surrounding a fileless event," said Kris Lovejoy, CEO, BluVector. "We're excited to return to Black Hat to show how these new capabilities can help organizations overcome one of the biggest security challenges of 2018 – detecting and responding to fileless malware."

The company also leverages its strong partner alliances, including a partnership with Carbon Black, to offer a unique solution on the market, capable of providing automated protection from fileless malware.

"As cybercriminals continue to evolve, we’ve seen an increase in fileless attacks," said Jim Raine, Director of Technology Alliances, Carbon Black. "By combining BluVector and Carbon Black, customers are able to achieve end-to-end, immediate protection from advanced threats."

Enhancements to BluVector Cortex includes new features that expand detection coverage, improve the investigation and response workflow and further scalability. Major new features and enhancements include:

  • PowerShell Detection – In addition to its existing coverage of JavaScript- and VBScript-based attacks, BluVector now also supports the analysis of PowerShell scripts in network traffic, identifying potential zero-day attacks before they have the chance to cause damage.
  • Fileless Script Capture and Context– Access to the actual scripts and related network traffic from a fileless attack all in one place enables an organization to easily investigate and even reverse-engineer a threat without the need for expensive full packet capture.
  • Advanced Threat Investigation– Today’s threats often make use of multiple stages and threat vectors, which can make investigation a very manual process. Enhanced search capabilities and new filters simplify and automate this correlation process, allowing analysts to quickly understand if an event was a standalone incident or part of a larger attack.
  • 20G Form Factor– Support for very large environments makes BluVector Cortex the only solution capable of detecting never-before-seen file-based and fileless malware in real-time on enterprise- and data center-grade networks.

BluVector will demonstrate its new capabilities at Black Hat USA 2018, Booth #2504, from Aug. 4-9, 2018 at Mandalay Bay in Las Vegas.

You can follow BluVector’s activity at Black Hat on Twitter and LinkedIn.

IBC Bank Reports Threat Detection Success with BluVector Cortex

Financial Institution Discloses that BluVector’s Machine Learning-Based Detection Delivered ROI Within First Week

Read the Case Study: International Bank of Commerce Detects Jaff Malware

Arlington, Va.—May 22, 2018—BluVector, a leader in AI-driven network security technology, today announced that IBC Bank (IBC), the flagship bank of International Bancshares Corporation and one of Texas' largest holding companies, reported that its decision to use BluVector Cortex to improve its cybersecurity detection and response capabilities for advanced targeted attacks had already resulted in a significant success. Installed and operational within hours, IBC Bank reported that BluVector Cortex provided immediate return in its first week of operation by detecting targeted attacks designed to circumvent traditional malware detection methods.

"I was impressed with how effective BluVector's Machine Learning Engine for malware detection was in this case," said John Byers, Senior Vice President and CISO at IBC Bank. "BluVector's platform was the first and only vendor in our infrastructure to detect this event and, more importantly, deliver the surrounding context we needed to respond in a real-time manner."

In March 2018, IBM’s X-Force Cyber Security Intelligence Index identified the financial services sector as the most targeted industry globally for the second year in a row. In an effort to combat advanced threats and targeted attacks, IBC turned to BluVector Cortex to deliver fast and accurate malware detection that didn’t rely upon rules or signatures. As a result of its investment, IBC was also able to bolster its visibility into North-South and East-West traffic and gain additional context surrounding the source and intended destination of threats.

"Security solutions generate too many alerts, leaving security pros swimming in threat intel and begging for automation," said Byers. "Protecting our customers' personal information is of the utmost importance, and in order to do that we deploy the best available solutions managed by our security experts. BluVector’s approach to detection and response with machine learning gave my team the confidence to respond to an alert because it poses a real threat."

"In today's environment, it is hard to keep up with emerging threats in a way that provides significant efficiencies to the security professionals on the front line," said Kris Lovejoy, CEO, BluVector. “Forward-thinking CISOs like Mr. Byers have turned to technology and automation to help make security analysts as effective and efficient as possible."

BluVector Cortex leverages supervised machine learning that delivers highly accurate detection rates of advanced threats in milliseconds. Automation aggregates threat and network data that incident response teams use as context for decision making, shortening the response window from months or days to hours or minutes. Part of a broad security ecosystem, BluVector easily integrates with enterprise-grade cybersecurity infrastructure to bring together a best-of-breed approach to advanced threat detection.

What a Difference a Year Makes, BluVector Reflects on RSA Conference 2018

First off, the BluVector team wants to thank its employees, partners and RSA Conference-goers who made their way to South Hall booth 1615 and made our time there truly memorable.  Since our first showing at RSA last year, BluVector is quickly evolving faster than we had ever expected.

The show was filled with a mix of terrific interactions, insightful presentations and tremendous opportunities. Kicking off the event, BluVector CEO Kris Lovejoy delivered an amazing, well-crafted and nearly perfectly timed pitch deck to RSA judges during the elite Innovation Sandbox contest where only 10 companies are asked to pitch and only one leaves victorious. Despite not winning, the nomination as a finalist carries great weight and served as a strong way to reinforce the value we bring to our customers every day. You can watch her pitch here.

On Monday evening we returned to the show floor, but we didn’t just return with our staff. We returned with a team of strong partners from Endace and CohnReznick  showcase not only how these partnerships work, but how together, they benefit customers.

While we were there, we made sure our presence was known and that we had fun.  Probably the two biggest hits for the booth was our T-Shirts (over 500 given away) and a digital caricaturist who had a line around the corner a final tally with nearly 200 caricatures created.

In the end, however, it was the innovation the BluVector team is delivering that was of most interest to conference attendees. By delivering our AI-driven sense and response network security platform we are making it possible for our customers to deal with the human capital issues they face by accurately and efficiently enable security teams to detect, analyze and contain sophisticated threats including fileless malware, zero-day malware, and ransomware in real time. As one of our customers stated in an online review, BluVector is like "having a Junior Analyst."

See you next year at RSA 2019!

BluVector, Endace Announce Partnership at RSA to Provide Security Operations Centers with Fast, Confident Attack Detection, Analytics and Response Solution

Collaboration adds BluVector’s AI-Driven Network Security Technology to Endace’s Network Recording and Analytics Hosting Platform, Delivering One Platform for Next-Gen SOCs

RSA CONFERENCE USA – SAN FRANCISCO -- April 16, 2018 – AI-driven network security company BluVector and high-speed network recording, playback and analytics hosting company Endace today announced a partnership to host BluVector® Cortex™ advanced threat detection on Endace’s EndaceProbe Analytics Platform.  The two companies will showcase the combined solution at RSA Conference in San Francisco at BluVector’s Booth 1615, South Expo.

The solution gives both network operations (NetOps) and security operations (SecOps) highly effective AI-based threat detection alongside the definitive packet-level evidence they need to make better-informed and more confident decisions to resolve issues quickly.

"The sophistication and evolution of today’s cyber adversaries continues to accelerate, as does the number of successful intrusions. This makes network security even more important in today’s connected world," said Stuart Wilson, CEO, Endace. "But an intrusion doesn’t have to lead to a major breach or cyber incident. The partnership between BluVector and Endace combines state-of-the-art threat detection with the accurate packet-level evidence needed to investigate, respond to and neutralize cyber intruders quickly and efficiently."

The combined solution collects information from thousands of disparate data sources, then analyzes and prioritizes the data and events. The resulting information becomes instantly available to SecOps teams, delivering the contextual data they need to quickly understand the threat and its severity. Endace's powerful API integration with BluVector streamlines investigations, allowing analysts to swiftly click from an alert directly to the related packet history to see precisely what transpired.

Customers can deploy BluVector Cortex directly onto EndaceProbes, a hosting platform for analytics applications. This eases installation and maintenance for customers by allowing them to deploy a common hardware platform that combines full packet capture with the ability to host BluVector’s advanced threat detection solution alongside other network security and performance analytics solutions.

"Information security teams must increase their visibility and analytics capabilities to detect intruders faster and respond to them quickly and efficiently to avoid high-impact cyber incidents," said Kris Lovejoy, CEO of BluVector. "Our partnership with Endace brings together the best in the ability to flag, record and replay attacks so IT and security teams have sufficient quality information about the incident, the data and systems affected, and the company’s relative exposure to respond accurately. And they have all this capability on a single platform."

This solution is available immediately; contact Endace sales ( or BluVector sales ( for more information.