BluVector CEO Kris Lovejoy to Present at Innovation Sandbox Contest and Emcee Two Panels at RSA 2018

Company to showcase AI-Driven Sense and Respond Network Security Platform at Booth 1615

Arlington, Va. – April 3, 2018 – BluVector’s second year at the RSA Conference illustrates the company’s continued cutting-edge work in helping companies detect, analyze and contain sophisticated threats and for demonstrating outstanding leadership in the cybersecurity industry.

This year, the company will compete for two awards at the RSAC Innovation Sandbox and SC Awards 2018. Additionally, BluVector CEO Kris Lovejoy, a 20-year cybersecurity market veteran, will emcee two panels during RSA 2018.

On Monday, April 16, Lovejoy will moderate the “How to Rise Above the Noise” panel from 10:30-11:10 a.m. PT with Malcome Harkins, chief security and trust officer, Cylance and Mike Volpe, CMO, Cyberreason as part of the half day “How-to for Innovators and Entrepreneurs” seminar.
What:               How-to for Innovators and Entrepreneurs
When:              Monday, April 16, 9:30-12:15 p.m. PT
Where:             Marriott Golden Gate A SEM

Later on April 16, Lovejoy will pitch a panel of technology judges on BluVector’s AI-driven network security platform as one of 10 finalists invited to the RSAC Innovation Sandbox contest. In the past five years, finalists have received more than $1.12 billion of investment. Previous winners include UnifyID, Sourcefire (now a Cisco company) and Phantom (now a Splunk company).
What:               RSAC Innovation Sandbox Contest
When:              Monday, April 16, 1:45-4:30 p.m. PT
Where:             Marriott Marquis - Yerba Buena 8

On Tuesday, April 17, in a panel titled, “The Incident Response Class of 2018: Tactics and Tales from the Frontline,” Lovejoy will join Adam Malone, director, incident response and threat intelligence at PwC, and Timothy Ryan, principal, fraud investigation and dispute services, Ernst & Young, LLP. These experts will draw on their frontline experience in an example-rich conversation about the real incident response battlefield today. Discussion will focus on how companies should change their approach to threat hunting and response to stay ahead of the threat actors who are savvy and financially motivated.

What:               “The Incident Response Class of 2018: Tactics and Tales from the Frontline”
When:              Tuesday, April 17, 1 pm PT
Where:             Moscone West 2009

On Tuesday night, April 17, the company will vie for “Rookie Security Company of the Year” at the SC Awards 2018.

What:               SC Awards 2018
When:              Tuesday, April 17, 6:30-11:00 pm PT
Where:             InterContinental
888 Howard Street
San Francisco, CA 94103
BluVector will demonstrate its award-winning AI-driven network security platform, including BluVector® Cortex™, at Booth 1615 in South Expo Hall.

You can follow BluVector’s activity at RSA on Twitter and LinkedIn.


BluVector Selected as Finalist for 2018 RSA Conference Innovation Sandbox Contest

Company Recognized for AI-Driven Network Security Technology

 Arlington, Va. – March 21, 2018 – BluVector has been named one of 10 finalists for the 2018 RSA® Conference Innovation Sandbox Contest for its cutting-edge work in helping companies detect, analyze and contain sophisticated threats. On Monday, April 16, BluVector will present its information security technology to a panel of industry veteran judges and a live audience in a three-minute quick-pitch, competing for the coveted title of "Most Innovative Start Up" at RSA Conference 2018 in San Francisco.

RSAC Innovation Sandbox Contest is the leading platform for entrepreneurial cyber security companies to launch their groundbreaking research and innovation in front of venture capitalists, industry experts, senior level business practitioners and thought leaders. The event gives startups the kind of visibility and validation that turn into rapid growth and increased funding.

"If you look at RSAC Innovation Sandbox contestants from the last five years alone, you’ll see more than $1.38 billion in combined investments and 12 acquisitions, proving the businesses that take this stage gain exposure to the right people at the right time to launch them to success," said Sandra Toms, vice president and curator for RSA Conferences. "The submissions this year were noticeably competitive as we received exceptional entries from across the globe. I have no doubt this year’s presentations will be a must-see at RSA Conference."

BluVector is revolutionizing network security with an AI-driven security platform called BluVector® Cortex™. BluVector Cortex makes it possible to accurately and efficiently detect, analyze and contain sophisticated threats including fileless malware, zero-day malware, and ransomware in real time.

"Our innovative AI-driven network security technology improves the overall security posture of today's organizations, and scales the efficiency of security teams, delivering an almost immediate financial return on investment," said Kris Lovejoy, CEO, BluVector. "We continue to extend and expand our platform with breakthrough analytics that detect never-before-seen threats with greater speed, fidelity and effectiveness than anyone imagined possible."

The RSAC Innovation Sandbox Contest will begin at 1:30 p.m. PT on April 16 at the Marriott Marquis in the Yerba Buena Ballroom. Dr. Herbert (Hugh) Thompson returns to emcee the contest, and the panel of five judges includes Asheem Chandna, partner at Greylock Partners; Gerhard Eschelbeck, vice president of security and privacy engineering at Google; Niloofar Razi Howe, tech investor and entrepreneur; Patrick Heim, operating partner and chief information security officer at ClearSky; and Paul Kocher, entrepreneur, researcher and IT security expert. The winner will be announced in front of a live audience at 4:30 p.m. PT.

More information regarding RSA Conference 2018, taking place at the Moscone Center and the Marriott Marquis in San Francisco from April 16-20, can be found at: www.rsaconference.com.


BluVector Selected as SC Media 2018 Excellence Award Finalist

Recognized for Outstanding Leadership and Superior AI-Driven Network Security Technology

Arlington, Va.— March 15, 2018 — BluVector today announced it has been recognized as an Excellence Award finalist in the Rookie Security Company of the Year category for the 2018 SC Awards. Finalists are acknowledged for demonstrating outstanding leadership and providing superior security products to the cybersecurity industry. Winners will be announced at the SC Awards ceremony on April 17, 2018 in San Francisco.

Since spinning out of Northrop Grumman in January 2017, BluVector has earned tremendous market receptivity thanks to its AI-driven sense and respond network security platform, BluVector® Cortex™. Designed for mid-sized to very large organizations, the platform makes it possible to accurately and efficiently detect, analyze and contain sophisticated threats including fileless malware, zero-day malware, and ransomware in real time. With the unmatched advantage of 8 years of work with the US Intel Community and their threat data, BluVector has the proven ability to protect against emerging threats on average 13 months in advance.

“BluVector’s mission is to change the world for the better by making it safer,” said Kris Lovejoy, CEO, BluVector. “We’re helping organizations not only improve their ability to identify advanced threats, but also to analyze and contain these threats quickly. We’re honored that SC Media has recognized our disruptive approach to network security with our AI-driven sense and respond platform.”

Now in its 21st year, SC Awards is recognized as the industry gold standard of accomplishment for cybersecurity professionals, products and services. Winners in the Excellence category are determined by an expert panel of judges with extensive knowledge and experience in the cybersecurity industry. The Excellence Award honors the professionals, products and services that have proven to be the best in the industry for protecting today’s corporate world from an array of risks and threats.

“In an age where threats are ever-evolving, it is reassuring to know that one true constant is the commitment of dedicated information security professionals, as best exemplified by our SC Media Awards finalists,” said Illena Armstrong, VP, editorial, SC Media. “These inspiring innovators have set a high bar for their industry peers, as they continue to protect the world from attacks and vulnerabilities that imperil our security, privacy, and digital infrastructure. The year 2017 brought us WannaCry ransomware infections, the rise of cryptominers, and bugs like Broadpwn and BlueBorne that affected billions of devices. Whatever threats rear their ugly heads in 2018 and beyond, our finalists will be ready to act.”

The SC Awards gala honoring the winners attracts top professionals in the cybersecurity community and provides an invaluable opportunity for networking. To register for the 2018 SC Awards gala, please visit http://www.scmagazine.com/awards/.

About SC Media

SC Media is cybersecurity. For over 25 years, they have armed information security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders, and independent product reviews in partnership with and for top-level information security executives and their technical teams.

In addition to their comprehensive website, SC Media offers magazines, eBooks, and newsletters. They also host digital and live events such as SC Awards and RiskSec NY to provide cybersecurity professionals all the information needed to safeguard their organizations and contribute to their longevity and success.

Friend us on Facebook: http://www.facebook.com/SCMag

Follow us on Twitter: http://twitter.com/scmagazine

About BluVector

BluVector is revolutionizing network security with state-of-the-art AI, sensing and responding to the world's most sophisticated threats in real time. With the unmatched advantage of eight years of work with the US Intel Community and their threat data, only BluVector has the proven ability to protect against emerging threats on average 13 months in advance. Stop waiting for breaches to happen. Get ahead of the threat. Visit www.bluvector.io.


BluVector Extends File-based and Fileless Malware Detection to Cloud-based Email Services

Advanced intrusion detection introduced for Office 365 and Google for Business

Arlington, Va.— March 13, 2018 BluVector today Introduced its latest additions to BluVector® Cortex™, including support for Office 365 and Google Mail, designed to help mid- to large-sized organizations detect file-based and fileless malware attacks through their cloud-based email services.

In a recent interview on the state of the cloud office, experts cite that while the cloud email adoption rate is rising, it is constrained by concerns about security and privacy. Those who fail to move to the cloud will be negatively impacted by the increased cost and lack of access to the innovative technologies, which can help to advance the business.

With BluVector Cortex 3.1, organizations can fast track adoption of cloud office capabilities with significantly reduced risk associated with phishing, spearphishing, ransomware and credential-phishing attacks. Organizations can use the power of artificial intelligence, machine learning and speculative execution to sense and respond to threats in real time.

The following are new features and benefits of the latest version of BluVector Cortex:

  • Cloud Email Analysis – BluVector Cortex can analyze malware attacks from any cloud-based IMAP email service, including Office 365, Google for Business and other major providers.
  • New Event Reporting Dashboard – Automatically translate the rich network traffic data generated by BluVector Cortex into easily understandable insights.
  • Dynamic Malware Analysis in the Cloud – Users will be able to automate secondary analysis of flagged malware content. By providing additional context associated with the inner workings of the captured malware, analysts can now gain a deeper understanding of the threat.
  • Detection of Malicious VBScripts –BluVector Cortex now examines all files to look for and analyze embedded VBScript, an increasingly common attack vector. The detection capability comes as a new classifier of the patented Machine Learning Engine (MLE) of BluVector Cortex.
  • Built-In Threat Intelligence – An improved intelligence feed provides context around suspicious events and helps identify lateral movements post breach.

"While email continues to be the primary method of communication for organizations, it also continues to be the weakest link in security. As such, threat actors commonly target their attacks on email and are getting better at deceiving users," said Travis Rosiek, CTO, BluVector. "As our customers continue to shift to hybrid IT and email environments, we can give them the confidence they need to address the complex threat landscape on any platform."


Critical Infrastructure at Risk for Cyber Attacks

Critical infrastructure covers a vast array of systems that modern societies rely on to ensure safety, security and service. Industrial control systems (ICS) and critical infrastructure are common targets for cybercrime, with almost 40% of them facing a cyber-attack at some point in the second half of last year.

The U.S. Department of Homeland Security deems 16 sectors as critical as their failure to function would jeopardize public health and economic security. These industrial sectors include chemical, physical facilities, communications networks, critical manufacturing, defense, industrial, emergency services, energy, dams, financial services, food & agriculture, government facilities, healthcare, IT, nuclear materials, transportation and water and waste system.

Given the wide scope of these critical areas, each comes with its own unique challenges regarding information they utilize to ensure services—to both citizens and businesses, that rely on stability in order to prosper. Yet, they do have one thing in common, an increase in destructive malware attacks in recent years; as damaging any of these sectors can greatly affect a society.

Governments are well aware of the growing issue of infrastructure attacks. A quote which began with then Secretary of Defense Leon Panetta in 2012 has been repeated throughout government, most recently by Ret. Adm. James Stavridis telling CNBC, "We're headed toward a cyber Pearl Harbor, and it is going to come at either the grid or the financial sector."

In this recent whitepaper, The Cybersecurity Challenges in Critical Infrastructure, we discuss critical infrastructure, how it differs from traditional IT environments and the challenges that lay ahead.


BluVector Earns Second Consecutive Industry Innovator Recognition

As a nearly one year old company, there are few things you do right twice. And while we see our role as innovators is part of what drives us to create products and solutions that will help any organization better detect malware attacks on day zero, we were excited to be listed again by SC Media as one of its Industry Innovators for 2017. It's a huge honor and a testament to the countless hours of work that our teams do to improve, innovate and disrupt the network intrusion detection market.

SC Media's Peter Stephenson described our latest BluVector 3.0 as, "last year we characterized BluVector as an on-the-wire hunting tool. The idea was that by being on the wire a measure of proactive hunting occurs before the malicious traffic even gets inside the enterprise and starts to do its damage. It turns out that in its current incarnation it is somewhat more than that."

If you didn't receive the Dec. 2017/Jan. 2018 issue of SC Magazine, we were able to get a copy of the article to read about how the press is reacting to our latest advancements in detecting fileless malware with our revolutionary speculative code execution engine.

Read SC Media Industry Innovator


BluVector Selected as a 2017 Red Herring Top 100 Global

Next Generation Network Intrusion Detection Company Ranks Among Leaders in North American, Europe and Asia

Arlington, Va.—November 20, 2017BluVector, a leader in next generation network intrusion detection, today announced it has been selected as a winner of Red Herring’s Top 100 Global. This distinction comes on the heels of the company’s selection to the Top 100 in North America. Red Herring's Top 100 Global list has become a mark of distinction for identifying promising companies and entrepreneurs across their respective industries from North America, Europe, and Asia. Red Herring editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay would change the way we live and work.

"Choosing the companies with the strongest potential was by no means a small feat," said Alex Vieux, publisher and CEO of Red Herring. "After rigorous contemplation and discussion, we narrowed our list down from hundreds of candidates from across the globe to the Top 100 Winners. We believe BluVector embodies the vision, drive and innovation that define a successful entrepreneurial venture. BluVector should be proud of its accomplishment."

BluVector is transforming the way organizations protect critical data and infrastructure from the most sophisticated and fast-moving cyber threats. Leveraging market-leading machine learning technologies, BluVector's fileless detection capability radically accelerates the process of spotting and assessing the new advanced threats – including ransomware – that evade typical defenses.

"Being selected as a Red Herring Top 100 Global Winner is an extreme honor," said Kris Lovejoy, CEO of BluVector. "The recognition reflects our commitment to building a technology that helps organizations detect and neutralize today’s toughest and most evasive cyber threats. Customers know they can trust BluVector to protect their most sensitive assets 80 percent more quickly and with more efficacy and precision than with traditional approaches."

Red Herring's editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technology innovation, management quality, strategy, and market penetration. This assessment of potential is complemented by a review of the track records and standing of startups relative to their peers, allowing Red Herring to see past the "buzz" and make the list a valuable instrument of discovery and advocacy for the most promising new business models from around the world.


Fileless Malware is Growing

From crypto-ransomware and destructive malware to advanced persistent threats that exploit zero-day vulnerabilities, the malware threat landscape is ever-evolving. Another threat we've increasingly observed is fileless malware.

Apparently, we aren't alone. One security expert told Threatpost in April that he had seen more fileless malware in the first quarter of 2017 than in all of 2016 and 2015 combined. Numbers like that warrant attention. So, what exactly is fileless malware, and what's behind its sudden growth?

Fileless malware is also known as "memory-based" malware because its malicious functionality does not reside in a file on an infected host. Instead, fileless malware usually injects code into a host’s random-access memory (RAM) and/or registry. Once injected, the code employs clever scripting to use a host’s native functionality for further exploits. This method of using an infected device’s native system functionality, a host’s legitimate applications or an organization’s IT administrative toolset for malicious purposes is called "living off the land."

Attacks that live off the land are extremely stealthy because they employ functionality that is white-listed by an organization’s security technologies. For instance, system administrators use PowerShell, a functionality native to Windows operating systems, for a variety of legitimate tasks. Traditional detection methods may not flag fileless malware that resides in a computer’s RAM and uses PowerShell. Being fileless, of course, there is no signature associated with the malware, which makes signature-based detection unreliable.

Fileless malware is somewhat anti-forensic in that it leaves no detectable trace of itself (e.g., a file) beyond its stealthy use of native functionality and white-listed technology. This does present a risk to threat actors: If an infected machine is turned off, the fileless malware will cease to function. However, security experts have observed strains that employ a script in Windows Registry to reinstate the malware code upon rebooting an infected device.

Unlike the extremely targeted exploits firmware used by specific industrial control systems, which offer threat actors limited use, fileless malware is a flexible, adaptable tool. Many strains of fileless malware are designed to be effective in most enterprise IT environments that run, for instance, Windows or Linux systems. Fileless malware is among the most efficient types of polymorphic malware.

Fileless malware often includes custom scripting for multi-stage hacks. For instance, fileless malware code might enable the distinct tasks of escalating administrative privileges, establishing a connection back to the threat actor’s remote command and control server and exfiltrating data. Fileless malware can also be used to install additional malware modules.

Version 3.0 of BluVector introduced the capability to detect fileless threats, within milliseconds, before they infect end-user systems or begin moving laterally throughout the enterprise network.  Through this technology, called the "Speculative Code Execution" (SCE) engine, BluVector is the ONLY solution capable of detecting fileless malware at the perimeter, including obfuscated JavaScript and shellcode.

SCE runs in parallel with BluVector's patented machine learning engine which is designed to detect file-based attacks, giving BluVector customers two powerful ways to detect full fileless or fileless attacks that become file-based further down the attack chain.

Contact us today to learn how the BluVector's multiple detection technologies can prevent fileless malware from ever gaining a foothold in your organization.


BluVector Debuts Security Industry First in Fileless Malware Detection

BluVector 3.0 is the Only Product to Deliver Real-Time Detection of Fileless and File-Based Threats on the Network

Arlington, VA (November 7, 2017) – Today BluVector, a leader in reinventing network intrusion detection, is now the first and only security vendor to offer fileless malware detection in real time on the network. The proclamation comes as 2017 has seen a significant spike in "invisible" or "memory-based" cyber attacks on enterprises. This type of malware hides in the memory of a compromised machine and infects without leaving a trace on the machine’s file system, thus sidestepping traditional security and forensic tools.

BluVector’s new fileless malware detection capability, featured in the company's new BluVector 3.0 release, is delivered by an advanced analytic called the Speculative Code Execution (SCE) engine. It is capable of emulating how code will behave when executed in memory, and flagging behaviors that are indicative of application vulnerability exploitation or shellcode misuse. Recent examples of threats that used such vectors of attack include Petya, NotPetya and WannaCry.

See how BluVector detects fileless malware threats in this video: https://youtu.be/magczuWEXJU

"Despite substantial investment in numerous security products, enterprises continue to be the victim of malware attacks and data breaches," said Scott Crawford, research director for Information Security with 451 Research. "Fileless malware is an emerging tactic that attackers are increasingly adding to their repertoire to evade malware defenses. As evasive, fileless malware is extremely difficult to detect, security teams cannot rely on outdated tools. New solutions, such as BluVector’s 3.0, gives enterprise security teams a way to outsmart these more stealthy threats and significantly mitigate potential damage from a cyber attack."

SCE runs in parallel with BluVector's patented machine learning engine, which was trained and designed to detect file-based attacks, giving BluVector customers a complete suite to detect file-based, full fileless, and fileless attacks that become file-based further down the kill chain.

"Tackling the threat of fileless malware attacks can be daunting for even the most sophisticated organizations," said Kris Lovejoy, CEO, BluVector. "While there are new endpoint technologies available which can help mitigate some of the risks, any security practitioner will tell you they simply can’t cover every network device, application, and mobile/IoT device. Our customers have been asking for fast, easy, and cost-effective ways to protect themselves against this vector of attack. We are proud to be the first to offer a solution."

Available today, BluVector 3.0 addresses the growing threat of fileless in mid-sized and large organizations. In addition to fileless malware detection, BluVector 3.0 features include:

  • Virtual Appliance for ESXi: A software-only virtual appliance that customers can run on their VMware ESXi™-equipped hardware. By providing physical and virtual appliance options, BluVector enables a wider range of organizations to optimize their north-south and east-west security defenses while right-sizing their security investments.
  • Centralized Management: BluVector Central Manager enables Managed Service Providers and larger enterprises to manage, view data and configure an unlimited number of deployments from a single pane of glass.
  • Intelligent Decision Support System Enhancements: Targeted Logger allows analysts to dig deeper into security events by delivering highlighted network log entries, which have been pre-correlated to the events prioritized for analysis.

The Fileless Malware Ghosts in Your Hosts

Fileless malware variants are like ghosts: Many stories surround them, but they rarely reveal themselves on demand, even to trained hunters. Fileless infections instead seem to appear, suddenly and without warning, when we least expect them. Discovery is often by accident or coincidence.

Yet the specter of fileless malware is a growing concern because confirmed sightings appear to be increasing. For instance, in February, security researchers discovered fileless malware on the networks of 140 banks across 40 countries. Although industry-wide statistics on fileless infections can be hard to come by, cursory clues, such as Google searches, indicate a growing number of online investigations since 2015.

Fileless malware is spooky, in part, because it doesn’t behave like traditional file-based malware, which contains a signature that anti-virus products can use for future detection. File-based malware is usually detectable using traditional computer forensic tools.

In contrast, fileless malware resides in its hosts’ random access memory (RAM), which means it leaves no trace of itself on hard disk drives. When an infected host is powered down, the fileless malware disappears like an apparition, leaving no forensic clues.

But fileless malware often contains additional capabilities to help it remain elusive. For instance, fileless malware often haunts hosts by using their own systems and administrative tools against them, a tactic that security researchers call "living off the land." While this can lead to machina in exspiravit behaviors, fileless malware does not necessarily introduce anything observably unusual into the environment, making detection more difficult.

Fileless Malware Ghosts of Times Past

Just as the concept of ghosts long outlasts specific stories, which tend to morph over time and be historically and culturally situated, the concept of fileless malware is nothing new. It dates to the 1990s and the dawn of the World Wide Web, but the specifics of recent accounts have changed in key ways from historical manifestations.

Fileless malware did not gain widespread attention until researchers discovered its role in one the most infamous global cyberattacks in history.

On July 12, 2001, still-unknown hackers introduced a computer worm into the wild. The first version of the worm exploited a buffer overflow vulnerability in Microsoft IIS servers and then used a static seed to self-propagate. The static seed caused the first version to spread slowly and resulted in minor damage (primarily a defacing message that read, "Hacked by Chinese"). But, on July 15, two researchers at eEye Digital Security spotted the worm’s activities in security logs and began investigating.

Seven days later, on July 19, the anonymous hackers released a second variant into the wild. This second contained a single difference from the first: the use of a random seed rather than a static seed to spread.

This second version infected 359,000 machines in 14 hours. (By comparison, the WannaCry ransomware outbreak in May infected approximately 250,000 devices in 150 countries in several hours.)

And that's how the "memory-resident" CodeRed worm – so named because the researchers who discovered it drank Code Red Mountain Dew while reverse engineering it – made fileless malware history.

Today's Fileless Malware Threat

Fileless malware is worth hunting today because of its growing prevalence combined with its often more sophisticated capabilities, which are far graver than silly defacements.

Many current fileless malware variants sport robust functionality for cyberespionage and advanced multi-stage attacks, including the ability to establish persistent backdoors, exfiltrate data, and connect to remote command & control servers for further instructions and additional payloads.

Given the difficulty of detecting fileless malware, BluVector is preparing a new feature to help combat fileless malware at the network edge. The use of this new technology will allow BluVector customers to find fileless malware traversing the network. We invite you to contact us in the meantime to discuss how we can protect your environment from the uncanny threat of fileless malware by putting BluVector to the test.