One state government agency was tasked with supplying IT services and security to more than 100,000 users, and protecting the Personally Identifiable Information (PII) of millions of citizens. Battling budgets and limited funds, this organization was looking for the latest in threat detection to address the volume, velocity and polymorphic nature of today’s advanced threats while protecting PII from outside attacks.
Over the years, endpoint-based, anti-malware solutions have become a critical component of any enterprise security strategy. Unfortunately, malware authors are constantly finding new ways to bypass these controls. So organizations are left struggling to keep security software, applications and operating systems up to date. That’s why forward-looking organizations are implementing an “always-on” solution that uses AI and machine learning on the network to find even the most sophisticated forms of file-based and fileless malware.
The agency deployed BluVector Cortex to scan 100% of network traffic. With its modular design, BluVector’s patented architecture allows the platform to run numerous detection engines in parallel. The solution comes packaged with our machine learning-driven engines as well as several pre-tuned open source tools, such as Bro and Suricata.
Once an event is detected, BluVector’s Intelligent Decision Support System delivers analysts the actionable insight and workflow automation needed to confirm and contain threats early in the kill chain. This insight is bolstered by BluVector’s Targeted Logger, which delivers context and visibility through its collection and correlation of all network logs surrounding an event. The workflow automation is driven by BluVector’s Probability Engine and Hunt Score, which allow security teams to automatically contain confirmed threats events and focus their efforts on triaged high-priority events.
The platform is also integrated with threat intelligence feeds for real-time correlation, dynamic analysis engines for offload sandbox execution, a Security Information and Event Management (SIEM) tool for rapid incident response and an Endpoint Detection & Response tool for containment.
- 61% drop in support and hardware costs
- Replaced four email and HTTP sensors for the sandbox
- Existing team was able to investigate more threats, automate much of the activity and onboard tools for greater efficiency