Enhancing Threat Identification
and Notification


Designed to bring conformity to the identification process for malware, STIX/TAXII combines the rigidity of a structured language for reporting threat intelligence with a secure API to notify other tools in an organization’s security stack.

BluVector Cortex customers who utilize TAXII (Trusted Automated eXchange of Indicator Information) services and message exchanges to enhance their information about cyber threats across their organization will be able to quickly integrate BluVector’s machine learning threat knowledge into their threat workflows.

File-based Detection

Trained over the course of eith years of work with the U.S. federal government, BluVector’s powerful Machine Learning Engine (MLE) can quickly adjudicate files that are malicious at line speed. Scanned in milliseconds, this information can either be set manually by a security team member or through a configured workflow.

Ease of Integration

As security teams already know, formulating their event messaging in STIX can be a powerful method of communicating threat knowledge. One of BluVector’s advantages is its short installation timeframe. For organizations that already use STIX/TAXII within their security stack, they’ll be able to operationalize the knowledge that BluVector Cortex generates quickly alone or with other pre-existing solutions.

Fileless Detection

Running in parallel with MLE, BluVector’s Speculative Code Engine was built to detect the fastest growing sector of malicious events, fileless malware. When fileless malware is detected, BluVector supports the ability to generate an Indicator title and description to be adjudicated by the user to be malicious. That information includes “BluVector Event Adjudicated URI” and “Indicator for BluVector Malicious URI.”

The addition of support for STIX and TAXII with the BluVector product expands the knowledge that organizations have at their fingertips to inform their security workflows.

Adhering to the STIX (Structured Threat Information eXpression) language, originally developed by MITRE, BluVector provides threat intelligence within the Indicator object type.

Within that object, BluVector will communicate two specific items

BluVector
Threat Report Q1 2019

From healthcare to fast food to social networks to government to online games, it seems that no vertical industry is immune from attacks. The threat landscape in the first quarter of 2019 has shown that threat actors have continued to innovate existing malware tools and increase the creativity with how they obfuscate their malicious attempts.

Download Threat Report Q1 2019