Get Better Answers, Not More Alerts.

Better analytics improve cyber resiliency by transforming how security teams detect, triage and respond to security threats.

Quality Threat Indicators and Automation

Better answers are good. More alerts are not. Providing quality threat indicators to help security analysts get answers is our passion. BluVector runs a broad detection stack that includes supervised machine learning, speculative code execution, Suricata, Yara, and ClamAV integrated with the ETPro ruleset, AlienVault OTX and a curated ClamAV feed. All of this is running on top of Zeek.

A Better Workflow

The way analysts work is critical to success in the SOC. Leveraging a technology that understands and improves that work is crucial. Driving that efficiency, BluVector presents the dataflow in the platform within the context of an event and the analyst’s broader workflow to reinforce each time saving feature. Then BluVector correlates those events and scores them. Tier 1 analysts can wade through events more efficiently by understanding where they should focus. Once focused, they’ll have additional data on-hand to understand the event.

Information like network metadata targeted around the event, Active Directory user information, results from an embedded sandbox, hex detail for fileless attacks and the actual content payload — are all located in a central location that’s easily accessible by the analyst.

No Black Box

Every good security team you’ve probably invests time, effort and expense in tailoring their security stack to the needs of the business. Operating custom Zeek/Bro scripts or Yara or Suricata rules? Not an issue, deploy them. Why? BluVector embraces the best of open source to help our customers become more resilient.

See how we help our partners elevate Zeek and Suricata.

BluVector automates the centralization of disparate data that is typically required in a threat investigation:

  • A complete hunt score based on the correlated results from the engines and integrated intelligence
  • Network and file metadata surrounding the event (specific engines, rules and/or intelligence that triggered the alert)
  • Integrations to lookup services like VirusTotal
  • Threat Intelligence data correlated with live data “on the wire,” as opposed to just matching in the SIEM
  • File retention
  • Full Targeted Network Logs from Zeek (formerly Bro)

The goal is to allow analysts to complete their full investigation in a single space.

Threat Report Q2 2020

Threat Report Q2 2020 looks at two new techniques that included an attack on a popular hardware firewall and mobile device manager that distributed a banking trojan to a company’s Android devices

Download Threat Report Q2 2020