BluVector is revolutionizing network security with state-of-the-art AI, sensing and responding to the world’s most sophisticated threats in real time. Our platform, deployed to high-density network aggregation points, delivers the ability to perform real-time analysis of file-based and fileless threats. The solution also has the ability to perform retrospective analysis, examining previously collected files or PCAP logs.
BluVector is installed as either a hardware-based network appliance, or as a virtual machine, and is up and running within 30 minutes of installation, delivering value from day one. It is designed to work with all IPv6 traffic as well as older IPv4 streams, so it can operate in environments that are rich in internet of things (IoT) and supervisory control and data acquisition (SCADA) devices, such as those in industrial and manufacturing settings, as well as for normal office type environments.
With its modular design, BluVector’s patented architecture allows the platform to run numerous detection engines in parallel. The solution comes packaged with our proprietary machine learning-driven engines as well as several pre-tuned open source tools, such as signature, rules and intelligence engines. Additionally, the platform does not operate as a black box, but instead allows security teams to leverage any existing investments in open source engines, such as Bro and Suricata. BluVector can even add detection engines developed by other vendors, depending on the needs of the customer.
Once an event is detected, BluVector’s Intelligent Decision Support System delivers analysts the actionable insight and workflow automation needed to confirm and contain threats early in the kill chain. This insight is bolstered by BluVector’s proprietary Targeted Logger, which delivers context and visibility through its collection and correlation of all network logs surrounding an event. The workflow automation is driven by BluVector’s Probability Engine and Hunt Score, which allow security teams to automatically contain confirmed threats events and focus their efforts on triaged high-priority events.
The platform also seamlessly integrates with threat intelligence feeds for real-time correlation, dynamic analysis engines for offload sandbox execution, Security Information and Event Management (SIEM) tools for rapid incident response and Endpoint Detection & Response tools for containment.