Company attributes
Other attributes
Blue Hexagon is a cybersecurity company that provides a real-time threat detection platform. This platform is based on artificial intelligence and offers on-device machine learning-based malware detection for users to secure networks and improve cloud security. This solution is developed to continuously defend and harden against errors and attacks; it protects against known and unknown threats such as ransomware, malware, zero-day, C2, crypto mining, and insecure apps and code, through threat and misconfiguration detection. Blue Hexagon was founded in 2017 by Nayeem Islam and Saumitra Das, and is headquartered in Sunnyvale, California.
Blue Hexagon's platform offers continuous, cloud-native security, visibility, and compliance for AWS, Google Cloud Platform, and Microsoft Azure. It includes asset inventory functions and misconfiguration detection, as well as threat detection. The platform is built to provide sub-second identification of both known and unknown threats with near 100 percent accuracy. Rather than bolting on security models to the cloud, Blue Hexagon says the company's platform has been built to work with cloud infrastructure, connecting to cloud assets to deliver a cloud-scalable software-as-a-service cybersecurity solution for organizations.
The platform works with the company's deep learning AI models, which collect raw data ranging from resources in every region of every account, their configurations, cloud control plane activity, network activity, storage activity, server less packages, and containers pushed to repositories. This data is then analyzed by the platform to detect Windows and Linux malware. Further, the platform uses behavior analytic algorithms to uncover unusual patterns of behaviors in the cloud control and data plane.
The ingestion, analysis, indexing, and deep learning on raw cloud data is intended to lead to concrete outcomes for DevOps and SecOps:
- Hardening outcomes—providing visibility into asset inventory and cloud activity, detecting misconfigurations in over 100 different services, and aiding in compliance with standards such as CIS, HIPAA, and PCI.
- Threat detection outcomes—providing identification of known and unknown threats, natively working with cloud infrastructure, and applying deep learning to network traffic, storage activity, and workloads to identify misconfigurations and possible threats.
Image of Blue Hexagon's security dashboard offering cloud visibility tools.
Blue Hexagon's platform provides cloud visibility into asset inventory, users, entities, resources, network and control plane transactions. This is offered to help organizations stay aware of transactions through a cloud infrastructure, and offers query capabilities into every aspect of a cloud. This can include understanding dynamic assets in the cloud, understanding who and what is communicating in the cloud, and correlating security alerts with activity through the cloud.
The company's platform is built to help organizations identify hundreds of types of misconfigurations and highlight those that are deemed critical misconfiguration, based on the context around the attack surface the misconfiguration exposes. Due to the ease of cloud computing, misconfigurations of networks, instances, identities, and storage can be prevalent, with 67 percent of CISOs noting cloud misconfigurations as a top cloud security threat.
Workload threat detection can work to find supply chain backdoors hidden in workloads and further reduce lateral movement risks in server-less workloads. Blue Hexagon's platform is intended to provide coverage beyond package manager checks and actually inspect all workloads for any malware or lateral movement risk. These files are in turn processed through Blue Hexagon's deep learning engine to identify unknown and zero-day malware.
Example of Blue Hexagon dashboard monitoring network activity.
Blue Hexagon's platform works to provide an agentless approach to detecting threats and mitigating risks in a cloud network. This can include detecting risks from supply chain infection, crypto-miners, APTs with command control, and unauthorized activity from potentially malicious entities. The platform's network threat detection algorithms operate on cloud flow logs, but are intended to be capable of taking advantage of new CSP-native capabilities such as AWS VPC Traffic Mirroring and GCP Packet Mirroring.
As the name implies, Blue Hexagon's platform provides defense against unauthorized access to cloud storage buckets and works to prevent the use of those storage buckets as a vector for malware artifacts, including ransomware payloads, malicious JavaScript, or moving malicious code laterally.
As part of the platform, Blue Hexagon works to keep cloud workloads continuously compliant through continuous assessment and compliance maintenance with several standards. This can be used to help enable workload migration to cloud computing, and to ensure dynamic workloads remain compliance. Compliance posture monitoring and instant reporting is offered for a range of compliance standards, including CIS, HIPAA, and PCI-DSS.
The Blue Hexagon platform is built to offer agentless deployment by connecting through cloud-native APIs and is capable of being managed by a software-as-a-service portal. This is intended to offer platform deployments in minutes, with customization available by account, network, bucket, or region through chosen parameters. Further, the platform is designed to be automatically maintained with automated guardrails to ensure the security keeps pace with infrastructure changes.
