At Hexis, in building HawkEye G, we took a very different approach.
We starting with the assumption that we needed to continuously and automatically remove threats.
To do that, we needed a system that had very good detection capabilities and would be able to validate that the threats we think are there are actually real.
So…how does it all work?
Let’s start with detection.
In order to be able to automate removal, you have to have really good detection.
HawkEye G collects information from a variety of sources. It starts by monitoring BOTH networks and endpoints…because you need both to catch the most stealthy of attacks.
• On the endpoints alone, HawkEye G monitors 174 different heuristics.
• HawkEye G also aggregates 19 separate threat feeds providing over 54 million MD5 hashes,
• Finally, HawkEye G ingests detection information from popular 3rd party technologies such as Palo Alto Networks and FireEye
Edits – above Hexis threat feed # 19
Host Sensor #174
Two points during the conversation
All of that detection data is consumed and verified by HawkEye G’s proprietary analytics engine called ThreatSync.
ThreatSync “fuses” all the data and threat indicators into a single SCORE. This score helps you determine if the threat is real.
We’re literally pulling in events and observables from our network sensor, our host sensor, and Hexis threat feed. We’re also bringing in event data from other technologies like Palo Alto and FireEye – creating a higher order of intelligence and analytics around what’s happening on the endpoints and how threats are communicating with the network…
…and that data drives any policy based decisions. By doing this correlation, it DRAMATICALLY reduces the number of false network alerts.
And ThreatSync scores are dynamically adjusted to reflect real-time activity so that HawkEye G can respond to threats in real time.
HawkEye G now puts all that technology to work for you… using policy-based incident response and removal.
Depending on the incident type and severity, HawkEye can deploy a number of countermeasures that are specifically designed to mitigate & remove the threat.
• These countermeasures can be applied surgically and done in either a machine-guided or fully-automated mode.
• You can automate what you want, when you want it and how you want it done.
Key differentiators include the endpoint sensing capabilities, heuristics defined malware w/o signatures and real-time eventing so you have an up-to-date view of each endpoint to do things like ad-hoc investigations or malware hunting. … Also converging endpoint and network sensors, and of course ThreatSync for that higher level of confidence in incident response.
Finally, HawkEye G also sends information (pass information on) to other 3rd party systems such Splunk or ArcSight, to help increase overall visibility and to add value to the investments you’ve already made.
The Hexis approach to solving your security pain points… was to combine endpoints, network, analytics, and automation into one complete platform.
This is how we can deliver more value over the kill chain landscape vs a vendor who’s only focused on one area.
That’s why HawkEye G was rated a near 5 out of 5 by Network World magazine.
Pause…. So that’s Automated threat removal in a nutshell and what Hexis Cyber Securities calls – Machine Speed Defense.
Let’s see how well you were paying attention…… with this trivia question….
Thanks so much for your time. I invite you now to visit the HawkEye G demo station for a personalized product tour to see for yourself how automated threat removal works. Our security experts are standing by to scan your badges and answer your questions. Don’t forget o pick up your t-shirt on the way out. Enjoy the conference.