Addressing the need for a simpler, more efficient approach to sensing and responding threats originating inside or outside the network, BluVector and SS8 Networks introduce BluVector IRIS. The partners claim this is the only suite on the market that offers visibility across the entire kill chain. Organizations can quickly identify and replay anomalous network behaviors that represent movement by infected hosts or malicious insiders seeking to exfiltrate proprietary data.
An add-on to BluVector Cortex, BluVector IRIS provides the ability to construct a 360° view of the entire cyber threat kill chain, enabling users to detect, analyze, and contain any threats originating from outside or inside the network. The combined platform examines more than 4,000 network protocols for potential malicious events and performs machine learning, network-based forensic detection, speculative code execution, and behavioral analysis on all communications.
BluVector IRIS features include:
- Network Visibility: Lightweight software sensors are deployed deep within the network to monitor and record east/west network communication. High-definition records of each transaction offer a comprehensive view of an event. Events can be traced back to exact systems and users.
- Behavioral Analysis: Performing behavioral analysis on each network-related communication, BluVector IRIS quickly detects anomalous network behaviors pre- and post-breach, including unusual internal file transfers, suspicious or illegitimate connections, use of non-standard ports, as well as unauthorized credential usage.
- Learning Analytics: BluVector IRIS combines external threat intelligence with details about users, systems and network traffic patterns to continually retrain the detection engines. This intelligence-led machine learning optimizes the system as it operates.
- Prioritized Discovery: Using advanced analysis engines, BluVector IRIS provides a threat score for each threat discovered to help prioritize actions to protect the most critical resources.