Log in
Enquire now
BluVector

BluVector

BluVector is a developer of an AI-based solution to deliver advanced threat detection and network coverage for enterprises.

OverviewStructured DataIssuesContributors

Contents

BluVector Advanced Threat DetectionTechnologyTimelineTable: Funding RoundsTable: ProductsTable: AcquisitionsTable: SBIR/STTR AwardsTable: PatentsTable: Further ResourcesReferences
bluvector.io
Is a
Company
Company
Organization
Organization

Company attributes

Industry
Technology
Technology
Cybersecurity
Cybersecurity
Information technology
Information technology
Network security
Network security
‌
AI-enabled cybersecurity
Artificial Intelligence (AI)
Artificial Intelligence (AI)
Location
Virginia
Virginia
Arlington County, Virginia
Arlington County, Virginia
United States
United States
Arlington (Pittsburgh)
Arlington (Pittsburgh)
B2X
B2B
B2B
CEO
Eric Malawer
Eric Malawer
Founder
Kristin Lovejoy
Kristin Lovejoy
Pitchbook URL
pitchbook.com/profiles...153904-87
Legal Name
BluVector, Inc.
Parent Organization
Comcast
Comcast
Number of Employees (Ranges)
51 – 200
Email Address
info@bluvector.io
Phone Number
+15715652100
Full Address
4501 North Fairfax Drive, Arlington, VA 22203, US
Investors
LLR Partners
LLR Partners
DUNS Number
079580290
Founded Date
January 1, 2017
Latest Funding Round Date
January 9, 2017
Competitors
Cisco Systems
Cisco Systems
AT&T Cybersecurity
AT&T Cybersecurity
Forcepoint
Forcepoint
Juniper Networks
Juniper Networks
Trend Micro
Trend Micro
McAfee
McAfee
AlienVault (company)
AlienVault (company)
Check Point Software Technologies
Check Point Software Technologies
10
...
Business Model
Subscription
Former CEO
Kristin Lovejoy
Kristin Lovejoy
Acquisition Transaction
‌
Acquisition of BlueVector by Comcast
‌
Comcast acquisition of BluVector
Latest Funding Type
Private equity
Private equity
NAICS Code
541,519
CAGE Code
7CGJ4
Patents Assigned (Count)
1
Country
United States
United States

Other attributes

Acquirer
Comcast
Comcast
Company Operating Status
Active

BluVector is a developer of a cyber-threat detection and hunting platform. The company provides threat detection and cyber hunting that defends enterprises against evolving security threats. It delivers fast, scalable, and integrated detection of malicious software targeting enterprise networks to help security teams stay ahead of advanced threats and protect against data breaches and theft. BluVector's intrusion detection for advanced threats uses a self-adapting form of machine learning, which works to deliver threat detection before a malicious software or bad actor has infected a host.

BluVector's industry partners include IBM Security, Carbon Black, Endace, Garland Technology, Gigamon, Cisco, Splunk, and Dell. The company has been awarded various awards or recognitions for its work in network security.

BluVector Advanced Threat Detection

The company's threat detection for cybersecurity and network security, BluVector Advanced Threat Detection, is developed using machine learning to help security teams detect, triage, and respond to security events. This includes threats such as ransomware, fileless malware, and zero-day malware, all in real time.

The company suggests the benefits of the platform include complete coverage, such that it can be deployed with flexible coverage and deployment options based on an organization's needs, with integration options that allow organizations to operationalize the knowledge of the platform via STIX/TAXII or with solutions including Splunk, Carbon Black, Symanetc, IBM QRadar, and CrowdStrike. The performance is intended to be scalable, using modular hardware for on-premise designs or with flexible virtual machine deployments for remote offices. The company suggests the platform offers increased network visibility and context for analysts to understand malicious events and to decrease the amount of false positive alerts which can occupy and distract security teams.

The BluVector Advanced Threat Detection platform includes a variety of features:

  • Advanced threat detection
  • Probabilistic scoring
  • Targeted logging and search
  • Hunt process automation
  • Low false positive/negative rates
  • SMTP, HTTP, FTP, and SMB support
  • Cloud email support
  • Support for IPv4 and IPv6 environments
  • An OpenAPI for ease of integration

Introduction to BluVector Advanced Threat Detection

Technology

The technology that works to develop the BluVector Advanced Threat Detection platform includes the company's Machine Learning Engine (MLE) and Speculative Code Execution (SCE) engine paired with analytics, Zeek, and STIX/TAXII.

Machine Learning Engine (MLE)

BluVector was issued the patent for the company's supervised machine learning (US Patent 9,665,713) in 2017. The resulting MLE works with pre-trained algorithms to identify malicious content embedded within common file formats like Microsoft Office documents, archives, executables, .pdf, and system updates, with what the company calls a 99.1 percent or higher detection accuracy on installation.

The MLE has more than thirty-five file classifiers and places all files on a probability continuum that spans from "benign" to "unknown" to "malicious." The MLE works to intercept and analyze files at the point of network delivery and detect file-based malware in milliseconds on the network, regardless of if the malware has been detected before. This is done through MLE investigating the content of a file itself for a combination of characteristics that can represent good or malicious software.

Speculative Code Execution (SCE) engine

Through BluVector's Speculative Code Execution (SCE) Engine, the platform is capable of fileless malware detection on a given network. The SCE works to detect threats of JavaScript-, VBScript-, and PowerShell-based attacks. This is based also on the spike in "invisible" or "memory-based" cyberattacks on enterprises. Examples of such attack vectors include "Petya," "NotPetya," and "WannaCry," which have targeted the financial industry and financial institutions.

The SCE engine emulates how code will behave when executed in memory and to what extent those behaviors initiate a security breach. This focuses on execution chains and the malicious capacity rather than malicious behavior, and works to reduce the number of execution environments that need to be investigated. BluVector suggests the SCE engine achieves 99 percent fileless malware detection of what are considered "invisible" threats.

Analytics

Through the automated collection and centralization of disparate data for threat investigations, BluVector offers hunt scores based on the correlated results from the engines and integrated intelligence, as well as network and file metadata surrounding an event, and integrations with threat lookup services like VirusTotal. These are used as part of the analytics behind the company's platform, which works to provide quality threat indicators. This is a based on a broad detection software stack, which includes supervised machine learning, speculative code execution, Suricata, Yara, and ClamAV integrated with the ETpro ruleset, AlienVault OTX, and a curated ClamAV feed—all of which runs on top of Zeek.

BluVector works to increase workflow efficiencies and save time for security analysts by presenting the dataflow in the platform within the context of an event, which are then correlated to the events and scored. This is intended to help analysts understand where they should focus, rather than work through the data to find that out, while also offering additional data to provide a wider context to a security event. The network metadata and information provided includes active directory user information, results from an embedded sandbox, hex detail for fileless attacks, and content payload.

Zeek

While many organizations rely on Zeek, formerly known as Bro, and a widely used open source network security logging system, which delivers detailed metadata about network flows over protocols including HTTP, SMB, FTP, DNS, and SNMP, BluVector suggests the company is using their systems to increase what Zeek can do. The original Zeek performs file carving from protocols that support file transfer, is extensible using Zeek's custom scripting language, and offers a framework for analysts to look for cyber indicators of compromise.

BluVector works to offer context to the reporting that Zeek provides with additional tools and analytics. This context can be for what, why, when, and how threats are operating within a given network. This includes using BluVector's Targeted Logging feature to automatically correlate detection events with Zeek metadata before and after threat detection, in order to help analysts to understand the network context surrounding the threat detection.

BluVector offers a variety of features through their use of Zeek and related data:

  • Zeek metadata
  • Support custom Zeek scripts
  • Intelligence-based threat detection
  • File extraction
  • Streaming metadata export
  • LDAP support
  • Central appliance management
  • Commercial support
  • File-based threat detection
  • Fileless threat detection
  • Detailed threat analytics
  • Automated threat event and metadata correlation
  • Threat scoring
  • Central threat Visibility
  • SoC analyst workflows
  • Historic network analysis
  • Email threat detection
STIX/TAXII

BluVector's platform adheres to the STIX (Structured Threat Information eXpression) language to provide threat intelligence within the indicator object type and offer an easy integration for users of TAXII (Trusted Automated eXchange of Indicator of Information). The TAXII services and messages exchanges are used to enhance information about cyber threats across an organization, and BluVector works to integrate their machine learning threat knowledge into these threat workflows.

For organizations formulating event messaging in STIX, BluVector offers a short installation timeframe. The company suggests the platform is capable of communication by generating a hash for any file-based threat the machine learning engine has decided is malicious, and creating a URI for any fileless threat detected by the Speculative Code Execution engine offered by BluVector.

Timeline

No Timeline data yet.

Funding Rounds

Products

Acquisitions

SBIR/STTR Awards

Patents

Further Resources

Title
Author
Link
Type
Date
No Further Resources data yet.

References

Find more companies like BluVector

Use the Golden Query Tool to find similar companies in the same industry, location, or by any other field in the Knowledge Graph.
Open Query Tool
Access by API
Golden Query Tool
Golden logo

Company

  • Home
  • Press & Media
  • Blog
  • Careers
  • WE'RE HIRING

Products

  • Knowledge Graph
  • Query Tool
  • Data Requests
  • Knowledge Storage
  • API
  • Pricing
  • Enterprise
  • ChatGPT Plugin

Legal

  • Terms of Service
  • Enterprise Terms of Service
  • Privacy Policy

Help

  • Help center
  • API Documentation
  • Contact Us
By using this site, you agree to our Terms of Service.