BluVector targets midmarket customers, managed services partners with new release of malware detection offering

BluVector, which spun out of Northrop Grumman last year, offers defense-grade network security, and uses a channel to reach midmarket customers.

Network security vendor BluVector has announced the 3.1 release of their flagship BluVector Cortex offering. A major addition provides support for Office 365 and Google Mail, to provide protection against both file-based and fileless malware attacks through cloud-based email services. They also announced a series of enhancements specifically aimed at the needs of both midmarket customers and the channel partners who serve them.

BluVector’s technology was developed in the defense industry. They were part of Northrup-Grumman until spinning out of that organization last year.

“We are a network security player that detects and responds threats that are attacking from a network perspective,” said Kris Lovejoy, BluVector’s CEO. “That’s not unique. What is unique, however, is the technology that we use. Over the course of a decade, using data from the U.S. intelligence community and the vendor community, we have developed a series of machine learning engines, and have a unique patent against cyberthreats. We use the machine learning to train a series of algorithms that let us detect threats in real time on the network – both in file versions and fileless versions, with the latter  protecting against things like threats that come simply from visiting infected websites.”

Thus, while this is just the 3.1 release of Cortex, the technology is considerably more mature than the version number suggests.

“The technology has been developed and deployed over the last 10 years in the defense industry,” Lovejoy said. “The release numbering dates from when Cortex was introduced to the commercial market last year.”

BluVector detects threats both at the perimeter and inside it, but emphasizes their ability to stop unknown threats before they get inside the network.

“Many vendors today have given up on the concept of perimeter security, and have focused on protecting endpoints, but that’s just not how the world works, particularly in environments like hospitals,” Lovejoy said.

Coming out of Northrup-Grumman, BluVector developed a hybrid selling motion.

“Our initial strategy was to sell direct to large public sector organizations, and our goal for our channel – Managed Security Service Providers and Managed Detection and Response Providers – is to extend our reach into the midmarket.,” Lovejoy indicated.

While outside North America, they use distribution to reach and support these managed services partners, in North America they deal direct with two types of partners.

Kris Lovejoy, BluVector’s CEO

“One is those – WWT would be a good example –  who just distribute the product,” Lovejoy said. “Then you have the more value-added resellers, whose real purpose in selling us is to wrap a service around it, which is their principal value. Those are ideally the best kind of partners, because they make the product the stickiest for customers.

The biggest new feature in this release is likely the new Cloud Email analysis capability. BluVector Cortex can now analyze malware attacks from any cloud-based IMAP email service, including Office 365, Google for Business and other major providers.

“Many organizations are moving to cloud-based services like Office 365, Google Mail and Dropbox, but they are still a blind spot for them,” Lovejoy said. “As long as the apps are IMAP-enabled, we can monitor that traffic.”

The other new elements of the 3.1 release are aimed principally at providing more information and functionality for less sophisticated users. They are thus well-suited for the mid-market, and the managed service provider partners that serve them.

A new Event Reporting Dashboard provides more information than before about the network traffic data generated by the solution.

“This exposes a lot more of Cortex’s capability for midmarket users and our channel partners,” Lovejoy said. “It is for organizations with less security sophistication, and lets them better leverage our functionality through richer reporting out of the box.”

New sandboxing capability to provide dynamic malware analysis is aimed at this same target market, giving users the ability to automate secondary analysis of flagged malware content.

“This is also a technology that is more designed for the midmarket,” Lovejoy noted. “Most large organizations have a sandbox. Midmarket customers tend not to have them, so what we have done is create a sandboxing infrastructure, so that files selected by monitoring will be automatically assessed.

An improved intelligence feed is also intended to fill a likely void for midmarket customers.

“Most larger organizations pay for intelligence feeds, which provide good information that help block access to some threats,” Lovejoy said. “Smaller ones don’t usually have those, so we have integrated the feeds to provide this capability.”

In addition, BluVector Cortex now examines all files to look for and analyze embedded VBScript, an increasingly common attack vector.