Earlier this month, Hexis Cyber Solutions, a subsidiary of KEYW Corporation, launched a new active defense solution dubbed “HawkEye G” aimed at protecting private companies against advanced persistent threats (APTs). Instead of an individual hacker breaching a network with the intent to steal sensitive data and get out, APTs are characterized by a group or a government entity gaining access to the computer systems of an organization or government agency and remaining there for an extended period of time undetected to glean whatever information they can.
“Virtually any network is protected at the perimeter with technologies like anti-virus (software), firewalls and all of the things you put at the perimeter to keep bad guys out of your network,” said Hexis President Chris Fedde. “However, what’s becoming very clear over the last couple of years is the persistent threat. The really aggressive, dedicated threat will get past your perimeter defenses no matter what you do; they can get past your perimeter defenses and get in your network.”
According to Fedde, HawkEye G is “purpose-built” to find these threats, diagnose them and remove them from the network. HawkEye G is the second product to be released by Hexis, which was founded earlier this summer. Fedde said that KEYW, which focuses on developing cyber security solutions for the government, counterterrorism and intelligence community, created Hexis to be its commercial products arm. And because KEYW works so closely with the government, Fedde said they have inherent knowledge regarding APTs - how they infiltrate the network, what they look like and how to eliminate them.
“What HawkEye G really then consists of is the ability to ingest large amounts of data from inside your network. It monitors virtually everything in your network; people, computers, switches, routers, servers, etc.,” explained Fedde. “It analyzes everything that’s going on in your network and it analyzes behaviors going back six months. In other words, it is continuously watching your current behavior and comparing it with behavior that goes back six months and analyzes what behaviors in there could be indicative of having a threat inside your network.”
It can take anywhere from a period of a few weeks to even months to detect these types threats using currently available tools, but HawkEye G has the ability to find, diagnose and remove malicious code hiding within the network in just a matter of seconds.
“The very stealthy threat knows how to go in and take a long time to embed itself in the network. It knows how to fool your network into thinking that it is normal and it can just take a very long time to get itself embedded and it’s not unusual for it to be in your network for six months before it does any damage,” Fedde said. “Every time you pick up a paper these days you read about big data and you read about analytics. Well, the fact is you just weren’t able to do this kind of detection until now. You really needed all of the data that’s in the network and you also needed the ability to store it a warehouse, so that you had quick access to it.”
While there are products currently available that can analyze behavior on the network, detect malicious behavior and even inform the network owner what to do about it, Fedde said that there is not one that will do all that, as well as go in remove it. “The true differentiation (for HawkEye G) is then when it comes time to diagnosing how to remove (the threat) and then automatically removing it, there aren’t other products that do that,” he said.
Although Hexis believes HawkEye G will be ideal for organizations that manager large networks containing high-value information such as critical infrastructure, financial firms, high-tech and telecommunications companies, Fedde said that the solution is really for any network owner who knows they’re susceptible to APTs.
“It’s a little surprising to me how many large network owners still believe they can protect their networks 100 percent at the perimeter,” he said. “If you really believe you’re doing 100 percent protection at your perimeter you wouldn’t need our product, so we’re really targeting people that know that’s just not true. If people want to get inside the networks they will.”
