AWS Marketplace

Blue Hexagon Next-Gen Network Detection and Response

Blue Hexagon NG-NDR is a comprehensive agentless cloud, prem, and SaaS security platform that uses a network-centric artificial intelligence based approach to uncover threats in the enterprise. By applying deep-learning to packet-level network traffic (analyzing millions of traits in network headers and payloads), Blue Hexagon identifies both known and unknown threats with near 100% accuracy in milliseconds. Blue Hexagon threat findings containing full threat categorization, TTPs, and behavioral indicators are sent to SecurityHub for rapid response orchestration. Deploy seamlessly using VPC Traffic Mirroring to mirror traffic from ENIs attached to EC2/EKS instances or attached to any gateways or NGFWs in your VPCs.

BYOL Listing

Step 1: Subscribe in the AWS Marketplace

Find the Blue Hexagon Deep Learning Network Detection and Response listing in AWS Marketplace.

Click on “Continue to Subscribe”.

Step 2: Procure a license

To procure a license, fill out this form. Be sure to select AWS as your deployment preference.

Blue Hexagon will send you the license key to the email address provided, along with a link to this page.

The email will also contain instructions on how to access the Blue Hexagon portal.

Step 3: Configure Blue Hexagon appliance

Be sure to configure and launch Blue Hexagon through the EC2 console, and not through the “Marketplace website” upon subscription.

Find the Blue Hexagon Deep Learning Network Detection and Response subscription under “Manage subscriptions” in your AWS Marketplace console.

Click on “Manage”.

Click on “Launch new instance”.

Select region where you would like to deploy the Blue Hexagon virtual appliance, and click on “Continue to launch through EC2”.

In the EC2 console, choose one of the supported instance types, e.g. r5.2xlarge.

Click on “Next: Configure Instance Details”.

Select the VPC and subnet where you would like to deploy the Blue Hexagon virtual appliance.

Under “Advanced Details”, paste the following snippet in the “User data” textbox, replacing the dummy JSON content (shown in green) with the license key provided by Blue Hexagon:

#cloud-config
write_files:
- content: |
    {   
      "aws_access_key_id": "dummy",
      "aws_secret_access_key": "dummy",
      "bucket_prefix": "dummy",
      "bucket": "dummy"
    }   
  path: /root/.bootstrap/bootstrap.json

Click on “Next: Add Storage”.

Click on “Next: Add Tags”.

Add any as appropriate.

Click on “Next: Configure Security Group”.

Select the newly auto-created security group, and set the “Source” CIDR blocks to the address ranges of the monitored VPCs. E.g. If you want to configure Blue Hexagon to monitor a VPC with address range 10.0.0.0/8, set the security group to allow traffic from 10.0.0.0/8 over port 4789 (the VPC Traffic Mirroring port).

Click on “Review and Launch”.

Click on “Launch”!

About ten minutes after launch, your Blue Hexagon virtual appliance will register in the portal under System Status.

Step 4: Configure VPC Traffic Mirroring to Blue Hexagon

Follow instructions here to mirror traffic to Blue Hexagon for inspection.

Step 5: Enjoy deep learning powered protection in AWS!

Log in to the Blue Hexagon portal and explore deep learning powered insights.

Blue Hexagon Documentation