Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Overview

Signature-based threat detection solutions and malware sandboxes are no match for next generation adversaries who utilize mutating hashes, sophisticated obfuscation mechanisms, and self-propagating malware. In 2017, more than 350,000 malware variants were created every day.

The only way to keep up with attacks is via AI-based defenses. Blue Hexagon detects malware and its manifestations such as C2 in less than a second, at greater than 99.5% efficacy, using deep learning. Deployed as a hardware or virtual appliance in network tap mode, the Blue Hexagon deep learning models inspects network payloads and headers for malware. Once malware is detected, Blue Hexagon orchestrates a coordinated prevention and response across security products in the organization, including endpoint security, proxies and next-generation firewall.

This document describes the Blue Hexagon and Palo Alto Networks integration.

Blue Hexagon and Palo Alto Networks Integration

Blue Hexagon integrates with Palo Alto Networks External Dynamic List. An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. When Blue Hexagon detects malware in less than a second, the malicious URL information captured in our malware inspection, i.e. where the malware is originating from and C2, is included in an EDL file. This EDL file is maintained by Blue Hexagon on our server, and the Palo Alto Networks can be configured to import this information.


Configuration

  1. Inform Blue Hexagon Customer Support at support@bluehexagon.ai to enable the PANW Firewall integration on your Blue Hexagon Secure appliance.

  2. Blue Hexagon includes a web server that hosts the malware URL block list file at http://<Appliance IP (e.g. 192.168.170.166)>:8081/. This is the External Dynamic List that enables PANW Firewall to block the web malware from getting downloaded.

  3. Configure External Dynamic List and URL rule on PANW FW

  4. Verify that Blue Hexagon is updating new URLs for High and Critical malware threats in the EDL file (through PANW CLI )

  5. Verify that PANW FW is blocking the URLs updated in the pac.txt file. Endpoint accessing the URL should get a "Web Page Blocked" message.


  • No labels

Blue Hexagon Proprietary