AWS Startups Blog

Blue Hexagon Cybersecurity Fights Fire With Fire Using Deep Learning

Business technology may be growing increasingly complex, but when it comes to cybersecurity, it remains a game of cat and mouse. Hackers and cyber criminals are currently creating malware at an unprecedented level to infiltrate websites around the world, disrupt business, steal company secrets, shut down sites, and take customers’ information. In 2017 alone, over 120 million new malware samples were detected. And even if your business deploys state-of-the-art signature-based detection systems and malware sandboxing, it can quickly get overwhelmed by a daily deluge of new threats. Sunnyvale, Calif-based Blue Hexagon, however, thinks it’s cracked the problem.

“We’ve developed the world’s first real-time, deep learning–based threat detection platform,” says Nayeem Islam, CEO and co-founder of Blue Hexagon. “We’ve been using the AWS platform to generate our models using deep learning.” Deep learning, the means by which algorithms create a neural network that can subsequently learn and make decisions on its own, was initially used for image processing, but Blue Hexagon applies it to new ends.

“Deep learning is very powerful to model complex decision boundaries, and network security is a problem that’s a perfect fit for it,” says Shuo Deng, machine learning scientist at Blue Hexagon. “Using deep learning in network security is really a new idea. We really needed to start from scratch, to do our own research, and see how we can combine machine learning and network security together.”

Machine learning accelerates so many aspects of modern business, but businesses aren’t the only ones with the technology at their disposal. “Over the last ten years, attackers have been using AI to automate malware generation, and these instances of malware propagate throughout the internet and attack companies,” Islam says. “Current defenses use signatures and sandboxes, and they get overwhelmed by these malware variants. And so we knew that deep learning would have some effectiveness in detecting these threats. What we were really surprised at is how effective is really was. We’re getting 99% plus efficacy in detecting threats on these gigabit networks using deep learning, and that’s an order of magnitude better than what others are using currently.”

Hackers use AI as a means to create a litany of viruses that evolve before most cybersecurity systems can detect it. “Almost every industry that we’ve talked to has some level of vulnerability and are concerned about malware making it through their defenses,” Islam says. “If you look globally, there are new malware variants that are generated every year, and no organization is really immune to being infected by malware.”

And in order for a company’s cybersecurity to properly assess the threat landscape, it requires a lot of data. “For the scale that we’re talking about, every day we train and evaluate thousands of models on hundreds of millions of data points,” says Arridhana Ciptadi, principal machine learning scientist and engineer for Blue Hexagon. “So if you’re operating at that scale, it’s pretty much impossible to do it without a good partnership with a cloud infrastructure.”

If your cybersecurity is only focused on detecting threats, at some point a novel one might slip past your company’s defenses—which is what Blue Hexagon’s deep learning cybersecurity homes in on. For the millions of possible malware attacks out there, there’s a common set of principles underlying them. “In the space of malicious threats, there is actually a limited number of ways that you can inflict damage on a company,” Ciptadi says. “So there is only a limited set of actions malicious actors can aim toward the attack, and that’s the key insight. The way they try to achieve these things is novel, but the thing that they’re trying to achieve is actually not so different.”

Blue Hexagon fights fire with fire, their deep learning cybersecurity able to understand the types of AI that attackers deploy to generate malware not only today, but also tomorrow. “The bad guys are always going to look at creative ways of creating malware that we won’t be able to catch,” Islam says. “Deep learning gives you an opportunity to create models to catch extremely subtle changes that are made to malware code. And our system is able to detect that.”

Blue Hexagon not only offers early detection, but does it quickly. Rather than detecting these incoming threats within days, hours, or even minutes, Islam says, “our detections are typically done in sub-seconds. If it’s detected in less than a second, you can prevent the threat from spreading within the organization.” Security may still be a cat-and-mouse game, but Blue Hexagon uses deep learning to build a smarter mousetrap.