Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

If You Build It (An Infrastructure), They Will Come (Malicious Data)

Posted by Jason Drewniak | 8/15/19 8:00 AM

Garland Technology and BluVector® are dedicated to sharing network connectivity best practices and inline security management, propagating why having reliable data in your network is incredibly important for security. 

BluVector, recently acquired by Comcast, is a leading network security provider. The data BluVector provides empowers security teams to uncover real threats, allowing business and governments to operate with confidence that their systems are protected.


Building a Strong Security Infrastructure 

Garland Technology’s EdgeSafe™ Bypass TAPs provide 100% visibility, and 360° views for BluVector Cortex™ sensors to monitor north-south traffic and the flows getting past firewalls. The sensors can also be deployed on an internal LAN segment to acquire data related to lateral movement of threats in the network. Once the data is collected and put into a collector mode through the device, the traffic can be measured and segmented with machine learning and aggregated event data, which is then forwarded to a SIEM. 

As data centers grow, data segment applications and additional data to manage can grow exponentially. It’s the natural evolution of services being provided, which can be challenging to scale, thus introducing bottlenecks and opportunities for downtime. To mitigate this risk, a toolset for performance, monitoring & analytics, or active security is needed for visibility into the network

 

Bluvector JS Diagram

 

Before passing through the BluVector scalable file analyzer, the reassembled packets carve out metadata and files. The data going into BluVector is primarily live traffic, therefore files or PCAP data can be submitted in parallel. Once the data is passed, a series of different engines analyze the data. The Core engine is the machine learning engine where about 40 different file types are uncovered.

 

AI-Driven Network Security

From the data fed from the Network TAPs into BluVector sensors, a speculative code execution engine is used. This coding primarily focuses on two things: 

  1. Shellcode detection and documents 
  2. JavaScript emulation. 


BluVector will carve out JavaScript segments from the wire. Using the speculative coding, the segments are inspected for suspicious intent with 100% code coverage. The platform uses a series of heuristics when the malicious code has been identified. 

BluVector shows what has been determined malicious through a list of event cards representing a high level of information. The event detail shows everything captured by the Zeek metadata and from the Garland Network TAP. Since every piece of the data is logged and connected, BluVector filters and indexes the information automatically. This produces a great visual of the time the event took place. As an analyst, this is important to drill into the transferred executable file to see immediately where the metadata and file type is located.

How to obtain real time advanced threat detection

Machine learning is used to train the data as events are adjudicated. The events are marked as malicious or false positive automatically, providing batch training systems and statistically sampled data. In order for BluVector sensors to analyze malicious data, a Bypass TAP is needed to provide live traffic. This starts at the foundational layer providing multi mode tool capabilities and visibility into the environment. Garland Technology's Network TAPs allow the right data to be driven to the right place at the right time. 


{Ready to learn more about how BluVector and Garland Technology work together to deliver high-fidelity detection, at scale and in real-time? Watch our latest webinar today!}

Topics: Network Security, Network Visibility/Monitoring, Technology Partners

Written by Jason Drewniak

Jason Drewniak is the Vice President of Marketing and Business Development at Garland Technology in the Buffalo, New York office. His experience building brands and delighting customers covers a variety of tech-forward products like computers, toys, and beer. At Garland he is responsible for educating network stakeholders about the "Garland Difference!"