"Enterprises need tools that identify and remediate security breaches as soon as they occur," said Chris Fedde, president at Hexis Cyber Solutions. With roughly one hundred employees split between the company's headquarters in Hanover, Md. and Silicon Valley, Hexis is a spin-off from government defense system builder KEYW Corp., a 1,200-person cybersecurity company that has worked closely with the U.S. National Security Agency and other government agencies to develop cybersecurity and geospatial intelligence systems. The idea behind Hexis, Fedde said, is to bring government defense know-how to the commercial space.
The Hexis HawkEye system deploys complex data analytics in real time, evaluating large quantities of network performance data and leveraging algorithms that identify subtle network changes and odd user behavior. As a product, it comprises two elements, the HawkEye G (for active defense grid) and HawkEye AP (for analytics platform).
Current malware aims to be undetectable, so there can be a lag of days, weeks or even months from the time a compromise occurs to when a customer recognizes and tries to remediate. In the interim, a lot of damage is done. Once the Hexis algorithms spot users behaving in inappropriate ways, businesses can put countermeasures in place. “In some cases, the malware will immediately begin to morph and regenerate itself,” Fedde said. To thwart such moves, the HawkEye system features automated counter measures. Once triggered, the response ranges from denying the malware access to system resources, to shutting down the code.
However, the product’s proactive nature could create problems. “Traditionally, some security systems have had the ability to shut down internal code, but security officers have generally turned that function off,” noted Dan Blum, former Burton Group and Gartner security analyst and current chief security officer at Respect Network. Blum said this is due to the risk of false positives and the danger of shutting down critical internal applications. The Hexis system could be tweaked so it does not shut down code until a system administrator validates the action, but the downside is damage could be done during the evaluation.
A number of other vendors have developed some -- but not all -- of the elements found in Hexis (such as analytic functions and security and counter defense measures) that operate in HawkEye, according to Blum, who said RSA has the most complete system when compared head-to-head with HawkEye.
Pricing for HawkEye, based on the enterprise's network device population size, ranges in the multiple hundreds of thousands of dollars, meaning it's generally suited only for larger enterprises.
Paul Korzeniowski is a freelance writer specializing in security issues. He has been covering technology for more than two decades and is based in Sudbury, Mass. He can be reached at firstname.lastname@example.org.