Hexadite follows specific procedures to investigate potential risks, using artificial intelligence and machine learning to decide what’s normal for a particular network and what constitutes a threat.
Because Hexadite uses information provided by other security systems, it’s obviously supposed to be deployed in the enterprise where those devices exist. However, it’s not going to be deployed as a stand-alone service. Instead, Microsoft intends to put the Hexadite technology into the company’s existing enterprise security software, Windows Defender Advanced Threat Protection (WDATP).
WDATP is a cloud-based security suite that Microsoft sells to enterprise users. The addition of Hexadite’s Automated Incident Response System to WDATP would significantly enhance the effectiveness of Microsoft’s product.
A Microsoft spokesperson briefly explained the company’s plans. “Hexadite develops agentless, automatic incident investigation and remediation solutions that increase productivity of security resources,” the spokesperson said to eWEEK in an email. “This acquisition will build on the work we’re already doing to make Windows 10 the most secure Windows ever. Hexadite’s technology and talent will enhance our existing capabilities and strengthen our ability to add new tools and services to Microsoft’s robust security offerings,” the email statement said.
By acquiring Hexadite Microsoft is attempting to deal with an unfortunate fact in today’s enterprise, which is the reluctance of some companies to expend the resources to make their networks more secure. This coupled with the significant shortage of employees who have the skills necessary to detect, investigate and remediate cyber-attacks means that some form of automation is essential.
However, integrating Hexadite into WDATP isn’t enough by itself. Even when it works quickly, Hexadite takes a minute or so before it can halt the malicious activity. Ransomware can encrypt a lot of files in a minute or two.
Malware can take a variety of actions and Hexadite can stop them, but there’s always a slight delay. What this means is that you will still need security applications that can handle such attacks instantly.
A good example of the types of faster-acting software that you’ll still need to consider include software from Cybereason with its Total Endpoint Protection software, or Malwarebytes and its anti-malware software. By using those you can kill the malware instantly giving Hexadite time to finish the job.
When fighting malware or other cyber-attacks, a successful defense is measured in seconds. Products that can perform investigations and remediation quickly will play a critical role in keeping your network safe.
But in situations when even a minute is too long, you need protection at multiple levels. Hexadite’s software clearly fills an important need, but only when it works in concert with other security defenses.