As attackers become increasingly sophisticated, there is a need for advanced technologies that can detect attacks that traditional tools can't.
That's the mission for Blue Hexagon, which emerged from stealth on Feb. 5 with a deep learning platform to help automatically detect potential threats. The Blue Hexagon platform offers the promise of near real-time prevention of threats, with visibility into the indicators of compromise for an attack.
"Our technology is rather unique in that we've taken a technology that's been very effective at computer vision and speech and we're applying it to the complex problem of computer security," Nayeem Islam, co-founder and CEO of Blue Hexagon, told eWEEK.
Islam had previously spent the past decade working at Qualcomm, where he led a research and development group involved with deep learning and its implementation on mobile phones. He left Qualcomm to start Blue Hexagon in June 2017. Alongside the company's debut, Blue Hexagon also announced that it has raised $31 million in funding from Benchmark and Altimeter to help develop the technology and go-to-market efforts.
What Is Deep Learning?
The terms artificial intelligence (AI), machine learning (ML) and deep learning are often used as synonyms for each other, but there is a fundamental difference between what the different technologies enable and how they work.
Islam explained that with classic machine learning, there is a need to perform what is known as feature engineering, which means you really have to know a lot about the problem and essentially teach the algorithm to look for items, in a process that often involves a lot of engineering and human intervention.
"Deep learning is a huge advancement in the sense that the engineer does not have to provide a lot of input into what to look for. The algorithm finds things by itself," Islam explained. "That's one of the most important parts of deep learning and why it's so effective at solving a problem like network security, which is very complicated with so many forms of malware playing around in the network."
With machine learning, there is often a distinction drawn between supervised and unsupervised learning, where a system is directed to a data set to learn. Islam said that the deep learning model used at Blue Hexagon is a supervised technique. He explained that the real issue is how much work the engineer has to do to tell the system what to look for, in terms of what is a threat and what isn't a threat.
"So we do have data that we use to train our algorithms, and we generate what are known as inference models," Islam said.
He added that with other techniques, a developer would have to task the algorithm to look for very specific things to determine what is a threat. With the Blue Hexagon deep learning model, Islam said that once the algorithm understands that something is a virus or something is not a virus, that's all it needs to know to operate.
"We're really focused on the network threats that are very specifically focused targeted threats like malware variants," Islam said. "But deep learning can be applied for a lot of different types of threats."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.