PRODUCT DATA SHEET

Product Overview

BluSapphire is Only Unified Cyber defense Platform with HIGHLIGHTS

Intelligent Response Automation. BluSapphire is one platform that
replaces your entire advanced cyber defense stack. It gets rid of • Agentless and Automated Intelligent Response &
silos by converging network, system, and end point based multi- Remediation
vector analysis. Built on an Open Data Platform, it readily
integrates with existing security tools to deliver comprehensive • Open XDR Solution with seamless integration
advanced cyber defense.
with existing tools
BluSapphire Intelligent Cyber defense Platform allows you to
detect threats accurately in seconds instead of days, weeks or • Multi vector detection and analysis using AI & ML
months. BluSapphire multi-vector based threat detection that Modules
combines multiple Machine Learning models, Binary and Behavior
Analysis coupled with Network Behavior, operating across • Feeds Threat Intel from more than 110+
network layer, system layer, file system layer, meta data, in sources(open & commercial) with a customizable
memory to detect threats with an accuracy. Looking at one tool scheduling option
taking care of complete advance cyber defense stack will give very
high-fidelity alert to the end user and Looking at multiple vectors • Guaranteed Minimum Time To Detect (MTTD) &
will enable low rate false positives. Minimum Time To Respond (MTTR)– few seconds
BluSapphire combining the power of AI, Machine Learning • Built on an Open Data Platform which is elastic in
techniques and Advanced Data Analytics to Detect, Analyze,
nature and can scale horizontally
Respond and Remediate cyber threats i.e. zero-day, APTs,
Ransomware, internal threats, unknown threats while being
proactive in threat hunting. BluSapphire’s Automated Threat
• Reduction in TCO by up to 45% & Operational
Response (ATR), allows you to remotely quarantine, suspend, costs by 30%
clean a remote system in an entirely automated way, using a
superior agentless response module.

AI and ML based detection

Detection & Analysis Our machine learning models go beyond conventional models,
Threat detection at faster rate. Our model has high detection
Deep packet inspection rate of 99.8% of detection rate which is highest in the industry
Deep packet Inspection means different things to different because of our feature. Currently we monitor over 40 different
vendors. BluSapphire uses DPI to detect C&C activity and pick up file type looking for malicious activity this result organizations to
botnet activity without relying on Threat Intelligence. This helps detect with accuracy and, hence reducing false positives.
detect threat actors C&C even if they use valid sites like Google or
Amazon. Detection relies heavily on Signal Intelligence techniques Static Binary Analysis
to pick patterns of activity. Akin to Reverse Malware Engineering on the fly at wire speed,
BluSapphire enables rapid detection of malicious zero-day
Static analysis malwares or Ransomwares even without ever executing them.
BluSapphire performs real time static analysis on the packets, What usually takes days and weeks can now be achieved at wire-
which includes IDS, signature matching, looking for indicators of speed.
compromise, command and control network traffic and
environment traffic. Network Behaviour Anomalies
Whether its data exfiltration over DNS, SSH or HTTP(S) or an
Behaviour analytics module attacker looking for vulnerabilities, BluSapphire’s advanced
BluSapphire platform comprises of advance behavior analysis machine learning models can detect these network anomalies
module, which is similar to sandbox, but built in house from the immediately and contain the threat using native agentless
scratch. Behavior analytics module focus on understanding response and remediation. BluSapphire can also immediately
attacker activity to revile the payload. enquire the endpoint that is causing the behavior and gather
context around the suspicious activity in seconds.
 PRODUCT DATA SHEET

Response and remediation Threat intelligence

Agentless response BluSapphire consolidates threat intelligence from more than

One of the very important features of BluSapphire is its capability 110+ sources, de-duplicates the data, consolidates and
to respond and remediate etc. Response usually is in the form of validates the data before consuming the threat intelligence.
quarantine the end point, suspending the processes or cleaning While the list is dynamic and varies by the quality of threat intel
up the affected end points. provided, BluSapphire also uses proprietary bots that collect
BluSapphire can also work with Industry standard tools to threat intel data from various Social Media platforms and
orchestrate a response based on customer requirements. DarkNets. It disseminates the Threat Intel to all its customers
on customizable schedule. The default schedule is every hour.
Automation & Orchestration It uses feeds from both Open & Commercial feed. Apart from
Completely built ground up, the orchestration between that MISP and any STIX, TAXII and CSV formatted threat intel
BluSapphire SIEM and Threat Hunt engine is seamless and is sources are supported.
tightly knit. Below are some key features

• Playbooks/ Run Books for incident response and

remediation Forensics
• Automated Response and Remediation capability based
on the alerts triggered (Priority based) BluSapphire use agentless approach for collecting forensics
• Automated Agentless Threat Hunt from endpoint systems. By default, BluSapphire collects
• Integration with Multiple External Threat Intelligence in • Currently active process names, hashes and path
carrying out faster incident triage • Current services list
• Radical reduction in MTTD and MTTR • Current startup locations (including hidden ones like
• Seamless integrations via Rest API’s registry, Roaming Cache, many more
• Single Pane of Glass for Detection, Response and • Current Scheduled tasks list with execution path and
Remediation hashes
• Current network connections
Dashboard & historical data, UIs • OS version and patch details
BluSapphire empowers Level I analysts to extend their scope of • Recently executed process/files.
work and operate at the efficiencies of Level III Analysts giving • USB devices used.
then super cow powers, thanks to the advanced ML and threat
response automation it provides. Our Easy-to-Use interfaces, and BluSapphire’s agentless forensics also supports gathering of
simple analysis layouts enable rapid adoption by your Level I random artifacts on the fly
analysts – without the need for additional training in most cases.

Technology Stack
BLUSNIPER (THREAT HUNT)
BluSapphire offers all the technologies that falls under cyber
defense chain of Detect, Analyze, Respond & Remediate with in BLUSOAR(AUTOMATION & ORCHESTRATION)
advanced cyber defense stack in a single platform which is very
easy to use, and combining all these technologies will help in BLUGENIE (EDR)
recognizing threats that are usually missed by the tools that looks
A I & M L

at individual layers and this in turn will allow our platform to

provide very high accurate alerts to end users.
BLUTURQUOISE (UEBA)

The entire technology stack is empowered by Artificial BLUEYE (SANDBOX)

Intelligence(AI) & Machine Learning(ML) Modules at the back
end to provide accurate Insights by building context around the BLUACTIVEdefense (DECECPTION)
data that has been collected from the devices with in the
network and provide meaningful insights in very minimal time. BLUNAF (NTA/NBAD)

Our Open Data Platform(ODP) leverages new Big Data

BLUARMOUR (ANTI-RANSOMWARE)
technologies providing horizontal scalability, flexibility and raw
on-demand analytical capabilities. Our ODP provides Instant
search results, even across terabytes of data. It also enables BLUSIEM (NextGen -SIEM)

infinite storage capabilities with near zero maintenance and

management OPEN DATA PLATFORM (ODP)

040-40165432 [email protected] Flat G14, Gowra Tulips, Gafoornagar, Madhapur, Hyderabad, Telangana - 500081

www.blusapphire.com
 PRODUCT DATA SHEET

BluSapphire Key Features across technologies

Technology Key Features

• Log Management with Real Time correlation of events
• Customizable dashboards with Role based authorizations & Control
• Flexible for integrations(Cloud Services, SaaS Apps, Infrastructure, Standard/Custom Apps) with 1280+
SIEM
built-in uses cases
• No-Code Rule/Custom use case building functionality
• Compliance Ready & Automated Reporting
• Feeds curated live information from more than 110+ intel sources
• Native Integration with Malware Information Sharing Platform(MISP)
TI
• Ingestion with customized scheduling option
• Supports, STIX, TAXII & CSV formats
• Automated updates to Firewall Policy, address tables in Network Access Control
• Real time automated/manual Threat Response & Remediation
SOAR • Automated Security Incident Life Management via ITSM structure
• Automated Dynamic Risk Rating based on real time threats
• Leverages Threat Intel sources for single click triage
• Complete visibility over User & Entity activities
• Over 550+ built-in analytical models
UEBA
• Automated Cyber Attack Triage – single click away
• Native Network based Entity Behavior Capability
• Agent based or Agentless threat detection, response & remediation
• Detailed behavior activity tracking
EDR • ML driven engine in identifying Zero-Day/APT’s and Malicious activities in the nascent stage
• Intelligent Response Function - Containment of cyber threats on end points
• In-Depth forensics & Threat Hunts enabled by detailed data insights
• ML driven – Signal Intelligence(SIGINT) in detection over encrypted traffic channels
NTA/NBAD • Big-Data powered in-depth network analysis & visualizations
• Identification of malicious activities – signature based over network
• Complete cyber security coverage for end points irrespective of whether they are connected to
Internet/VPN or not
EPP
• Built-in intelligence tracking and blocking if there is malicious content
• Ultra Lightweight Agent, which can also be utilized for building device control
• Performs real-time static & binary analysis
Sandbox • Complete visibility into In-Memory activities
• Option to respond, remediate & perform Live Hunt with identified behaviour driven IOC’s
• Deploys authentic & scalable decoys across your infrastructure
Deception • Building application & network level deception strategies
• Automated Response & Remediation for threats identified
• Agentless hunting that’s more reliable than current methods without relying on log historical data
Threat Hunt • Option to build custom behaviour driven indicators(IP/URL/Process/File Patch/ Services/ Tasks/
Registry)

BluSapphire Offerings
SIEM TI EDR Sandbox NTA & NBAD UEBA Deception Threat Hunt EPP SOAR

Basic

Advanced

Elite

040-40165432 [email protected] Flat G14, Gowra Tulips, Gafoornagar, Madhapur, Hyderabad, Telangana - 500081

www.blusapphire.com