Recently, Blumira began a large-scale project to introduce a powerful new detection system called Real-Time Detections. We built this technology in-house to provide you with real-time notifications for many of the product’s native threat detections.
Blumira’s platform was based on a scheduled detection system that could have variable time windows between 5-30 minutes. It was important to accelerate our time to detection so that organizations would get notified faster of threats to stop attacks sooner.
Our new Real-Time Detection system will give you an added advantage in defending your organization’s network by dramatically accelerating the speed of the product’s detection notifications and subsequently your time to respond. This new system will execute logic to notify organizations in as little as 800 milliseconds.
The legacy detection system inspected for specific events over a designated window of time by design. Stated differently, the conditions for a Finding to be generated was both a matched logged event and waiting for a designated window of time to elapse, which amounted to a regular delay between event happening and customer notification.
Said legacy system was brilliant for threat detections involving repeated events representing a single malicious behavior like password spraying. It was less ideal for single moment-in-time threat detections such as virus alerts because of the implied notification latency.
The legacy ‘windowed’ detection system will remain in production so the Blumira platform can take advantage of its strengths, such as the password spraying attack mentioned above, but we will also be dramatically re-balancing our dependence on it. Embracing both detection systems according to their strengths will give customers a better product experience.
Customers like you mean everything to Blumira. We take immense pride in doing everything we can to ensure you have an excellent product experience. The goal of this post is to keep you, the customer, fully informed about a major product update.
There is no specific action needed at this time. However, please keep Blumira informed of any observed irregularities with Findings, such as spike in volume or other unexpected behavior. The product feedback is deeply appreciated.
You can submit critical issues in two ways:
Not a customer? Try out Blumira’s automated detection & response platform, deploy in hours and get immediate security value. Sign up for a free trial or watch a demo to learn more.