CYBER THREAT EDGE NODE

Deep Packet Inspection of all Communications. Unlimited On-Prem Log Retention.

Full Node

Blueshift's XDR platform has different configurations based on the customer's network topology. In smaller organizations-the Analytics Node and the Network Node can be combined in a single server instance. The Standard Cyber Threat Full Node allows for up to a maximum of three internal network segments. It has 12TB of storage for XDR data.

Analytics Node

The analytics nodes are the brains of the Blueshift XDR system. They securely collect and store data from both the PCAP nodes and the XDR Agents, both for real-time and historical analysis and for archival purposes

PCAP Node

The PCAP Network Nodes ingest and decode network traffic and feed that decoded traffic securely to the Analytics node. Additional services such as intrusion detection and prevention, deception, vulnerability scanning and threat intelligence are provided by the network nodes.

Micro Node

The Micro Edge Node is an “all-in-one” low-cost hardware appliance designed for companies with less than 50 devices. It supports a maximum of one internal network segment. It supports 1TB of storage for XDR data.

Edge Connection Broker

Conveniently upload XDR security logs from remote Windows, Linux, and Mac OS devices to the XDR Analysis Node via secure tunneling.

Unlimited Security Log Storage

Never worry about paying costly monthly fees to store critical log files. Blueshift will store an unlimited number of logs on-prem at no additional cost

TESTIMONIALS

EBOOK DOWNLOAD

THE CASE FOR

BLUESHIFT XDR

Learn how Blueshift’s Comprehensive Cybersecurity Operations protect all devices and data across your entire IT infrastructure, including in-depth information Blueshift’s:

  • Cyber Threat Edge Node
  • Unlimited On-Prem Security Log Retention
  • Threat Intelligence
  • Intrusion Detection & Prevention
  • External Deception
  • Internal Deception
  • Network Security Monitoring

ANALYTICS NODES

The analytics nodes are the brains of the Blueshift XDR system. They securely collect and store data from both the PCAP nodes and the XDR Agents, both for real-time and historical analysis and for archival purposes. Analytics nodes can be clustered for both added compute capacity and added redundancy

Customers can receive credentials for read-only access to the system dashboards and reporting features. Analytics nodes can be run in the cloud, on customer COTS hardware or can be purchased pre-configured from Blueshift and/or its partners. 


They run a hardened version of the Linux Operating System (Ubuntu 20.04 LTS Server). No customer or third-party access is allowed to the device via SSH. Only authorized Blueshit personnel with proper credentials to access our SOC are allowed to access the device via our zero trust agent. Each Analytics Node is uniquely keyed at provisioning with Blueshit’s PKI infrastructure that allows that node to securely communicate with our SOC via non-publicly available APIs. 


Keys are both pre-shared keys (PSK) and signed 4096 RSA public/private keys. In addition, each device is given both a unique device ID and API key at provisioning to further secure access to our API infrastructure. Lastly, each node shares a unique ED25519 SSH key exchange with our SOC infrastructure, so all access to the node data from our SOC is double-encrypted from our SOC.


PCAP NODES

PCAP Nodes can be run on customers’ COTS hardware or purchased pre-configured from Blueshift and/or its partners. They run a hardened version of the Linux operating system (Ubuntu 20.04 LTS Server). No customer or third-party access is allowed to the device via SSH. Only authorized Blueshit personnel with proper credentials to access our SOC are allowed to access the device via our agent. 

 

Each node is uniquely keyed at provisioning with Blueshit’s PKI infrastructure that allows that node to securely communicate with our SOC via non-publicly available APIs. Keys are both pre-shared keys (PSK) and signed 4096 RSA public/private keys. 

In addition, each device is given both a unique device ID, and API key at provisioning to further secure access to our API infrastructure. Lastly, each node shares a unique ED25519 SSH key exchange with our SOC infrastructure, so all access to the node data from our SOC is double-encrypted from our SOC. 

 

PCAP Nodes ingest and decode network traffic and feed that decoded traffic securely to the Analytics node. Additional services such as intrusion detection and prevention, deception, vulnerability scanning

REQUEST INFORMATION