PRODUCT DATA SHEET
Product Overview
BluSapphire is Only Unified Cyber defense Platform with
Intelligent Response Automation. BluSapphire is one platform that
replaces your entire advanced cyber defense stack. It gets rid of
silos by converging network, system, and end point based multi-
vector analysis. Built on an Open Data Platform, it readily
integrates with existing security tools to deliver comprehensive
advanced cyber defense.
BluSapphire Intelligent Cyber defense Platform allows you to
detect threats accurately in seconds instead of days, weeks or
months. BluSapphire multi-vector based threat detection that
combines multiple Machine Learning models, Binary and Behavior
Analysis coupled with Network Behavior, operating across
network layer, system layer, file system layer, meta data, in
memory to detect threats with an accuracy. Looking at one tool
taking care of complete advance cyber defense stack will give very
high-fidelity alert to the end user and Looking at multiple vectors
will enable low rate false positives.
BluSapphire combining the power of AI, Machine Learning
techniques and Advanced Data Analytics to Detect, Analyze,
Respond and Remediate cyber threats i.e. zero-day, APTs,
Ransomware, internal threats, unknown threats while being
proactive in threat hunting. BluSapphire’s Automated Threat
Response (ATR), allows you to remotely quarantine, suspend,
clean a remote system in an entirely automated way, using a
superior agentless response module.
Detection & Analysis
Deep packet inspection
Deep packet Inspection means different things to different
vendors. BluSapphire uses DPI to detect C&C activity and pick up
botnet activity without relying on Threat Intelligence. This helps
detect threat actors C&C even if they use valid sites like Google or
Amazon. Detection relies heavily on Signal Intelligence techniques
to pick patterns of activity.
Static analysis
BluSapphire performs real time static analysis on the packets,
which includes IDS, signature matching, looking for indicators of
compromise, command and control network traffic and
environment traffic.
Behaviour analytics module
BluSapphire platform comprises of advance behavior analysis
module, which is similar to sandbox, but built in house from the
scratch. Behavior analytics module focus on understanding
attacker activity to revile the payload.
HIGHLIGHTS
• Agentless and Automated Intelligent Response &
Remediation
• Open XDR Solution with seamless integration
with existing tools
• Multi vector detection and analysis using AI & ML
Modules
• Feeds Threat Intel from more than 110+
sources(open & commercial) with a customizable
scheduling option
• Guaranteed Minimum Time To Detect (MTTD) &
Minimum Time To Respond (MTTR)– few seconds
• Built on an Open Data Platform which is elastic in
nature and can scale horizontally
• Reduction in TCO by up to 45% & Operational
costs by 30%
AI and ML based detection
Our machine learning models go beyond conventional models,
Threat detection at faster rate. Our model has high detection
rate of 99.8% of detection rate which is highest in the industry
because of our feature. Currently we monitor over 40 different
file type looking for malicious activity this result organizations to
detect with accuracy and, hence reducing false positives.
Static Binary Analysis
Akin to Reverse Malware Engineering on the fly at wire speed,
BluSapphire enables rapid detection of malicious zero-day
malwares or Ransomwares even without ever executing them.
What usually takes days and weeks can now be achieved at wire-
speed.
Network Behaviour Anomalies
Whether its data exfiltration over DNS, SSH or HTTP(S) or an
attacker looking for vulnerabilities, BluSapphire’s advanced
machine learning models can detect these network anomalies
immediately and contain the threat using native agentless
response and remediation. BluSapphire can also immediately
enquire the endpoint that is causing the behavior and gather
context around the suspicious activity in seconds.
 PRODUCT DATA SHEET

Response and remediation Threat intelligence

Agentless response BluSapphire consolidates threat intelligence from more than

One of the very important features of BluSapphire is its capability
to respond and remediate etc. Response usually is in the form of
quarantine the end point, suspending the processes or cleaning
up the affected end points.
BluSapphire can also work with Industry standard tools to
orchestrate a response based on customer requirements.
Automation & Orchestration
Completely built ground up, the orchestration between
BluSapphire SIEM and Threat Hunt engine is seamless and is
tightly knit. Below are some key features
110+ sources, de-duplicates the data, consolidates and
validates the data before consuming the threat intelligence.
While the list is dynamic and varies by the quality of threat intel
provided, BluSapphire also uses proprietary bots that collect
threat intel data from various Social Media platforms and
DarkNets. It disseminates the Threat Intel to all its customers
on customizable schedule. The default schedule is every hour.
It uses feeds from both Open & Commercial feed. Apart from
that MISP and any STIX, TAXII and CSV formatted threat intel
sources are supported.

• Playbooks/ Run Books for incident response and

remediation
• Automated Response and Remediation capability based
on the alerts triggered (Priority based)
• Automated Agentless Threat Hunt
• Integration with Multiple External Threat Intelligence in
carrying out faster incident triage
• Radical reduction in MTTD and MTTR
• Seamless integrations via Rest API’s
• Single Pane of Glass for Detection, Response and
Remediation
Dashboard & historical data, UIs
BluSapphire empowers Level I analysts to extend their scope of
work and operate at the efficiencies of Level III Analysts giving
then super cow powers, thanks to the advanced ML and threat
response automation it provides. Our Easy-to-Use interfaces, and
simple analysis layouts enable rapid adoption by your Level I
analysts – without the need for additional training in most cases.
Forensics
BluSapphire use agentless approach for collecting forensics
from endpoint systems. By default, BluSapphire collects
• Currently active process names, hashes and path
• Current services list
• Current startup locations (including hidden ones like
registry, Roaming Cache, many more
• Current Scheduled tasks list with execution path and
hashes
• Current network connections
• OS version and patch details
• Recently executed process/files.
• USB devices used.
BluSapphire’s agentless forensics also supports gathering of
random artifacts on the fly

Technology Stack
BLUSNIPER (THREAT HUNT)
BluSapphire offers all the technologies that falls under cyber
defense chain of Detect, Analyze, Respond & Remediate with in BLUSOAR(AUTOMATION & ORCHESTRATION)
advanced cyber defense stack in a single platform which is very
easy to use, and combining all these technologies will help in BLUGENIE (EDR)
recognizing threats that are usually missed by the tools that looks
A I & M L

at individual layers and this in turn will allow our platform to

provide very high accurate alerts to end users.
BLUTURQUOISE (UEBA)

The entire technology stack is empowered by Artificial BLUEYE (SANDBOX)

Intelligence(AI) & Machine Learning(ML) Modules at the back
end to provide accurate Insights by building context around the BLUACTIVEdefense (DECECPTION)
data that has been collected from the devices with in the
network and provide meaningful insights in very minimal time. BLUNAF (NTA/NBAD)

Our Open Data Platform(ODP) leverages new Big Data

BLUARMOUR (ANTI-RANSOMWARE)
technologies providing horizontal scalability, flexibility and raw
on-demand analytical capabilities. Our ODP provides Instant
search results, even across terabytes of data. It also enables BLUSIEM (NextGen -SIEM)

infinite storage capabilities with near zero maintenance and

management OPEN DATA PLATFORM (ODP)

040-40165432 info@blusapphire.com Flat G14, Gowra Tulips, Gafoornagar, Madhapur, Hyderabad, Telangana - 500081

www.blusapphire.com
 PRODUCT DATA SHEET

BluSapphire Key Features across technologies

Technology Key Features

• Log Management with Real Time correlation of events
• Customizable dashboards with Role based authorizations & Control
• Flexible for integrations(Cloud Services, SaaS Apps, Infrastructure, Standard/Custom Apps) with 1280+
SIEM
built-in uses cases
• No-Code Rule/Custom use case building functionality
• Compliance Ready & Automated Reporting
• Feeds curated live information from more than 110+ intel sources
• Native Integration with Malware Information Sharing Platform(MISP)
TI
• Ingestion with customized scheduling option
• Supports, STIX, TAXII & CSV formats
• Automated updates to Firewall Policy, address tables in Network Access Control
• Real time automated/manual Threat Response & Remediation
SOAR • Automated Security Incident Life Management via ITSM structure
• Automated Dynamic Risk Rating based on real time threats
• Leverages Threat Intel sources for single click triage
• Complete visibility over User & Entity activities
• Over 550+ built-in analytical models
UEBA
• Automated Cyber Attack Triage – single click away
• Native Network based Entity Behavior Capability
• Agent based or Agentless threat detection, response & remediation
• Detailed behavior activity tracking
EDR • ML driven engine in identifying Zero-Day/APT’s and Malicious activities in the nascent stage
• Intelligent Response Function - Containment of cyber threats on end points
• In-Depth forensics & Threat Hunts enabled by detailed data insights
• ML driven – Signal Intelligence(SIGINT) in detection over encrypted traffic channels
NTA/NBAD • Big-Data powered in-depth network analysis & visualizations
• Identification of malicious activities – signature based over network
• Complete cyber security coverage for end points irrespective of whether they are connected to
Internet/VPN or not
EPP
• Built-in intelligence tracking and blocking if there is malicious content
• Ultra Lightweight Agent, which can also be utilized for building device control
• Performs real-time static & binary analysis
Sandbox • Complete visibility into In-Memory activities
• Option to respond, remediate & perform Live Hunt with identified behaviour driven IOC’s
• Deploys authentic & scalable decoys across your infrastructure
Deception • Building application & network level deception strategies
• Automated Response & Remediation for threats identified
• Agentless hunting that’s more reliable than current methods without relying on log historical data
Threat Hunt • Option to build custom behaviour driven indicators(IP/URL/Process/File Patch/ Services/ Tasks/
Registry)

BluSapphire Offerings
SIEM TI EDR Sandbox NTA & NBAD UEBA Deception Threat Hunt EPP SOAR

Basic

Advanced

Elite

040-40165432 info@blusapphire.com Flat G14, Gowra Tulips, Gafoornagar, Madhapur, Hyderabad, Telangana - 500081

www.blusapphire.com