The HawkEye-G Approach: Detect, Engage, Remove at Machine Speed

May 2, 2014
No Comment

By Bob Gourley

We have previously written about Hexis Cyber Solutions (see evaluation here). With this post we provide more context on the approach taken in the Hexis HawkEye-G solution.

The simple way to think of the HawkEye-G approach is:

  • Detect
  • Engage
  • Remove


When malware makes is into the enterprise, through gateways, guards or via tricky deception of your workforce, the code seeks to remain low-key. Enterprises that have not prepared mature defenses might never discover the code. But enterprises that plan can detect it. All malicious code will leave traces of its action. No code (or human adversary) is so good that it can remain invisible. Well instrumented enterprises that can make sense of data quickly can find and mitigate malicious code fast, before it has time to exfiltrate data. Hexis built HawkEye-G to observe data from throughout the enterprise- on devices, in networks and in servers, so that even sophisticated adversaries are detected.


By pulling together all relevant data and knowing what is out of place, Hexis has been able to design in an advanced, policy drive means to engage malicious code at machine speeds. Code can be quarantined, blocked and, if policy desires, observed. Hexis has proven this approach makes incident response faster and less expensive (making incident response teams more effective). They do this with an integrated platform that brings together data from existing enterprise technologies into a comprehensive solution. Benefits of this approach include more efficient IT spend, higher functioning enterprise IT capabilities, less costly incident response, and significantly enhanced ability to protect enterprise data.


Hexis provides a one of a kind removal capability. The behavior of this removal capability is controlled by enterprise policy, but once configured it automates the return of enterprise capabilities to a known good state. This ability to take rapid action at machine speed is a great help to incident response teams and prevents the loss of enterprise data due to malicious code or adversary intrusions. Enterprises configure HawkEye-G to:

  • Launch a spectrum of cyber counter-measures against the internal threat
  • Eradicate the threats in minutes and seconds
  • Isolate and clean the hosts and network
  • Share early warning threat intelligence
  • Profile and baseline behaviors for future protection

Read more on HawkEye-G Here.