LightCyber Unveils Enhanced Breach-Detection Platform
The active-breach-detection vendor debuts its new Magna 2.8 platform, which includes enhanced probe and cloud-based threat-intelligence features.LightCyber is improving its breach-detection technology with its new Magna 2.8 platform release that provides users with more integration with firewall technologies and network visibility options. LightCyber, which was founded in 2011 and is a privately held security vendor with offices in Israel and the United States, positions itself as an active-breach-detection technology provider. The basic idea behind breach-detection technology is to enable an organization to have visibility into potential security incidents, where an attacker is already in the network. "We are deployed in enterprise networks behind the existing security line, and we monitor what's happening inside the network," Gonen Fink, CEO of LightCyber, told eWEEK. "We can detect active breaches that have bypassed the existing security controls." LightCyber aims to enable enterprises to detect breaches before any damage is done, Fink said. The LightCyber Magna platform monitors the network and collects information from endpoints as well as cloud-based intelligence. The data flows into a detection engine that profiles user and system behavior to understand what is normal behavior.
A deviation from normal behavior can be an indicator that a breach is in progress, which is validated by way of additional intelligence and analytics in the LightCyber platform. The system can also take action to protect an enterprise that has a potential breach by disconnecting breached systems or users.
The actual malicious payload is almost meaningless as the real issue is about what the attacker is trying to do in the network, Fink said. Traditionally network security platforms have been deployed to prevent intrusions from happening in the first place, but the real challenge is dealing with attackers once they are already in the network, he added. Once an attacker is already in the network, there are a number of actions that typically will take place, Fink said. "Inside the network, the attacker has to do certain tasks like finding the data and extracting the data from the network," he said. "As a defender, you need to detect those actions to prevent the breach from causing damage." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.