LightCyber Unveils Enhanced Breach-Detection Platform

The active-breach-detection vendor debuts its new Magna 2.8 platform, which includes enhanced probe and cloud-based threat-intelligence features.

data breach protection

LightCyber is improving its breach-detection technology with its new Magna 2.8 platform release that provides users with more integration with firewall technologies and network visibility options.

LightCyber, which was founded in 2011 and is a privately held security vendor with offices in Israel and the United States, positions itself as an active-breach-detection technology provider. The basic idea behind breach-detection technology is to enable an organization to have visibility into potential security incidents, where an attacker is already in the network.

"We are deployed in enterprise networks behind the existing security line, and we monitor what's happening inside the network," Gonen Fink, CEO of LightCyber, told eWEEK. "We can detect active breaches that have bypassed the existing security controls."

LightCyber aims to enable enterprises to detect breaches before any damage is done, Fink said. The LightCyber Magna platform monitors the network and collects information from endpoints as well as cloud-based intelligence. The data flows into a detection engine that profiles user and system behavior to understand what is normal behavior.

A deviation from normal behavior can be an indicator that a breach is in progress, which is validated by way of additional intelligence and analytics in the LightCyber platform. The system can also take action to protect an enterprise that has a potential breach by disconnecting breached systems or users.

LightCyber can automate much of the incident-response process for a breach that is often done manually by an enterprise, Fink said. With the LightCyber Magna 2.8 release, a key focus was on providing capabilities for larger distributed enterprises. One of the new features in the release is the Magna probe, which can collect information from remote offices.

"When we started, a single appliance was enough, but as we are now serving larger enterprises, we need to cover more distributed networks," Fink said.

The new release also includes integration with Palo Alto Networks' firewall platform to protect networks when a breach is in progress. LightCyber's offerings are already integrated with Check Point's firewall.

Magna 2.8 also provides an enhanced cloud-based threat-intelligence capability that will bring LightCyber in line with a practice used by other vendors in the breach-detection space. The market for breach-detection platforms is increasingly competitive, with products from FireEye and Lastline among the multiple options available to enterprises.

LightCyber Magna 2.8 uses a similar approach to those of FireEye and Lastline to augment the information from data collectors with cloud-based sandboxing technology, Fink said.

Attackers are increasingly using sophisticated techniques to try and hide malware and malicious payloads in a network, which is something LighyCyber is aware of and has a way to handle. "Magna is not analyzing payloads," Fink said. "What we profile is the traffic."

So, for example, if an attacker encrypts a malicious payload, Magna would detect that encryption is being used in a place where it has not been used before and flag the issue for additional scrutiny, Fink said. Magna can then be used to determine what tool or process was used to open the suspicious connection and then if there is a risk, that connection can be closed.

"The focus is on the network activity of normal users, versus what an attacker is likely to do," Fink said.
The actual malicious payload is almost meaningless as the real issue is about what the attacker is trying to do in the network, Fink said. Traditionally network security platforms have been deployed to prevent intrusions from happening in the first place, but the real challenge is dealing with attackers once they are already in the network, he added.

Once an attacker is already in the network, there are a number of actions that typically will take place, Fink said. "Inside the network, the attacker has to do certain tasks like finding the data and extracting the data from the network," he said. "As a defender, you need to detect those actions to prevent the breach from causing damage."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.