Any given attacker can choose from multiple attack vectors to breach an organization, and that is why threat detection technology needs to look at multiple layers. Security vendor LightCyber today expanded its behavioral attack detection capabilities with the announcement of its Magna platform 3.1.
“With this new release, we actually converge profiling context for the behavior of users, devices and the network,” Gonen Fink, CEO of LightCyber, told eWEEK.
LightCyber, founded in 2011, is a privately held security vendor with offices in Israel and the United States, and is positioning itself as an active-breach detection technology vendor. LightCyber’s flagship Magna platform was updated to version 3.0 in May 2015, providing a network-to-process (N2PA) technology that connects network traffic to endpoint processes in order to help detect and remediate breaches.
“The primary thing we’re adding with the Magna 3.1 release is user context that is richer than previous versions,” Fink said.
The idea of understanding and profiling user behavior in order to improve security is often referred to as user behavior analytics.
What LightCyber is doing with Magna 3.1 is different than a traditional user behavior analytics technology that typically just collects logs from applications in an attempt to profile users and normal activities, Fink said.
“What we concluded is that if you look at user behavior, you will only see some of the insider attacks and malicious users,” Fink explained.
Attackers typically will use some form of malware to get control of a device, and once the malware is installed and the attacker has access to an organization’s network, reconnaissance activities usually come next as the attacker looks to see what is available, Fink explained. After performing the reconnaissance, an attacker will often work on obtaining user credentials in order to get access to files and databases.
By the time an attacker is already abusing a user’s credentials, the later stages of an attack are typically already in progress. There is a need to converge analytics for both users as well as the network and devices in order to get a complete picture of what is going on in an organization and to detect potential malicious activity, he said.
The LightCyber Magna platform has insight into the low-level network activities that happen even before user credentials are abused, Fink added.
“So we cover the entire attack lifecycle from network, endpoint and user perspective in contrast with the classic user behavior analytics approach that typically just looks at what credentials are involved,” Fink said.
The Magna 3.1 is not providing a full set of user profiles but, rather, is focused on suspicious users and data. Fink explained that the Magna system will provide information and tools to make any malicious behavior alerts actionable. The Magna platform includes a malicious file termination (MFT) feature that can enable the system to terminate a process that could be generating malicious activity.
While the focus of the new release from LightCyber is on the enhanced user context, the base layer of the company’s technology is the network, Fink said, adding that LightCyber is able to profile every device on the network, whether it’s a printer, router or user desktop system.
“We already map the network behavior of all devices, and now we provide the user credential context for how the device is being used,” Fink said.
In some attacks, hackers steal credentials from one location and then use them in a different device. By understanding normal network behavior and having user context, LightCyber can detect more sophisticated attacks, Fink said.
Last year was LightCyber’s first year in the United States, and the plan for 2016 is to continue to scale operations, Fink said. “We had a good first year, but this year is about really scaling up and taking the company to the next level.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.