Blog

Network and Endpoint Visibility for Network Attack Detection

May 7th, 2015 by admin

binoculars-n+eTo defeat an active network attack, speed and accuracy are critical. Companies cannot afford a flood of alerts that are mostly dominated by false positives. At the same time, active breaches need to be detected expeditiously before theft or damage can occur.

Rather than scour logs for some attack indication or search for malicious activity based on statically defined “technical artifacts,” such as signatures or traces of malware, LightCyber utilizes behavioral profiling through machine learning to detect actual attacker behaviors on the network. We focus on the operational activities of an attacker, namely reconnaissance and lateral movements to find an active breach quickly and accurately.

LightCyber Magna starts with the network. This is the place to see a cyberattacker at work. Such intelligence cannot be derived from endpoint-only solutions. Magna then augments the network-based detection information with endpoint intelligence that is gathered without an installed agent and helps to make detection more accurate and actionable with detailed investigative data. The integration of network-based and endpoint-based context into a single detection domain is a novel concept we call N+E, and it dramatically increases operational efficiency for our customers.

Today we announced an important advancement for our Magna Behavioral Attack Detection, further extending these unique N+E capabilities. Two new capabilities that will be part of the next version of our Magna platform increase the high levels of accuracy and actionability we already provide to detect and stop active network breaches.

The new Network-to-Process Association (N2PA™) technology provides the industry’s first ability to directly associate suspicious network traffic with not just the endpoint host device, but a specific executable process or file on the endpoint. This provides even high level of operational efficiency by providing the incident responder with specific investigative data that enables them to respond immediately without need for further research. And…it still works without an installed endpoint agent.

This new release also includes our new Malicious File Termination (MFT) technology allows a security incident responder to remotely delete a process/executable file once it is confirmed as a part of an active attack. We already had the ability to stop the active attack through integrations with next generation firewalls, NAC protocols and Active Directory. Now, with a single click, a security operator can remotely kill the specific endpoint process or file involved with an attack. MFT provides efficient remediation for N2PA-based intelligence, or it can be used independently to kill a malicious process or file identified through some other means.

With the addition of these two new N+E features, security operators will have even greater ability to efficiently detect active attacks, leverage automated generated investigative data for incident response, and rapidly stop the attack before damage is done. LightCyber continues to advance Behavioral Attack Detection to combat the advantages cyberattackers have traditionally had in conducting targeted attacks. Now, LightCyber should be an essential system to safeguard data and infrastructure you are entrusted to protect. Both features are available in the 3.0 version of the Magna platform, available later this summer.

Leave a Reply

Your email address will not be published. Required fields are marked *