Behavioral Attack Detection Technology
Magna utilizes patent-pending technology to ingest the broadest set of inputs across network and endpoint, build profiles of users and devices, and then detect active attackers based on the behavioral anomalies (not technical artifacts) that their activity by-necessity introduces – no matter what phase of the attack they are engaged in.
Magna monitors internal network traffic and endpoint status and profiles the normal patterns of internal (host to host) communication, application usage, file share usage, credential usage, administrative behavior, executable and process prevalence, and more.
Magna detects attackers as they perform “East-West” reconnaissance and lateral movement by detecting anomalies in connectivity patterns, port and protocol usage, app usage, file share usage, credential usage and logon failure, and more. These anomalies are associated with the originating endpoint process, which is then analyzed by the Magna Cloud Expert System (CES). Magna CES uses behavioral detection and threat intelligence to classify the process as known or unknown malware, riskware, or a legitimate application.
Magna monitors outbound network traffic and endpoint context and profiles the normal patterns of outbound (host to external domain) communication, and data transfer volume, as well as endpoint executable and process prevalence, with specific focus on processes that communicate to the outside.
Magna detects attackers as they perform C&C and data exfiltration by detecting regular and repeated access to uncommon destinations, DNS anomalies, and tunneling protocols which are often associated with command and control. Magna also factors in domain reputation to augment behavioral detection. All originating processes are listed and examined against threat intelligence to classify them as known or unknown malware, admin tool, or other.