Magna Technology

Behavioral Attack Detection Technology

Magna utilizes patent-pending technology to ingest the broadest set of inputs across network and endpoint, build profiles of users and devices, and then detect active attackers based on the behavioral anomalies (not technical artifacts) that their activity by-necessity introduces – no matter what phase of the attack they are engaged in.

Reconnaissance & Lateral Movement 
hacker-graphic1a-web


Monitor Internal (East-West) Traffic + Endpoint Interrogation
Click here to view larger image

Magna monitors internal network traffic and endpoint status and profiles the normal patterns of internal (host to host) communication, application usage, file share usage, credential usage, administrative behavior, executable and process prevalence, and more.

Magna detects attackers as they perform “East-West” reconnaissance and lateral movement by detecting anomalies in connectivity patterns, port and protocol usage, app usage, file share usage, credential usage and logon failure, and more. These anomalies are associated with the originating endpoint process, which is then analyzed by the Magna Cloud Expert System (CES). Magna CES uses behavioral detection and  threat intelligence to classify the process as known or unknown malware, riskware, or a legitimate application.

Command & Control and Data Exfiltration 
Monitor Outbound Traffic + Endpoint Interrogation


Monitor Outbound Traffic + Endpoint Interrogation
Click here to view larger image

Magna monitors outbound network traffic and endpoint context and profiles the normal patterns of outbound (host to external domain) communication, and data transfer volume, as well as endpoint executable and process prevalence, with specific focus on processes that communicate to the outside.

Magna detects attackers as they perform C&C and data exfiltration by detecting regular and repeated access to uncommon destinations, DNS anomalies, and tunneling protocols which are often associated with command and control. Magna also factors in domain reputation to augment behavioral detection. All originating processes are listed and examined against threat intelligence to classify them as known or unknown malware, admin tool, or other.

Schedule a live demo

"We need tools that can slap us across the face and tell us what’s going on. Now we don’t have to go looking for security events. LightCyber delivers those to us." – Marshall Wolf, Sr. Director of IT, Gigamon