PRODUCT

Active Breach Detection

LightCyber Magna Active Breach Detection utilizes behavior-based profiling, not technical artifacts, to accurately and efficiently detect active cyber attacks before damage is done. Magna is the only solution to combine full network deep packet inspection with an agentless endpoint interrogation technology. We call this Network + Endpoint (N+E), and it is the best way to fully cover the entire attack surface and lifecycle. Magna’s proprietary Multivariate Attack Detection (MAD) technology powers this approach.

MAD uses behavioral profiling to learn what is normal on the network and endpoints, and thereby detect anomalous attacker behaviors that are by-necessity required to perpetrate a successful breach, including command and control, reconnaissance, lateral movement, or data exfiltration. Unlike legacy threat prevention solutions that rely on static technical artifacts like virus hashes or sandbox analysis, or solutions based on logs or endpoint agents alone, attackers cannot evade these behavior-based N+E detections. Finally, since N+E behavioral-based detection is not subject to high false positive and false negative rates common to legacy threat prevention systems, MAD delivers a low number of highly actionable alerts and enables security operators to efficiently focus on remediation, not analysis.

Magna Platform Benefits

LightCyber Magna detects active breaches regardless of threat status (known or unknown) or attacker techniques – which may include use of no malware at all – to reduce attacker dwell time and minimize damage potential.

Reduces Attack Dwell Time and Damage Potential

Reduces Attack Dwell Time and Damage Potential

  • Finds the attackers that circumvent your threat prevention systems.
  • Identifies attackers before the damage is done.
Active Breach Detection
Operational Efficiency With Actionable Alerts

Operational Efficiency With Actionable Alerts

  • Automatically discovers malicious attack behavior
  • Enables sec ops to focus on action & remediation, not analysis.
  • No configuration. No endpoint agents. No external storage.
Active Breach Detection
Automated N+E Investigation & Integrated Remediation

Automated N+E Investigation & Integrated Remediation

  • Reduce time and resources required for investigation and remediation.
  • Direct integration with market leading 3rd party security enforcement infrastructure.

 

Multivariate Attack Detection

Magna utilizes patent-pending Multivariate Attack Detection (MAD) to ingest the broadest set of inputs across network and endpoint, build profiles of users and devices, and then detect active attackers based on the behavioral anomalies (not technical artifacts) their activity by-necessity introduces – no matter what phase of the attack they are engaged in.

Reconnaissance & Lateral Movement Detection + Originating Process or Malware
hacker-graphic1a-web

Monitor Internal (East-West) Traffic + Endpoint Interrogation

Magna monitors internal network traffic and endpoint status and profiles the normal patterns of internal (host to host) communication, application usage, file share usage, credential usage, administrative behavior, executable and process prevalence, and more.

MAD detects attackers as they perform reconnaissance and lateral movement via detection of anomalies in connectivity patterns, port and protocol usage, app usage, file share usage, credential usage and logon failure, and more. These are associated with the originating endpoint process, itself correlated with threat intelligence to classify the process as known or unknown malware, admin tool, or other.

Command & Control and Data Exfiltration Detection + Originating Process or Malware
Monitor Outbound Traffic + Endpoint Interrogation

Monitor Outbound Traffic + Endpoint Interrogation

Magna monitors outbound network traffic and endpoint context and profiles the normal patterns of outbound (host to external domain) communication, and data transfer volume, as well as endpoint executable and process prevalence, with specific focus on processes that communicate to the outside.

MAD detects attackers as they perform C&C and data exfiltration via detection of anomalies in periodicity to rare or uncommon destinations, DNS anomalies, and also factors in domain reputation to augment detection. All originating processes are listed and examined against threat intelligence to classify them as known or unknown malware, admin tool, or other.

Active Breach Detection
lc-video-icon1
“LightCyber Magna was very easy to install, and was deployed in under two hours at the customer’s site. Magna immediately uncovered active malware. The customer was particularly impressed by how Magna does not get in the way or require extensive configuration or tuning, yet provides great visibility into activity on the network.”  – Stephen Harrison
Director of Sales EverSec Group, Inc