LightCyber Magna Active Breach Detection utilizes behavior-based profiling, not technical artifacts, to accurately and efficiently detect active cyber attacks before damage is done. Magna is the only solution to combine full network deep packet inspection with an agentless endpoint interrogation technology. We call this Network + Endpoint (N+E), and it is the best way to fully cover the entire attack surface and lifecycle. Magna’s proprietary Multivariate Attack Detection (MAD) technology powers this approach.
MAD uses behavioral profiling to learn what is normal on the network and endpoints, and thereby detect anomalous attacker behaviors that are by-necessity required to perpetrate a successful breach, including command and control, reconnaissance, lateral movement, or data exfiltration. Unlike legacy threat prevention solutions that rely on static technical artifacts like virus hashes or sandbox analysis, or solutions based on logs or endpoint agents alone, attackers cannot evade these behavior-based N+E detections. Finally, since N+E behavioral-based detection is not subject to high false positive and false negative rates common to legacy threat prevention systems, MAD delivers a low number of highly actionable alerts and enables security operators to efficiently focus on remediation, not analysis.
LightCyber Magna detects active breaches regardless of threat status (known or unknown) or attacker techniques – which may include use of no malware at all – to reduce attacker dwell time and minimize damage potential.
Reduces Attack Dwell Time and Damage Potential
- Finds the attackers that circumvent your threat prevention systems.
- Identifies attackers before the damage is done.
Operational Efficiency With Actionable Alerts
- Automatically discovers malicious attack behavior
- Enables sec ops to focus on action & remediation, not analysis.
- No configuration. No endpoint agents. No external storage.
Automated N+E Investigation & Integrated Remediation
- Reduce time and resources required for investigation and remediation.
- Direct integration with market leading 3rd party security enforcement infrastructure.
Magna utilizes patent-pending Multivariate Attack Detection (MAD) to ingest the broadest set of inputs across network and endpoint, build profiles of users and devices, and then detect active attackers based on the behavioral anomalies (not technical artifacts) their activity by-necessity introduces – no matter what phase of the attack they are engaged in.
Magna monitors internal network traffic and endpoint status and profiles the normal patterns of internal (host to host) communication, application usage, file share usage, credential usage, administrative behavior, executable and process prevalence, and more.
MAD detects attackers as they perform reconnaissance and lateral movement via detection of anomalies in connectivity patterns, port and protocol usage, app usage, file share usage, credential usage and logon failure, and more. These are associated with the originating endpoint process, itself correlated with threat intelligence to classify the process as known or unknown malware, admin tool, or other.
Magna monitors outbound network traffic and endpoint context and profiles the normal patterns of outbound (host to external domain) communication, and data transfer volume, as well as endpoint executable and process prevalence, with specific focus on processes that communicate to the outside.
MAD detects attackers as they perform C&C and data exfiltration via detection of anomalies in periodicity to rare or uncommon destinations, DNS anomalies, and also factors in domain reputation to augment detection. All originating processes are listed and examined against threat intelligence to classify them as known or unknown malware, admin tool, or other.