Why LightCyber Why Now

Why Detection

Because prevention isn’t working, and never will. How do we know?  Because:

It takes over 200 days
to detect attacks*

Vast Majority of attacks are
detected by third parties

Incentive of attacker >> 
incentive of defender

Why LightCyber for Detection?

Because LightCyber is the only solution to do behavioral attack detection on network + endpoint

Can’t conceal
their traffic

(especially internal)

Portion of attack lifecycle where attacker is most exposed

Can’t avoid usage if intend to
commit serious data breach



Great ability to automate investigation process and rule out false positives



SIEM, Sandbox and Endpoint don’t have the right visibility and are over-focused on malware and known-bad domains.

Why Now?

Because statistics show there is a 25-40% chance you will be breached this year. Every year. This isn’t something you can ignore and hope it will go away, and the damage is severe:

Average breach cost

$5.9 Million (US)
(Ponemon 2014 Study)

This really happens, to everyone, often:


of companies had breach (they knew of) in last 2 years
(2015 ESG Survey)


of companies had a breach that included lateral movement and data movement (i.e., it was serious!)
(2015 ESG Survey)


of Hospitals and Health Insurance Companies had a breach in the last 2 years


of companies will discover a breach (Untold others will not discover it, til later….)


of media companies were breached in the last 2 years
(Newscycle Solutions)


of organizations have suffered either an intentional or unintentional insider threat event
(B2B International)

US & UK Banks survey lists Cybercrime as top risk to profits

(above unfavorable economic conditions, increased regulation, or other areas that normally impact returns) (CSFI)

Why Not Just Hunt Malware?

Because it isn’t effective, and even if you get the attackers’ malware, you have NOT stopped the attacker. In fact, you’ve barely even slowed them down.

4percentOnly approximately 4 percent of all malware alerts are investigated (Ponemon Study)

On average, organizations receive almost 17,000 malware
alerts in a typical week.
(Ponemon Study)



of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence. (Ponemon Study)

$1.27 million annually
It costs organizations an average of $1.27 million annually in time wasted
responding to erroneous or inaccurate malware alerts. (Ponemon Study)

And, cleaning up malware doesn’t even stop attackers!

LightCyber Security Bulletin
Eliminating malware barely inconvenienced targeted attacker!


Mandiant 2014, 2015 Threat Report
** Verizon DBIR 2014