LightCyber Increases Precision of Behavioral Attack Detection with Added User Behavior Visibility and VPN Granularity

LOS ALTOS, Calif., and RAMAT GAN, Israel – Nov. 2, 2016 – LightCyber, a leading provider of Behavioral Attack Detection solutions, today announced the latest release of its Magna™ platform that increases the precision and speed of detecting an in-progress attack from a malicious insider or external targeted bad actor. The Magna 3.5 release adds enhanced visibility of user credential use and more granular Virtual Private Network (VPN) intelligence so attackers can be detected even more efficiently and accurately.

“Detecting and thwarting an active attack requires highly precise detection of the attacker’s operational activities,” said Jason Matlof, executive vice president, LightCyber. “The historic problem endemic to security has been the inability to parse out the most relevant attacker signals, which has resulted in overwhelming flood of mostly useless security alerts. This new release adds even more targeted attack detection capabilities related to user credential theft and abuse.”

Enhanced User and Entity Behavior Analytics (UEBA)

The enhanced user behavior detection enables more granular identification techniques for two types of credential-oriented attack behaviors: a new user conducting unusual activities, or an existing user acting in an unexpected way. External attackers steal access to user credentials through malware and social engineering techniques, while employees frequently misuse legitimate credentials for malicious intent in insider attacks or risky behaviors. Magna evaluates these behaviors through authentication credential analysis of multiple dimensions, including peer activity, history, time, type of activity, and more, to achieve a high level of accuracy and eliminate false-positive alerts. These new detection capabilities are based exclusively on user credential use and complements other existing host- and user-based anomaly detection capabilities. These new detection features are especially useful to enhance Magna’s lateral movement detection capabilities as attackers gradually expand their realm of control using credentials to eventually access target assets.

Granular User Visibility Through VPNs

While Magna has had VPN visibility, a new feature enables associating a specific user IP address with a remote assess user connecting to the network through a VPN concentrator. Through VPN logs, Magna will de-multiplex the observed network traffic into individual users. Magna then profiles and monitors each remote user’s activity over time in the same way it analyzes any other machine and user behavior inside the network with all the richness of its Behavioral Attack Detection. This approach is inherently more robust than just using information in the VPN logs themselves as implemented by some competitive UEBA solutions. Not only can Magna identify anomalous VPN user activity, but can also add much more robust behavioral attack detection analysis associated to the VPN user’s behavior in the enterprise network.

Detecting Active Attackers Quickly and Accurately

The LightCyber Magna platform gains its visibility from full network capture that can see the network activities of all users and IP-connected devices. This vantage is augmented by an agentless, on-demand capability to interrogate user computers and link specific processes with specific network activity. Using on-premise machine learning, Magna continuously profiles all users and devices and then can detect anomalies that are indicative of an attack. The combination of network, user and device enables an accurate “triangulation” of an active attacker, and these new detection elements further enhances that detection accuracy.

Price and Availability

Magna version 3.5 is available now. Pricing starts at $21,000 for a Magna Detector appliance.

Read the blog about enhanced user behavior visibility:
http://lightcyber.com/cyber-security-blog/name-user-lightcyber-enhances-user-visibility-magna-3-5