LOS ALTOS, Calif., and RAMAT GAN, Israel – Jan. 11, 2017 – LightCyber, a leading provider of Behavioral Attack Detection solutions, today announced that it was listed as a Representative Vendor in two separate, recently published Market Guide reports from Gartner, Inc., which advocate the use of broad-based machine learning techniques to detect the anomalous behaviors of active network attackers. The first, published December 8, 2016, Market Guide for User and Entity Behavioral Analytics (G00292503), includes solutions that profile users and entities to detect anomalies. The second, published November 30, 2016, Market Guide for Endpoint Detection and Response Solutions (G00298289), includes solutions using endpoint visibility for early identification of attacks.

“The unique combination of network data analytics augmented by user and endpoint visibility gives the Magna platform a substantial advantage in detecting active network attacks with a high degree of accuracy while producing only a small number of alerts,” said Jason Matlof, executive vice president, LightCyber. “The vendor community is creating a variety of new attack detection solutions that are similar to their incumbent predecessors and that are each biased by a particular technical approach – primarily network-centric, endpoint-centric, or user-centric. We believe the reason that LightCyber Magna has been acknowledged in multiple Gartner reports is due to the increasing recognition of the unique value of solutions that combine multiple data context together into a single analytical solution. We are pleased to receive these acknowledgements.”

Analysts Peter Firstbrook and Neil MacDonald recommend in the Market Guide for Endpoint Detection and Response Solutions that “The most critical EDR capability is the ability to detect sophisticated hidden threats, ideally without requiring the use of externally fed IOCs. The ideal EDR system should be capable of self-detection using its own built-in detection techniques, analytics and behavioral indicators. The range of detection techniques will be also be affected by the type of data gathered. Three realms of data are most valuable: user, endpoint and network events. This data also needs to be put into context with global threat intelligence (that is, attribution and trends). Generally speaking, more information and more context is better than less, assuming it can scale across infrastructure and information management.”

In the Market Guide for User and Entity Behavioral Analytics, analysts Toby Bussa, Avivah Litan and Tricia Phillips recommend “Vendors use packaged analytics to evaluate the activity of users and other entities (hosts, applications, network traffic and data repositories) to discover potential incidents commonly presented as activity that is anomalous to the standard profiles and behaviors of users and entities.”

With the industry average dwell time of approximately five months to discover an active attacker on a network, it is clear that organizations have had little success in stopping a data breach or thwarting theft or damage to critical IT assets. The typical “known bad” security approach of identifying malware through static definitions such as signatures, domains and pre-defined behaviors is no match for sufficiently motivated cybercriminals that will create mechanisms to circumvent those systems, not to mention the fact that those systems are incapable of stopping rogue insiders that already have legitimate credentials on the network. By contrast, Magna uses a “learned good” approach that employs machine learning techniques to profile all user and entity activities, and then detects anomalous activities that are indicative of an active attack.

Resources

UEBA Insight page with new white paper and the report

The Feeding Frenzy in New Attack Detection Solutions! – blog about how to choose amongst a dizzying array of new machine learning solutions

Cyber Weapons Report, indicating how attackers orchestrate network attacks and showing how malware is not typically involved in the active—and longest—stage of the attack

Video interview with a media company about how security visibility is now critical in protecting assets