News
LightCyber Increases Precision of Behavioural Attack Detection with Added User Behaviour Visibility and VPN Granularity
November 2016 by Marc Jacob
LightCyber announced the latest release of its Magna™ platform that increases the precision and speed of detecting an in-progress attack from a malicious insider or external targeted bad actor. The Magna 3.5 release adds enhanced visibility of user credential use and more granular Virtual Private Network (VPN) intelligence so attackers can be detected even more efficiently and accurately.
Enhanced User and Entity Behaviour Analytics (UEBA)
The enhanced user behaviour detection enables more granular identification techniques for two types of credential-oriented attack behaviours: a new user conducting unusual activities, or an existing user acting in an unexpected way. External attackers steal access to user credentials through malware and social engineering techniques, while employees frequently misuse legitimate credentials for malicious intent in insider attacks or risky behaviours. Magna evaluates these behaviours through authentication credential analysis of multiple dimensions, including peer activity, history, time, type of activity, and more, to achieve a high level of accuracy and eliminate false-positive alerts. These new detection capabilities are based exclusively on user credential use and complements other existing host- and user-based anomaly detection capabilities. These new detection features are especially useful to enhance Magna’s lateral movement detection capabilities as attackers gradually expand their realm of control using credentials to eventually access target assets.
Granular User Visibility Through VPNs
While Magna has had VPN visibility, a new feature enables associating a specific user IP address with a remote assess user connecting to the network through a VPN concentrator. Through VPN logs, Magna will de-multiplex the observed network traffic into individual users. Magna then profiles and monitors each remote user’s activity over time in the same way it analyses any other machine and user behaviour inside the network with all the richness of its Behavioural Attack Detection. This approach is inherently more robust than just using information in the VPN logs themselves as implemented by some competitive UEBA solutions. Not only can Magna identify anomalous VPN user activity, but it can also add much more robust behavioural attack detection analysis associated to the VPN user’s behaviour in the enterprise network.
Detecting Active Attackers Quickly and Accurately
The LightCyber Magna platform gains its visibility from full network capture that can see the network activities of all users and IP-connected devices. This vantage is augmented by an agentless, on-demand capability to interrogate user computers and link specific processes with specific network activity. Using on-premise machine learning, Magna continuously profiles all users and devices and then can detect anomalies that are indicative of an attack. The combination of network, user and device enables an accurate “triangulation” of an active attacker, and these new detection elements further enhances that detection accuracy.
– Price and Availability
Magna version 3.5 is available now. Pricing starts at $21,000 for a Magna Detector appliance.
