Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

LightCyber rolls out new features for endpoint malware detection platform

Tim Greene | Jan. 30, 2015
The company's Magna Breach Detection Platform monitors and analyzes network traffic as well as activity on Windows endpoints in search of anomalous behavior that they can identify as malware.

LightCyber, another security startup with the roots in the Israeli military, has opened its doors in the U.S. and is announcing new products and features to make its mark in the crowded field of endpoint detection and remediation.

The company's Magna Breach Detection Platform monitors and analyzes network traffic as well as activity on Windows endpoints in search of anomalous behavior that they can identify as malware.

So far it's having pretty good success in North America, with about 40 customers signed up for its appliances, software and services. It opened shop in Los Altos, Calif., last year, augmenting its headquarters that was already established in Ramat Gan, Israel, according to the company's chief marketing officer Jason Matlof.

The company is competing in a hot area where the vendors provide a way to closely track what individual endpoints are up to internally and what they are doing across the network in an effort to baseline what is normal and to quickly flag what's not. Competitors include Bit9+Carbon Black, AccessData, Black Ensilo, Fireeye, Guidance, Promisec, Tanium,  "and about 20 others rushing into this space", says Peter Firstbrook, a vice president at Gartner.

The components of LightCyber's products are an on-site analyzer called Magna Detector, a branch office monitoring virtual appliance called Magna Probe, and services called Magna Cloud and Magna Pathfinder.

Detector is a physical appliance that can also be purchased as a virtual appliance that runs on customers' own servers. It connects to span or tap port on a core switch and profiles inbound and outbound traffic, on-network traffic and Internet traffic, and analyzes it to see what is normal behavior so it can point out dangerous anomalies.

It also taps into Microsoft Remote Procedure Call (RPC) to gather data from endpoints such as processes running, what ran recently, registry keys, dlls and the like. This is used to gather endpoint information rather than deploying client software to each endpoint.

Probe is a new product that is deployed in branch offices and collects the same type of data but forwards it to a Detector for analysis.

The Magna Cloud service further analyzes the network data collected by Detectors looking for patterns that LightCyber has designated as indicative of specific ongoing attacks or that could be the activity of an unknown attack. Magna Pathfinder does similar analysis of endpoint data, again to detect attacks.

The goal is to provide high-reliability alerts to possible intrusions that cut through the hundreds or thousands of alarms generated daily by other security platforms, Matlof says. The typical customer gets just four or five per day, helping to sort through the clutter and prioritize for security pros what to check out. The platform also provides the data that led it to conclude there was something to be alerted about, giving security teams guidance on where to look for the root of the problem.

 

1  2  Next Page 

Sign up for MIS Asia eNewsletters.