Instead of trying to keep the bad guys out of corporate networks, a new wave of startups is turning cybersecurity on its head with a different approach: let the bad guys in, identify them, and isolate them before they can do any damage.
One of the most promising of these startups is LightCyber Ltd., an Isreali-U.S. outfit that just announced version 3.0 of its LightCyber Magna platform that delivers better accuracy and more options for dealing with network intruders.
LightCyber Magna is described as a network plus endpoint detection and remediation platform that’s not only capable of discovering bad behavior on the network, but also identifying exactly which machines and which processes are causing it, allowing operators to shut it down quickly and easily.
Release 3.0 advances those features by enabling network behavior to be synced with endpoint telemetry to determine precisely what’s causing a problem. This means that threats and vulnerabilities can be shut down faster, minimizing the damage that’s been caused, said Lawrence Pingree, a Gartner Inc. analyst, in a story in Network World.
Admittedly, most enterprises already have sophisticated monitoring systems in place on their networks. But these monitoring tools don’t really help them when it comes to interpreting data to identify sophisticated threats and eliminate them before a serious data loss occurs. That’s where LightCyber’s platform comes in.
“Monitoring a network gives you the most immediate way to identify that something bad is happening,” Gonen Fink, CEO of LightCyber, said in an interview with eWEEK. “But in order to fix the problem and remediate, you need to understand the process that is running on the endpoint.”
LightCyber’s new Network-to-Process Association (N2PA) technology is designed for that. With older versions of the LightCyber Magna platform, even when bad behavior was found on the network, admins still had to track it down manually and remove it, which isn’t always 100 percent effective because humans sometimes lack the ability to connect the dots, said Gartner’s Pingree.
N2PA is therefore a significant step forward for this kind of security analytics platform. “We use deep packet inspection to inspect metadata fields,” Fink told eWEEK. “When we need to associate the data with a process, the N2PA technology allows us to make the connection with the packets we see in the network.”
Version 3.0 comes with a new feature called “Malicious File Termination”, which enlists third-party platforms via APIs to close down malicious files and processes. This means that when the platform detects malicious behavior, it’s able to trace it directly back to the host and query it with a dissolvable agent to check its logs and find out how it was generated. As well as simply shutting down such processes, it can also quarantine them by revoking credentials, allowing security pros to carry out further investigations.
“What we’re doing in 3.0 is more accurate. We’re providing the ability to terminate a process and remove the malicious file from a system, rather than just quarantine,” Fink said to eWEEK.
LightCyber Magna 3.0 will be available later this summer.