Vendor LightCyber  

Flagship product Magna Cost Appliances start at $45,000 with a perpetual license. 

Innovation Application of the attack mechanism to the breach detection gap using behavioral analysis. 

Greatest strength Vision and leadership of experienced people from the military and cyberwarfare world.

LightCyber Magna Platform

This is one of those companies that makes us glad we are working in the security space. In our discussion with this Innovator we were taken by its vision of the virtual perimeter – which, by the way, is our characterization (feel free to plagiarize it any time you wish) – and its approach to addressing the challenge of securing it.

The company is 3.5 years old but its product only has been in general availability since January of this year. LightCyber looks to Israel for research and development. The principals come from a background in the military and cyberwarfare.

The big question LightCyber intends to answer is: How does an attacker compromise the network? They are not concerned solely with malware. The attack mechanism is the key issue, whether or not it includes a malware component (contrary to popular belief, a very large percentage of attacks either are manual or automated; malware does not always enter the picture). They see the first 20 years of information security as being all about blocking and preventing installation of malware. Every generation – from firewalls, IDSs, IPSs, sandboxes, etc. – has been trying to identify malware and stop it. Good, to be sure, but not good enough.

Now there is a total change in the industry: recognition that prevention is necessary but not sufficient. An attacker with enough sophistication can test its attacks against prevention devices and circumvent protection. This is the “breach detection gap." To defend a network, we must assume bad guys will succeed and begin from that premise.

To address the breach detection gap, LightCyber uses behavioral analysis. This starts with a baseline profile. They then apply attack detectors that see universal indicators – they are not static – looking at hundreds of behaviors indicative of anomalous activity. The system profiles behavior relative to the user and to enterprise devices to see anomalous behavior.

LightCyber categorizes anomalous activity in five buckets: 

  1. anomalous C&C activity
  2. East-West traffic – changes in traffic patterns
  3. lateral movement within the network
  4. exfiltration
  5. anomalous activities and states at the endpoints. 

This approach allows the use of automated investigative data with the discovered anomalous data, and that facilitates the ability to analyze in their cloud and to shorten a tedious manual investigative process.