LightCyber, a leading provider of Behavioural Attack Detection solutions, has announced that it was listed as a Representative Vendor in two separate, recently published Market Guide reports from Gartner, Inc., which advocate the use of broad-based machine learning techniques to detect the anomalous behaviours of active network attackers. The first, published 8 December 2016,Market Guide for User and Entity Behavioural Analytics (G00292503), includes solutions that profile users and entities to detect anomalies. The second, published 30 November 2016, Market Guide for Endpoint Detection and Response Solutions (G00298289), includes solutions using endpoint visibility for early identification of attacks.

“The unique combination of network data analytics augmented by user and endpoint visibility gives the Magna platform a substantial advantage in detecting active network attacks with a high degree of accuracy while producing only a small number of alerts,” said Jason Matlof, executive vice president, LightCyber. “The vendor community is creating a variety of new attack detection solutions that are similar to their incumbent predecessors and that are each biased by a particular technical approach – primarily network-centric, endpoint-centric, or user-centric. We believe the reason that LightCyber Magna has been acknowledged in multiple Gartner reports is due to the increasing recognition of the unique value of solutions that combine multiple data context together into a single analytical solution. We are pleased to receive these acknowledgements.”

Analysts Peter Firstbrook and Neil MacDonald recommend in the Market Guide for Endpoint Detection and Response Solutions that “The most critical EDR capability is the ability to detect sophisticated hidden threats, ideally without requiring the use of externally fed IOCs. The ideal EDR system should be capable of self-detectionusing its own built-in detection techniques, analytics and behavioural indicators. The range of detection techniques will be also be affected by the type of data gathered. Three realms of data are most valuable: user, endpoint and network events. This data also needs to be put into context with global threat intelligence (that is, attribution and trends). Generally speaking, more information and more context is better than less, assuming it can scale across infrastructure and information management.”

In the Market Guide for User and Entity Behavioural Analytics, analysts Toby Bussa, Avivah Litan and Tricia Phillips recommend “Vendors use packaged analytics to evaluate the activity of users and other entities (hosts, applications, network traffic and data repositories) to discover potential incidents commonly presented as activity that is anomalous to the standard profiles and behaviours of users and entities.”

With the industry average dwell time of approximately five months to discover an active attacker on a network, it is clear that organisations have had little success in stopping a data breach or thwarting theft or damage to critical IT assets. The typical “known bad” security approach of identifying malware through static definitions such as signatures, domains and pre-defined behaviours is no match for sufficiently motivated cybercriminals that will create mechanisms to circumvent those systems, not to mention the fact that those systems are incapable of stopping rogue insiders that already have legitimate credentials on the network. By contrast, Magna uses a “learned good” approach that employs machine learning techniques to profile all user and entity activities, and then detects anomalous activities that are indicative of an active attack.

Resources

Cyber Weapons Report, indicating how attackers orchestrate network attacks and showing how malware is not typically involved in the active—and longest—stage of the attack

Blog about triangulating users, devices and network traffic to pinpoint attackers

Video interview with a media company about how security visibility is now critical in protecting assets