LightCyber, a leading provider of Behavioural Attack Detection solutions, has announced the latest release of its Magna™ platform that increases the precision and speed of detecting an in-progress attack from a malicious insider or external targeted bad actor. The Magna 3.5 release adds enhanced visibility of user credential use and more granular Virtual Private Network (VPN) intelligence so attackers can be detected even more efficiently and accurately.

“Detecting and thwarting an active attack requires highly precise detection of the attacker’s operational activities,” said Jason Matlof, executive vice president, LightCyber. “The historic problem endemic to security has been the inability to parse out the most relevant attacker signals, which has resulted in an overwhelming flood of mostly useless security alerts. This new release adds even more targeted attack detection capabilities related to user credential theft and abuse.”

Enhanced User and Entity Behaviour Analytics (UEBA)

The enhanced user behaviour detection enables more granular identification techniques for two types of credential-oriented attack behaviours: a new user conducting unusual activities, or an existing user acting in an unexpected way.External attackers steal access to user credentials through malware and social engineering techniques, while employees frequently misuse legitimate credentials for malicious intent in insider attacks or risky behaviours. Magna evaluates these behaviours through authentication credential analysis of multiple dimensions, including peer activity, history, time, type of activity, and more, to achieve a high level of accuracy and eliminate false-positive alerts.These new detection capabilities are based exclusively on user credential use and complements other existing host- and user-based anomaly detection capabilities. These new detection features are especially useful to enhance Magna’s lateral movement detection capabilities as attackers gradually expand their realm of control using credentials to eventually access target assets.

Granular User Visibility Through VPNs

While Magna has had VPN visibility, a new feature enables associating a specific user IP address with a remote assess user connecting to the network through a VPN concentrator. Through VPN logs, Magna will de-multiplex the observed network traffic into individual users. Magna then profiles and monitors each remote user’s activity over time in the same way it analyses any other machine and user behaviour inside the network with all the richness of its Behavioural Attack Detection.This approach is inherently more robust than just using information in the VPN logs themselves as implemented by some competitive UEBA solutions. Not only can Magna identify anomalous VPN user activity, but it can also add much more robust behavioural attack detection analysis associated to the VPN user’s behaviour in the enterprise network.

Detecting Active Attackers Quickly and Accurately

The LightCyber Magna platform gains its visibility from full network capture that can see the network activities of all users and IP-connected devices. This vantage is augmented by an agentless, on-demand capability to interrogate user computers and link specific processes with specific network activity. Using on-premise machine learning, Magna continuously profiles all users and devices and then can detect anomalies that are indicative of an attack. The combination of network, user and device enables an accurate “triangulation” of an active attacker, and these new detection elements further enhances that detection accuracy.

Price and Availability

Magna version 3.5 is available now. Pricing starts at $21,000(US dollars) for a Magna Detector appliance.