LightCyber rolls out new features for endpoint malware detection platform

LightCyber, another security startup with the roots in the Israeli military, has opened its doors in the U.S. to make its mark in the crowded field of endpoint detection and remediation.

LightCyber, another security startup with the roots in the Israeli military, has opened its doors in the U.S. and is announcing new products and features to make its mark in the crowded field of endpoint detection and remediation.

The company's Magna Breach Detection Platform monitors and analyzes network traffic as well as activity on Windows endpoints in search of anomalous behavior that they can identify as malware.

So far it's having pretty good success in North America, with about 40 customers signed up for its appliances, software and services. It opened shop in Los Altos, Calif., last year, augmenting its headquarters that was already established in Ramat Gan, Israel, according to the company's chief marketing officer Jason Matlof.

The company is competing in a hot area where the vendors provide a way to closely track what individual endpoints are up to internally and what they are doing across the network in an effort to baseline what is normal and to quickly flag what's not. Competitors include Bit9+Carbon Black, AccessData, Black Ensilo, Fireeye, Guidance, Promisec, Tanium,  "and about 20 others rushing into this space", says Peter Firstbrook, a vice president at Gartner.

The components of LightCyber's products are an on-site analyzer called Magna Detector, a branch office monitoring virtual appliance called Magna Probe, and services called Magna Cloud and Magna Pathfinder.

Detector is a physical appliance that can also be purchased as a virtual appliance that runs on customers' own servers. It connects to span or tap port on a core switch and profiles inbound and outbound traffic, on-network traffic and Internet traffic, and analyzes it to see what is normal behavior so it can point out dangerous anomalies.

+ ALSO ON NETWORK WORLD Endpoint security demands organizational changes +

It also taps into Microsoft Remote Procedure Call (RPC) to gather data from endpoints such as processes running, what ran recently, registry keys, dlls and the like. This is used to gather endpoint information rather than deploying client software to each endpoint.

Probe is a new product that is deployed in branch offices and collects the same type of data but forwards it to a Detector for analysis.

The Magna Cloud service further analyzes the network data collected by Detectors looking for patterns that LightCyber has designated as indicative of specific ongoing attacks or that could be the activity of an unknown attack. Magna Pathfinder does similar analysis of endpoint data, again to detect attacks.

The goal is to provide high-reliability alerts to possible intrusions that cut through the hundreds or thousands of alarms generated daily by other security platforms, Matlof says. The typical customer gets just four or five per day, helping to sort through the clutter and prioritize for security pros what to check out. The platform also provides the data that led it to conclude there was something to be alerted about, giving security teams guidance on where to look for the root of the problem.

The platform is newly integrated with Palo Alto's next-gen firewall as well as Check Point, RSA Arcsight, and FortKnox gear as well as Microsoft Active Directory to provide enforcement points to block discovered malicious activity and isolate affected machines. Such integration with this group of vendors, while not ubiquitous, will address such protection for a wide group of customers, Firstbrook says.

Automating the prioritization of what suspicious activity for human analysts to check out is valuable for stopping attacks early and reducing the damage attackers get away with, he says. "Home Depot and the New York Times attack both had alerts, but nobody followed up on them because there were too many alerts and no easy way to resolve them," he says. Detecting an attack sooner reduces the opportunity for theft and destruction.

Use of RPC to gather endpoint data has its pros and cons, he says. Remote solutions can only do a point-in-time snapshot and then compare snapshots whereas agents on each machine can record and playback all changes. The agent can also isolate affected machines and give security operations centers time to investigate without worrying about continuing damage. Agents can help with remediation by killing malicious processes and rolling back any changes attackers have made, Firstbrook says.

On the other hand RPC can provide quick, lightweight validation of suspected infection, he says.

Windows is the most attacked operating system, so using RPC will be widely effective, but he says Gartner is getting more and more requests from customers for similar visibility from this type of platform for Macs and Linux.

He notes that when laptops the most common device used as traditional desktops in enterprises go mobile, LightCyber offers them no protection.

The company has a healthy pedigree, including its two founders, Michael Mumcuoglu (CTO) and Giora Engel (Chief Product Officer), both of whom were officers in technological units of the Israeli Defense Force and have participated in startups before.

It has brought on Gonen Fink as CEO, one of the first five Check Point employees who rose to be chief architect. It has $12.5 million in funding from Battery Ventures and Glilot Capital Partners.

Magna Detector and Magna Probes are priced based on how many devices they profile, with the starting price at $30,000 to support 1,500 endpoints. Magna Cloud and Magna Pathfinder services have annual subscriptions based on how many hosts they scan.

Join the CSO newsletter!

Error: Please check your email address.

Tags AccessDataGartnermalware detectionsecurityBit9endpoint securityPathhacker

More about AccessDataBattery VenturesCheck PointGartnerHome DepotLinuxMacsMicrosoftRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place