LightCyber, a leading provider of Behavioral Attack Detection solutions, today announced that it was listed as a Representative Vendor in two separate, recently published Market Guide reports from Gartner, Inc., which advocate the use of broad-based machine learning techniques to detect the anomalous behaviors of active network attackers. The first, published December 8, 2016, Market Guide for User and Entity Behavioral Analytics (G00292503), includes solutions that profile users and entities to detect anomalies. The second, published November 30, 2016, Market Guide for Endpoint Detection and Response Solutions (G00298289), includes solutions using endpoint visibility for early identification of attacks.

“The unique combination of network data analytics augmented by user and endpoint visibility gives the Magna platform a substantial advantage in detecting active network attacks with a high degree of accuracy while producing only a small number of alerts,” said Jason Matlof, executive vice president, LightCyber. “The vendor community is creating a variety of new attack detection solutions that are similar to their incumbent predecessors and that are each biased by a particular technical approach – primarily network-centric, endpoint-centric, or user-centric. We believe the reason that LightCyber Magna has been acknowledged in multiple Gartner reports is due to the increasing recognition of the unique value of solutions that combine multiple data context together into a single analytical solution. We are pleased to receive these acknowledgements.”

Analysts Peter Firstbrook and Neil MacDonald recommend in the Market Guide for Endpoint Detection and Response Solutions that “The most critical EDR capability is the ability to detect sophisticated hidden threats, ideally without requiring the use of externally fed IOCs. The ideal EDR system should be capable of self-detection using its own built-in detection techniques, analytics and behavioral indicators. The range of detection techniques will be also be affected by the type of data gathered. Three realms of data are most valuable: user, endpoint and network events. This data also needs to be put into context with global threat intelligence (that is, attribution and trends). Generally speaking, more information and more context is better than less, assuming it can scale across infrastructure and information management.”

In the Market Guide for User and Entity Behavioral Analytics, analysts Toby Bussa, Avivah Litan and Tricia Phillips recommend “Vendors use packaged analytics to evaluate the activity of users and other entities (hosts, applications, network traffic and data repositories) to discover potential incidents commonly presented as activity that is anomalous to the standard profiles and behaviors of users and entities.”

With the industry average dwell time of approximately five months to discover an active attacker on a network, it is clear that organizations have had little success in stopping a data breach or thwarting theft or damage to critical IT assets. The typical “known bad” security approach of identifying malware through static definitions such as signatures, domains and pre-defined behaviors is no match for sufficiently motivated cybercriminals that will create mechanisms to circumvent those systems, not to mention the fact that those systems are incapable of stopping rogue insiders that already have legitimate credentials on the network. By contrast, Magna uses a “learned good” approach that employs machine learning techniques to profile all user and entity activities, and then detects anomalous activities that are indicative of an active attack.

Resources

UEBA Insight page with new white paper and the report

The Feeding Frenzy in New Attack Detection Solutions! – blog about how to choose amongst a dizzying array of new machine learning solutions

Cyber Weapons Report, indicating how attackers orchestrate network attacks and showing how malware is not typically involved in the active—and longest—stage of the attack

Video interview with a media company about how security visibility is now critical in protecting assets

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About LightCyber

LightCyber is a leading provider of Behavioral Attack Detection solutions that provide accurate and efficient security visibility into attacks that have slipped through the cracks of traditional security controls. The LightCyber Magna™ platform is the first security product to integrate user, network and endpoint context to provide security visibility into a range of attack activity. Founded in 2012 and led by world-class cyber security experts, the company’s products have been successfully deployed by top-tier customers around the world in industries including the financial, legal, telecom, government, media and technology sectors. For more information, please visit http://www.lightcyber.com or follow us on TwitterLinkedIn and Facebook.

LightCyber and Magna are trademarks of LightCyber in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.