Bringing Award-Winning Automated Behavioral Analytics to the Palo Alto Networks Next-Generation Security Platform

LightCyber® further enhances and extends our ability to prevent attacks at the internal reconnaissance and lateral movement stages of the attack lifecycle, two stages that are often very important to a successful attack.

What does LightCyber technology do?

LightCyber empowers organizations to detect and stop active attacks in their network. Founded by cybersecurity experts in 2012, LightCyber has been leading the industry in the development of automated behavioral analytics capabilities and uses sophisticated machine learning to quickly, efficiently and accurately identify attacks based on identifying behavioral anomalies inside the network. LightCyber’s products have been successfully deployed by top-tier companies in the financial, healthcare, legal, telecom, government, media and technology sectors.

How does the technology work?

LightCyber detects malicious insiders, targeted external attackers and operationalized malware by monitoring network traffic; learns the behavior of all users and devices; and detects the anomalies that deviate from expected behavior. LightCyber starts with a blank slate and employs unsupervised machine learning to create these baseline profiles. From this ongoing profiling process, LightCyber pinpoints anomalous behaviors that are indicative of an attack or risky user behavior.

What challenge does LightCyber solve?

Targeted attackers can find ways to compromise systems and infiltrate networks. Once attackers are in the network, they begin a step-by-step process of reconnaissance and lateral movement using networking and admin tools. To stay under the radar, they often avoid using malware or known exploits. However, they still need to understand the network design and find the location of sensitive assets and expand their realm of control to gain access to these assets by conducting reconnaissance and lateral movement.

LightCyber stops attacks early by understanding how users and devices typically behave and by recognizing changes in behavior – such as a regular user performing administrative activity or scanning rarely accessed file shares – to stop an advanced attack early and definitively.

Why is the technology so differentiated?

The LightCyber approach focuses on network and endpoint traffic, and on activity within the networking traffic, to drive its primary analysis. LightCyber uniquely offers:

  • Unsupervised machine learning to prevent unknown threats. LightCyber catches post-intrusion activity that does not involve malware or known exploits by learning expected behavior and detecting anomalies indicative of an attack.

  • Broad inputs to maximize detection accuracy and efficiency. LightCyber analyzes behavior across networks, users and endpoints to automate investigations and confirm suspicious behavior by pinpointing the endpoint process responsible for an attack. To achieve this, it analyzes the process in the cloud.

  • Attack mitigation across the entire attack lifecycle. LightCyber detects all stages of the attack lifecycle after the initial intrusion, focusing on hard-to-detect, low-and-slow reconnaissance and lateral movement to which most security products are blind.

  • Integrated remediation to prevent cyberattacks. Because LightCyber accurately detects attacks, it can block compromised devices and disable user accounts automatically, or administrators can do it through the click of a button.

How does LightCyber fit into the Palo Alto Networks Next-Generation Security Platform?

LightCyber extends the ability of the Palo Alto Networks® platform to mitigate unknown threats inside the network and root out attackers as they perform low-and-slow reconnaissance, expand control, and attempt to manipulate or steal data.

LightCyber enhances and extends our ability to prevent attacks across the attack lifecycle and especially at the internal reconnaissance and lateral movement stages, which are often important to a successful attack. With LightCyber added to our platform, it can further prevent command-and-control activity and data exfiltration by detecting anomalous behavior. You will gain unrivaled protection against targeted attacks, insider threats, risky behavior and malware inside your network.

Since our inception, Palo Alto Networks has pioneered new ways of tackling seemingly impossible security challenges and, along the way, has provided eye-opening visibility into user and application traffic as well as exceptional breach prevention capabilities. The LightCyber automated behavioral analytics technology represents another step in our evolution of delivering a platform at the forefront of the innovation curve. With the LightCyber technology, our platform will be able to analyze user, endpoint and network behavior and apply machine learning techniques to detect and stop active attackers inside the network who do not rely on malware or vulnerability exploits.