The new products provide attack visibility for Infrastructure-as-a-Service (IaaS) and hybrid cloud data centre workloads. Leveraging all of the existing behavioural profiling and anomaly detection capabilities available in the Magna platform, the new Magna Detector-AWS and Magna Probe-AWS products support deployment within an organisation’s AWS Virtual Private Cloud (VPC). LightCyber also announced a new version of its agentless, on-demand Magna Pathfinder for Linux to extend integrated network and endpoint detection features to one of the most common data centre server platforms.
Approximately 155 million workloads will move to public cloud data centres by 2019 according the Cisco Global Cloud Index1, eclipsing those that will exist in private cloud data centres. Even bulge bracket banks are projected to migrate from little or no use of public cloud data centres today to having 30 percent of their data centre capacity in the public cloud within three years, according to a note from Deutsche Bank2.
“While network security analytics systems exist for on-premise environments, the capabilities for public cloud workloads have lagged behind,” said Jason Matlof, executive vice president, LightCyber. “Extending the Magna Behavioural Attack Detection platform into the public cloud data centre enables security operators to achieve similar levels of security visibility into active attacks for both the on-premise and cloud data centre environments.”
The new LightCyber Magna products detect the operational activities of malicious insiders or targeted external attackers attempting to gain control of assets hosted in an AWS cloud data centre or using it as a point for command and control (C&C) communication and eventual exfiltration of data. Similar to an on-premise data centre, once attackers gain a foothold, they need to explore the environment through reconnaissance and must expand their realm of control to gain access to assets using lateral movement. The Magna Behavioural Attack Detection platform employs machine learning techniques to detect these reconnaissance and lateral movement activities, as well as C&C and exfiltration, so that an attack can be thwarted before damage is done. The Magna platform combines the capabilities of Network Traffic Analytics (NTA) with User and Entity Behaviour Analytics (UEBA) to eliminate blindness to attacker and malicious or risky insider activity.
The new Magna Probe-AWS and Magna Detector-AWS make use of native AWS VPC Flow Logs or, the currently in beta, Gigamon Visibility FabricTM for AWS to monitor the virtual network. It also complements the existing capability of the Magna platform to monitor inbound and outbound network traffic to a public cloud over a site-to-site VPN.
In addition, the new version of Magna Pathfinder extends the Magna platform with an agentless, on-demand capability to interrogate Linux workstations and servers, which complements the network-centric behavioural profiling capabilities of the Magna Detector products. Previously Magna Pathfinder engaged only with Windows servers and clients.