- CSB Makes Business Case for Safety
- Design Flaws Led to KS Toxic Chem Release
- Tank Blast: Pressure Boundary Failed
- Wecon Mitigates HMI Editor Holes
- Schneider Working on Modicon, SoMachine Holes
- Schneider Updates Controller Fix
- ICSJWG: New Reality for Safety, Security
- ICSJWG: Malware Having ICS Impact
Chemical Safety Incidents
PAN Deals for Breach Detection Firm
Wednesday, March 1, 2017 @ 02:03 PM gHale
Palo Alto Networks (PAN) paid $105 million for breach detection provider LightCyber.
LightCyber’s machine learning, behavioral analytics platform will now integrate into Palo Alto’s Next-Generation Security Platform, officials said.
Founded in 2012, LightCyber’s platform doesn’t look at a specific packet or field to detect possible malicious activity, but detects attacks by identifying suspicious behavior inside the network.
The goal behind the LightCyber technology is to be able to detect malicious insiders, targeted external attackers and operationalized malware by monitoring network traffic. It learns the behavior of all users and devices; and detects the anomalies that deviate from expected behavior. LightCyber starts with a blank slate and employs unsupervised machine learning to create these baseline profiles. From this ongoing profiling process, LightCyber can pinpoint anomalous behaviors indicative of an attack or risky user behavior.
Targeted attackers can find ways to compromise systems and infiltrate networks. Once attackers are in the network, they begin a step-by-step process of reconnaissance and lateral movement using networking and admin tools. To stay under the radar, they often avoid using malware or known exploits. However, they still need to understand the network design and find the location of sensitive assets and expand their realm of control to gain access to these assets by conducting reconnaissance and lateral movement.
LightCyber stops attacks early by understanding how users and devices typically behave and by recognizing changes in behavior – such as a regular user performing administrative activity or scanning rarely accessed file shares – to stop an advanced attack early and definitively.
“This technology will complement the existing automated threat prevention capabilities of our platform to help organizations not only improve but also scale their security protections to prevent cyber breaches,” said Mark McLaughlin, chairman and chief executive of Palo Alto Networks.
The technology integration should be ready by the end of the calendar year, Palo Alto officials said.