ADAPTIVE THREAT RESPONSE PLATFORM
Often times, the difference between preventing a cyber attack or suffering a crippling loss is simply knowing where to look for the signs of a compromise.
Even the most advanced attackers leave traces of their presence so an effective defense must not only be vigilant, but also ever-adaptive in response to changes in attacker tactics. A critical element in this age of constantly evolving threats is a detailed view of an organization’s entire potential attack surface. Log collection solutions are simply outgunned against today’s advanced threat actors as they either lack the data, or the ability to analyze their data in a manner that allows rapid attack detection.
As a result, the LMNTRIX Adaptive Threat Response (ATR) platform is a must-have validated technology stack that improves our visibility and can be consumed as a service using the LMNTRX Cloud or on premise.
Our platform is based on a number of detective, responsive and predictive capabilities that integrate and share information to build a security protection system that is more adaptive and intelligent overall than any one system.
It is this constant exchange of intelligence – both between various aspects of our Adaptive Threat Response platform and with the wider cyber security community – that enables the LMNTRIX platform stay ahead of even the most persistent, well-resourced and skilled attack groups.
The LMNTRIX Portal provides you with an overview of your entire network with the ability to cut through the static in order to respond to the highest priority threats via deep forensics and powerful collaboration tools.
The LMNTRIX Adaptive Threat Response platform aggregates threats from every one of the detective, responsive and predictive capabilities using standard protocols then it provides the required workflow to triage, investigate, escalate, and effectively remediate security incidents. The response procedure library is customized based on the threat category of each incident type. Additionally, the incidents are prioritized with business context so intrusion analysts investigate the incidents that pose the biggest risk to our clients.
After an incident has been positively categorized as a data breach, the LMNTRIX ATR platform enables our analysts to proactively manage the breach response process. Throughout this process, client incident and breach information is protected and shared only with the stakeholders that must know about it. Additionally, the LMNTRIX platform enables our team to assess the Confidentiality, Impact and Availability (CIA) of the breach which allows us to formulate client specific breach response plans. Each clients’ predetermined breach response procedures are catalogued in the response procedure library, allowing our analysts to respond rapidly when a breach is confirmed.
CDC Program Management
The LMNTRIX platform enables us to manage the overall effectiveness of our Cyber Defense Center (CDC) team from resources, scheduling, contacts, security controls efficacy and shift-handoff. With the use of the Program Management functionality we ensure that the overall CDC program is being managed as an effective, consistent and predictable process.
Multi-Threat Detection System
A proprietary virtual system powers our platform, delivering an integrated, multi-layered detect-in-depth capability which can be deployed on either dedicated or virtual servers. The MTD sensor connects with multiple clouds for updates, intelligence, policies, and cloud emulation and employs ten (10) threat detection modules. .
Advanced Endpoint Threat Detection & Response
The LMNTRIX Advanced Endpoint Threat Detection and Response service uses a light weight sensor deployed on all your endpoints to capture detailed state information.
Additionally, it is used by our Cyber Defense Center to continuously monitor all endpoint activity, conduct adversary hunting, validate breaches and detect encrypted attacks. Using a light weight sensor allows our intrusion analysts to delve deep into the inner workings of endpoints and expose anomalous behaviors.
Our techniques include live memory analysis, direct physical disk inspection, network traffic analysis, and endpoint state assessment. Our service doesn’t require signatures or rules. Instead, by leveraging unique endpoint behavioral monitoring and advanced machine learning, we dive deeper into endpoints which allows us to better analyze and identify zero-days and hidden threats that other endpoint security solutions miss entirely.
Armed with this information, our intrusion analysts instantly find similarly infected endpoints and quickly expand their visibility into the full scope of a compromise. Once an intrusion is confirmed, we disrupt malware-driven tactics, techniques and procedures (TTPs), and limit attacker lateral movement by quarantining and blocking the threat
Hunting, Behavior Analytics and Forensics
Our platform delivers extensive visibility, high performance threat hunting and unrivalled incident response by augmenting our Hunt Team’s capabilities with Behavior and Analytics technology.
Our technology gives your network photographic memory. Full fidelity packet capture, which is optimized and stored for up to a year, means you will know with absolute certainty whether or not events have impacted your environment. Our platform is also able to detects threats in real time and automatically replay stored packets to discover previously unknown threats through the correlation of proprietary research intelligence, machine learning, flow-based traffic algorithms and multiple third party threat intelligence feeds
Our platform deploys deceptions everywhere to divert attackers and change the asymmetry of cyber warfare by focusing on the weakest link in a targeted attack - the human team behind it. Targeted attacks are orchestrated by human teams, and humans are always vulnerable.
By weaving a deceptive layer over every endpoint, server and network component, an attacker is faced with a false world in which every bit of data cannot be trusted. If attackers are unable to collect reliable data, their ability to make decisions is negated and the attack is stopped in its tracks.
Not only does this technique waste hackers' time, but it also allows the quick identification of attackers with high assurance. This is due to the fact that legitimate users have no reason to access the fake systems, vulnerabilities and information, allowing security teams to rapidly respond and prevent attackers from causing damage.
PIE - Predictive Intelligence Exchange
We are all facing attacks, all the time. As a result, we have a lot of data – why not share it?
That is the idea behind PIE: Attackers are known to share methods and tactics so, in order to advance the state of threat intelligence, organizations must collaborate and correlate more of their data, more quickly.
Today PIE aggregates over 200 threat intelligence sources with the aim of aggregating thousands more in the future.
The proprietary technology behind PIE allows us to deliver earlier detection and identification of adversaries in your organization’s network. This is achieved by making it possible to correlate tens of millions of threat indicators against real-time network logs. This approach means threats can be detected at every point throughout the attack lifecycle, enabling mitigation before your organization experiences any material damage.
Deep & Dark Web Intelligence
It’s not enough to know what's happening on the inside of your network, you need to have someone who has your back on the outside too. After all, when hackers steal data, it almost always finds its way to an online black market – the deep and dark web.
We shine a light on this back alley of the cyber world by using our intelligence, knowledge and proprietary techniques to your advantage. Whether an attacker has stolen your data and is looking to sell it online or if someone is planning to breach your organization and is seeking advice on how to do so, we can use the attacker’s platforms against them.
Our proprietary reconnaissance technology detects these and other cyberthreats in the deep and dark web by aggregating unique cyber intelligence from multiple sources.
LMNTRIX ThinkGrid is not a SIEM, but it is the perfect replacement for a SIEM as it uses an open source search and analytics engine enabling scalability, reliance and extremely simple management. It offers a sophisticated, developer-friendly query language covering structured, unstructured, and time-series data.
Our use of machine learning algorithms means our platform gets smarter every minute while also eliminating the need for clients to write rules or create thresholds. By analysing your data in order to find discrepancies and unorthodox behavior, our platform is able to link these anomalies together, joining the dots and uncovering the truth behind advanced threat activity. Critically, in order to ensure accuracy, our algorithms are based on your data because the only way we can know what is “abnormal”, is to know what’s “normal” for your organization.