We usually write about general cybersecurity issues and insights, but today we want to share what we’ve been up to with our team at LMNTRIX since we’ve been asked about what we are doing a lot lately.
It probably won’t surprise you to learn that most existing cybersecurity isn’t up to snuff. The news is constantly reporting massive data breaches from the largest, “best protected” organizations such as Yahoo, Adobe, JP Morgan Chase, and even the US military. These organizations boasted cutting-edge, top-dollar SOCs, SIEMs, EDRs, sandboxes, firewalls– the whole lot.
Their security just wasn’t good enough.
This reality is what drives us. LMNTRIX has reimagined cybersecurity, turning the tables in favor of the defenders once again. We have cut out the bloat of SIEM alerts and log analysis, and we created new methods for confounding even the most advanced hackers. Our methods are complementary to those already practiced by your internal SOC or MSSP.
We deliver an advanced cyber defence solution called Active Defense. We believe that in a time of continuous compromise you need continuous response – not incident response. Our approach turns inward, and assumes that you’re already breached and that you’re continually going to be breached, so we take a pro-active, offensive, hunting stance as opposed to a reactive defensive, traditional stance. We call this Adversarial Pursuit.
Here’s what LMNTRIX does different in a little more detail.
We stipulate a validated and integrated architecture that requires clients to hand us a clean network. That means at the very least a client needs to have firewall, IPS, web and email security gateways in place at their Internet perimeter – in blocking mode, cleaning their network. These solutions block most of the common threat vectors.
The LMNTRIX XDR natively unifies Machine and Underground Intelligence, NGAV, EDR, NDR, UEBA and Deception Everywhere with completely automated attack validation, investigation, containment and remediation on a single, intuitive platform. Backed by a 24/7 Managed Detection and Response service – at no extra cost – we provide very comprehensive protection of the environment for even the smallest security teams that covers the entire attack surface.
It is a cyber defence SaaS platform that provides a new utility model for enterprise security, delivering pervasive visibility, analytics, and unlimited forensic exploration on-demand and entirely from the cloud. It is a single investigative platform for insights into threats on enterprise, cloud, hybrid, and industrial control systems (ICS) networks. The LMNTRIX XDR delivers unique advantages over current network security solutions. It is a holistic and multi-vector platform with unlimited retention window of full-fidelity network traffic, innovative security visualizations, and the ease and cost-savings of an on-demand deployment model.
LMNTRIX Technology Stack
This is our proprietary threat detection stack that is deployed onsite, behind existing controls. It’s made up of network sensors, endpoint agents and deceptions everywhere. It combines multiple threat detection systems, with machine learning, threat intel, network forensics, correlation, static file analysis, heuristics, and behavior and anomaly detection techniques to find threats in real-time. It decreases alarm fatigue by automatically determining which alerts should be elevated to security events, and reduces false positives by requiring consensus across detection.
The key difference here is that we deploy our own technology stack that is proprietary and patent pending to help us detect advanced threats that bypass your perimeter controls. We do not manage or collect logs from client owned detection solutions (such as Firewalls, EDRs, IPSs, etc) as these are generally poorly configured and badly tuned (adding to the high false positive and false negative rates).
LMNTRIX Cyber Defense Centers
A global network of cyber defense centers with highly trained and certified intrusion analysts who provide constant vigilance and on-demand analysis of your networks. Our intrusion analysts monitor your networks and endpoints 24×7, applying the latest intelligence and proprietary methodologies to look for signs of compromise. When a potential compromise is detected, the team performs an in- depth analysis on affected systems to confirm the breach. When data theft or lateral movement is imminent, our endpoint containment feature makes immediate reaction possible by quarantining affected hosts, whether they are on or off your corporate network. This significantly reduces or eliminates the consequences of a breach.
No Alert Fatigue
Most SIEMs, even the properly configured ones, send far too many threat alerts. Every cursory, nonthreatening scan of your network can trigger another alert, creating noise behind which real threats can hide. When it becomes impossible for an organization to investigate every alert, the network security is compromised, and keeping up with every SIEM alert is unfeasible due to the sheer number of notifications. It becomes impossible to identify which alerts correspond to real threats, and which are the result of an overactive SIEM, overworking your security analysts and compromising your security.
Over the past 20 years our industry has thrown everything at the SIEM problem except the kitchen sink. SIEM vendors now make you purchase threat intelligence, SOAR, UEBA, ML and even AI hoping that it will deliver more value apart for it being a glorified syslog server that is nothing less than a very expensive messenger for your controls, while all along not realising that any log based strategy for threat detection is destined to fail. We believe that logs are fine for post breach forensics and investigations but they’re not great for threat detection.
When you get a notification from LMNTRIX, you know it’s serious. We don’t contact our customers often, but when we do, it is to notify them of a real threat.
Breach Validation, Investigation, Containment and Remediation
If it appears your network has been compromised, LMNTRIX will investigate for you, CSI-style then Contain and Remediate. Most security solutions and services will only alert you to the possibility of a breach, leaving the investigation up to the organization.
Imagine getting a call from the police, saying they suspect an intruder is in your home, but you’ll have to take it from there. This would be a terrible police department, and you’d probably feel at a loss about how to handle the intruder yourself. It might even make you question the purpose of having a police department which won’t actually do anything to help you. A network security service or solution which doesn’t include breach validation, investigation, containment and remediation is just like that hypothetical police department: shockingly ineffective, nearly useless, and not who you want to help you.
Here at LMNTRIX, we don’t deal in maybes. When you hear from us, it’ll be a yes or a no, along with the next steps to secure your network once again. By validating breaches, we reduce escalations and false positives by 95%.
Reclaim Your Fortress
Network security has become hopelessly turned around. Companies become trapped within their own networks, desperately battling back cyberattackers like medieval knights kicking ladders from their castle walls. This is not how it should be. Your network should be your territory, your safe zone. No outsider should be able to hold you and your data hostage inside your own network. It should be the attackers who are on high alert once they breach your network. Imagine an invader breaking into a castle, only to find for a large feast piled in the dining hall in his honor. Now the attacker is wary, confused, unsure what to do next…
With LMNTRIX, any attacker inside your network will quickly become disoriented, not sure what is real and what is a decoy. They will follow file paths down false trails, connect to virtual devices designed to trap them, and constantly run the risk of setting off alarms. LMNTRIX also monitors each endpoint of each client’s network 24×7, and our approach allows for the immediate containment of any detected threat. When an attacker is detected, your personal, designated LMNTRIX security analyst will initiate a response plan tailored to your unique network environment, and expert incident responders can be quickly engaged to remediate damages and assess potential business impacts.
Record your Network
It should be clear by now that logs alone don’t give us the evidence we need once a breach has occurred.
We all know that a breach is just a matter of time. When the inevitable happens, the evidence should tell us how they got in, what they did on your network, if they cleared their tracks, what tools they used, and if any backdoors were established for persistence.
With LMNTRIX, we are like the DVR for your network. Our technology gives your network photographic memory. Full fidelity packet capture, which is optimized and stored for up to a year, means you will know with absolute certainty if events have impacted your environment. Our platform also detects threats in real time and automatically replays stored packets to discover previously unknown threats through the correlation of proprietary research intelligence, machine learning, flow-based traffic algorithms and multiple third-party threat intelligence feeds.
Automated Hunting – Both Inside & Outside
The most advanced malicious activity will not be identified by ML, anomaly detection or traditional alerting mechanisms – this is where proactive hunting methods will uncover threats that standard perimeter defenses are blind to. Our service includes pro-active network and endpoint threat hunting. We have spent years automating this process so you don’t have to. All activities are documented and updated as malicious campaigns evolve.
It’s not enough to know what’s happening on the inside of your network, you need to have someone who has your back on the outside too. After all, when hackers steal data, it almost always finds its way to an online black market – the deep and dark web. The back alley of the cyberworld where illegally obtained data is bought and sold.
LMNTRX shines a light on the deep and dark web by using our intelligence, knowledge and proprietary techniques to your advantage. Whether an attacker has stolen your data and is looking to sell it online or if someone is planning to breach your organization and is seeking advice on how to do so, we can use the attacker’s platforms against them so you can be certain of your defenses.
LMNTRIX proprietary technology detects these and other cyberthreats in the deep and dark web by aggregating unique cyber intelligence from multiple sources. We tirelessly analyze cyberthreats that could threaten your organization and then prioritize and enable remediation. We ensure you are never left in the dark. It is the real-world proof that you are cybersecure, and the real-word defense approach that keeps you that way.
With our validated architecture we rely on you to block as many threat vectors as possible using your existing controls. Next we deploy the LMNTRIX Technology Stack on the inside of your network which in turn feeds into the LMNTRIX XDR. We then wait for threats to bypass your existing controls before we validate, investigate, contain and remediate them. With our process we automate as much of the malware detection as possible, human attackers and red teams we bait and deceive, everything else we miss, we hunt. With our approach we get rid of the noise, false positives and alert fatigue while validating every single suspicious threat that bypasses your perimeter controls. In contrast, the traditional SOC/SIEM/MSSP model has thousands if not millions of events overlooked by the overwhelmed analysts resorting to delivering nothing more than rudimentary threat detection & false positives.
So in summary, we are in the business of detecting and responding to advanced threats that the SIEM, MSSP and security vendors miss. The outcome we deliver clients are validated incidents (threats/breaches) that are investigated, contained and remediated. All incidents are aligned to the kill chain and Mitre ATT&CK frameworks and contain detailed investigative actions and recommendations that the client follows to protect against the unknown, insider threat and malicious attacker.
With Active Defense our approach, LMNTRIX keeps hackers away from your secure, sensitive information and rapidly reclaims your fortress.
LMNTRIX offers so much more than is possible for any SOC, MSSP, SIEM or perimeter control. As the security game advances, prevention-based security is hopelessly insufficient and outclassed. We know attackers have become more advanced, and we know that even the most expensive traditional security packages have consistently failed to protect organizations. LMNTRIX is making the push into next-generation security, bypassing multi-million-dollar SOCs and SIEMs in effectiveness and countering even the most advanced threats.
If this sounds good to you, we’re happy to be in touch. You can contact us through our website, email us at firstname.lastname@example.org or click here.
If you’re in the channel or an MSP and would like to truly help your clients improve their risk posture and deliver this exact advanced threat detection and response capability, then consider partnering with us. We sell exclusively through the channel and have global presence. Best of all, we work with you to deliver the end outcome to clients. To learn more, visit lmntrix.com or get in touch using email@example.com.
Want to know more about next-generation security? Head over to the below articles to learn more.
- SIEMs, EDRs, SOCs, MSSPs – cyber security’s false prophets
- Why SIEMs Are the Achille’s Heel of the Cybersecurity World
- If vendors spent less on marketing and more on capability, our job would be a lot harder
- Is Microsoft one of the most effective AV vendors on the planet?
- VIDEO – WHY YOUR SIEM MIGHT BE AS USEFUL AS A SELFIE-OBSESSED CELEBRITY
- The Three Pillars of Cybersecurity
- Stepping into the Breach