Often times, the difference between preventing a cyber attack or suffering a crippling loss is simply knowing where to look for the signs of a compromise. Even the most advanced attackers leave traces of their presence so an effective defense must not only be vigilant, but also ever-adaptive in response to changes in attacker tactics. A critical element in this age of constantly evolving threats is a detailed view of an organization’s entire potential attack surface. Log collection solutions are simply outgunned against today’s advanced threat actors as they either lack the data, or the ability to analyze their data in a manner that allows rapid attack detection.
As a result, the LMNTRIX Grid is a must-have cloud platform that improves our visibility and provides analysts a chronological order of attacks whether detected through automated malware detection, baiting of human attackers or hunting on the network or endpoints. The LMNTRIX Grid is based on a number of detective, responsive and predictive capabilities that integrate and share information to build a security protection system that is more adaptive and intelligent overall than any one system. It is this constant exchange of intelligence – both between various aspects of the LMNTRIX Grid and with the wider cyber security community – that enables LMNTRIX to stay ahead of even the most persistent, well-resourced and skilled attack groups.
The LMNTRIX Grid is our cyber defence SaaS platform that provides a new utility model for enterprise security, delivering pervasive visibility, threat hunting, validation, investigation, containment, remediation and unlimited forensic exploration on-demand and entirely from the cloud. It is a single investigative platform for insights into threats on enterprise, cloud, hybrid, and industrial control systems (ICS) networks. The LMNTRIX Grid delivers unique advantages over current network security solutions. It is a holistic and multi-vector platform with unlimited retention window of full-fidelity network traffic, innovative security visualizations, and the ease and cost-savings of an on-demand deployment model.
The LMNTRIX Grid interface provides you with an overview of your entire network with the ability to cut through the static in order to respond to the highest priority threats via deep forensics and powerful collaboration tools.
The LMNTRIX Grid aggregates threats from every one of the detective, responsive and predictive capabilities using standard protocols then it provides the required workflow to triage, investigate, escalate, and effectively remediate security incidents. The response procedure library is customized based on the threat category of each incident type. Additionally, the incidents are prioritized with business context so intrusion analysts investigate the incidents that pose the biggest risk to our clients.
After an incident has been positively categorized as a data breach, the LMNTRIX Grid enables our analysts to proactively manage the breach response process. Throughout this process, client incident and breach information is protected and shared only with the stakeholders that must know about it. Additionally, the LMNTRIX Grid enables our team to assess the Confidentiality, Impact and Availability (CIA) of the breach which allows us to formulate client specific breach response plans. Each clients’ predetermined breach response procedures are catalogued in the response procedure library, allowing our analysts to respond rapidly when a breach is confirmed.
The LMNTRIX Grid enables us to manage the overall effectiveness of our Cyber Defense Center (CDC) team from resources, scheduling, contacts, security controls efficacy and shift-handoff. With the use of the Program Management functionality we ensure that the overall CDC program is being managed as an effective, consistent and predictable process.
The LMNTRIX Technology Stack is our powerful proprietary threat detection stack that is deployed onsite, behind existing controls. It’s made up of network sensors, endpoint agents and deceptions everywhere. It combines multiple threat detection systems, machine learning, threat intel, correlation, static file analysis, heuristics, and behavior and anomaly detection techniques to find threats in real-time. It decreases alarm fatigue by automatically determining which alerts should be elevated to security events, and reduces false positives by requiring consensus across detection.
A proprietary threat detection system powers our network sensor, delivering an integrated, multi-layered detect-in-depth capability which can be deployed as either a dedicated appliance or a virtual server.
The LMNTRIX proprietary endpoint agent provides a combination of NGAV + Endpoint Threat Detection and Response capabilities in a lightweight custom build agent deployed on all your endpoints to capture detailed state information, as well as block exploits and malware. Additionally, it is used by our Cyber Defense Center to continuously monitor all endpoint activity, conduct adversary hunting, validate breaches and detect encrypted attacks. Using a light weight agent allows our intrusion analysts to delve deep into the inner workings of endpoints and expose anomalous behaviors.
Our techniques include live memory analysis, direct physical disk inspection, network traffic analysis, and endpoint state assessment. Our service doesn’t require signatures or rules. Instead, by leveraging unique endpoint behavioral monitoring and advanced machine learning, we dive deeper into endpoints which allows us to better analyze and identify zero-days and hidden threats that other endpoint security solutions miss entirely.
Armed with this information, our intrusion analysts instantly find similarly infected endpoints and quickly expand their visibility into the full scope of a compromise. Once an intrusion is confirmed, we disrupt malware-driven tactics, techniques and procedures (TTPs), and limit attacker lateral movement by quarantining and blocking the threat.
This proprietary network sensor delivers extensive visibility, high performance threat hunting and unrivalled incident response by augmenting our Hunt Team’s capabilities with Behavior and Analytics technology.
Our technology gives your network photographic memory. Full fidelity packet capture, which is optimized and stored for up to a year, means you will know with absolute certainty whether or not events have impacted your environment. Our platform is also able to detects threats in real time and automatically replay stored packets to discover previously unknown threats through the correlation of proprietary research intelligence, machine learning, flow-based traffic algorithms and multiple third party threat intelligence feeds.
Our platform deploys proprietary deceptions everywhere to divert attackers and change the asymmetry of cyber warfare by focusing on the weakest link in a targeted attack – the human team behind it. Targeted attacks are orchestrated by human teams, and humans are always vulnerable.
By weaving a deceptive layer over every endpoint, server and network component, an attacker is faced with a false world in which every bit of data cannot be trusted. If attackers are unable to collect reliable data, their ability to make decisions is negated and the attack is stopped in its tracks. Our deceptions technology uses a combination of Decoys, Breadcrumbs, Tags and Personas. Not only does this technique waste hackers’ time, but it also allows the quick identification of attackers with high assurance. This is due to the fact that legitimate users have no reason to access the fake systems, vulnerabilities and information, allowing security teams to rapidly respond and prevent attackers from causing damage.
We are all facing attacks, all the time. As a result, we have a lot of data – why not share it?
That is the idea behind LMNTRIX Intelligence: Attackers are known to share methods and tactics so, in order to advance the state of threat intelligence, organizations must collaborate and correlate more of their data, more quickly.
Today LMNTRIX Intelligence aggregates over 300 threat intelligence sources with the aim of aggregating many more in the future. The proprietary technology behind LMNTRIX Intelligence allows us to deliver earlier detection and identification of adversaries in your organization’s network. This is achieved by making it possible to correlate over 650 million threat indicators against real-time network data. This approach means threats can be detected at every point throughout the attack lifecycle, enabling mitigation before your organization experiences any material damage.
It’s not enough to know what’s happening on the inside of your network, you need to have someone who has your back on the outside too. After all, when hackers steal data, it almost always finds its way to an online black market – the deep and dark web.
We shine a light on this back alley of the cyber world by using our underground intelligence, knowledge and proprietary techniques to your advantage. Whether an attacker has stolen your data and is looking to sell it online or if someone is planning to breach your organization and is seeking advice on how to do so, we can use the attacker’s platforms against them. Our proprietary reconnaissance technology detects these and other cyberthreats in the deep and dark web by aggregating unique cyber intelligence from multiple sources.
With LMNTRIX Active Defense, we don’t use a SIEM to detect and respond to advanced threats. However, we do recognize the need for a SIEM to meet log management and compliance requirements and as such we offer a free onsite Managed SIEM Service or a cost-effective cloud option to replace your SIEM – we call it ThinkGrid. Offered as an optional extra to Active Defense, LMNTRIX ThinkGrid is the fastest and most scalable analytics based SIEM on the planet. By allowing unlimited log collection without any additional vendor SIEM licensing fees, LMNTRIX ThinkGrid is ideal for large log management and compliance use cases. The free ThinkGrid Onsite can be deployed on Google Cloud, Azure, AWS, or in-house otherwsie you can cost-effectively subscribe to ThinkGrid Cloud.
Our use of machine learning algorithms means ThinkGrid Cloud gets smarter every minute while also eliminating the need for clients to come up with use cases, write rules or create thresholds. By analyzing your data in order to find discrepancies and unorthodox behavior, ThinkGrid Cloud is able to link these anomalies together, joining the dots and uncovering the truth behind advanced threat activity. Critically, in order to ensure accuracy, our algorithms are based on your data because the only way we can know what is “abnormal”, is to know what’s “normal” for your organization.
SecOps and threat hunting are team sports: ThinkGrid provides an interactive workspace for security teams to triage events and perform initial investigations. Monitor for threats, gather evidence on a timeline, pin and annotate relevant events, and forward potential incidents to ticketing and SOAR platforms.
Gain visibility into your environment: ThinkGrid allows you to view your data on interactive dashboards and maps. Perform graph-based relationship analysis. Search across information of all kinds. Do it all with the technology fast enough for the sharpest analysts.
Automate detection with ATT&CK-aligned rules: With ThinkGrid Cloud you can continuously guard your environment with correlation rules that detect tools, tactics, and procedures indicative of potential threats. Cut to what matters with preconfigured risk and severity scores. Content is aligned with the MITRE ATT&CK knowledge base and ready for immediate implementation.