The platform is newly integrated with Palo Alto's next-gen firewall as well as Check Point, RSA Arcsight, and FortKnox gear as well as Microsoft Active Directory to provide enforcement points to block discovered malicious activity and isolate affected machines. Such integration with this group of vendors, while not ubiquitous, will address such protection for a wide group of customers, Firstbrook says.
Automating the prioritization of what suspicious activity for human analysts to check out is valuable for stopping attacks early and reducing the damage attackers get away with, he says. "Home Depot and the New York Times attack both had alerts, but nobody followed up on them because there were too many alerts and no easy way to resolve them," he says. Detecting an attack sooner reduces the opportunity for theft and destruction.
Use of RPC to gather endpoint data has its pros and cons, he says. Remote solutions can only do a point-in-time snapshot and then compare snapshots whereas agents on each machine can record and playback all changes. The agent can also isolate affected machines and give security operations centers time to investigate without worrying about continuing damage. Agents can help with remediation by killing malicious processes and rolling back any changes attackers have made, Firstbrook says.
On the other hand RPC can provide quick, lightweight validation of suspected infection, he says.
Windows is the most attacked operating system, so using RPC will be widely effective, but he says Gartner is getting more and more requests from customers for similar visibility from this type of platform for Macs and Linux.
He notes that when laptops the most common device used as traditional desktops in enterprises go mobile, LightCyber offers them no protection.
The company has a healthy pedigree, including its two founders, Michael Mumcuoglu (CTO) and Giora Engel (Chief Product Officer), both of whom were officers in technological units of the Israeli Defense Force and have participated in startups before.
It has brought on Gonen Fink as CEO, one of the first five Check Point employees who rose to be chief architect. It has $12.5 million in funding from Battery Ventures and Glilot Capital Partners.
Magna Detector and Magna Probes are priced based on how many devices they profile, with the starting price at $30,000 to support 1,500 endpoints. Magna Cloud and Magna Pathfinder services have annual subscriptions based on how many hosts they scan.
Sign up for CIO Asia eNewsletters.