LiveAction announced new long-term behavioral analytics capabilities in ThreatEye NV, its network detection and response platform (NDR). The platform combines next-generation data collection, advanced behavior analysis and streaming machine learning.
As malicious actors increasingly hide indicators of compromise within encrypted traffic, SecOps teams need real-time visibility into that traffic and must also detect anomalies that are chained together in attacks over days, weeks, or months.
ThreatEye NV helps organizations and their SecOps teams improve threat detection and prevent adversaries from executing successful disruptive and damaging cyberattacks. It delivers real-time threat and anomaly detection, helps eliminate encryption blindness and compliance, simplifies deployment from core to cloud to edge using SaaS, gives SOC teams a multi-stage analysis pipeline that accelerates investigation and response, and seamlessly integrates with existing security tools like SIEM, SOAR and Threat Intelligence.
ThreatEye NV’s long-term behavior analysis uses encrypted traffic analysis (ETA) with Deep Packet Dynamics (DPD) eliminating any need for payload inspection. It collects all relevant behavior data (based on more than 150 different packet traits) and uses streaming machine learning (ML) to baseline network activity over time. This allows SecOps to identify anomalies that emerge above typical thresholds and track broader attacks that could be in process.
The more data an organization collects, the more analysis can be done, but many organizations struggle with heavy data lake requirements and scalability challenges. ThreatEye NV eliminates this problem by combining its unique DPD technology for ETA with a SaaS-based platform approach, making long-term behavior analytics scalable and affordable.
“Today, most network traffic is encrypted, and we know that more than 90% of malware hides in this traffic. When that’s combined with the fact that attacks are often broken into various stages and hidden throughout a network over time, you have a recipe for a successful vulnerability,” said Dr. Andrew Fast, Chief Data Scientist at LiveAction. “Long-term behavioral analysis builds on the power of ETA to give SecOps teams the ability to surface these behaviors and mitigate those attacks. Whether its reconnaissance, lateral movement, data exfiltration or some other behavior, ThreatEye NV detects these adversarial tactics.”
New strategic investment by In-Q-Tel
In addition to the new long-term behavioral analysis capabilities, LiveAction is announcing a new strategic investment and technology development agreement with In-Q-Tel, the not-for-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies.
“We believe our partnership with In-Q-Tel further validates our groundbreaking approach to protecting organizations and agencies,” said LiveAction CEO, Steve Stuut. “Encrypted Traffic Analysis focuses on packet dynamics and combines machine learning with traditional traffic analysis techniques. This combination allows us to do analysis and provide security for encrypted connections without decryption. That means we can maintain privacy and still have security. We can have both at the same time. And that is a message we look forward to sharing with In-Q-Tel’s government partners.”
“We were impressed with LiveAction’s differentiated approach to Encrypted Traffic Analysis, combining traditional traffic analysis with cryptanalysis techniques and applying streaming machine learning to uncover malicious activity on the network. Their use of behavioral based analysis on encrypted network traffic eliminates the need for traffic decryption while still providing the visibility needed to secure enterprise networks, allowing for an improved security posture,” offered Bentz Tozer, Vice President, Cyber Practice at In-Q-Tel.