LightCyber Introduces Security Industry’s First Attack Detection Metrics

LightCyber Introduces Security Industry’s First Attack Detection Metrics
April 13, 2016 Hagar

LightCyber Introduces Security Industry’s First Attack Detection Metrics; Demonstrates New Level of Efficacy for Finding Attackers — Metrics Set New Standard for Assessing Accuracy and Efficiency of Security Offerings, Provide Objective Benchmark for Detecting Stealth Attackers Operating within Enterprise Networks

LOS ALTOS, Calif. and RAMAT GAN, Israel, April 13, 2016 — LightCyber, a leading provider of Behavioral Attack Detection solutions, today announced new Attack Detection Metrics — the first of their kind — to measure the Accuracy and Efficiency of security solutions in detecting stealth attackers that have circumvented conventional threat preventions systems. LightCyber simultaneously revealed its own Attack Detection Metric results, derived from actual customer deployment data, indicating that its Magna™ platform has achieved a level of efficacy two orders of magnitude better than incumbent solutions. By focusing scarce security personnel on the critical few security alerts related to active attackers while dramatically reducing false positives, security organizations can take immediate and decisive action to thwart attackers early in the attack lifecycle, reducing or eliminating damage before it is done.

A major factor in the industry’s inability to detect network intruders has been the failure of security solutions to distill many thousands of potential security events down into a manageable number of highly accurate, actionable alerts related to actual active attacks. Instead, security analysts are bombarded with a paralyzing flood of alarms, with an overwhelming majority being false positive alerts. According to a recent study by Ponemon Insitute1, two-thirds of security staff time is wasted due to the gross inaccuracy of malware alerting systems. The study shows that of 630 enterprises, the average number of reported alerts received per week was a shocking 16,937, and only about 4% of them could be investigated.

Gartner Vice President and Distinguished Analyst, Avivah Litan, wrote in the Market Guide for User and Entity Behavior Analytics published in September 2015, “Despite almost $80 billion spent globally on security, attackers are still getting through organizational defenses. In almost every publicized case of a breach or system intrusion, alerts and alarms did go off in the various monitoring systems, but were ignored since they were buried among tens or hundreds of thousands of alerts.” 2

The new Attack Detection Metrics help enterprises determine the value of a prospective security solution and its ability to focus a security team on critically important investigation and remediation activities. The two elements of the Attack Detection Metrics are:

• Efficiency — the total number of alerts — across any and all categories — a security system produces per 1,000 endpoints per day
• Accuracy — percentage of total alerts (i.e., users or devices flagged by the system) that are useful to a security analyst (i.e., investigated, resolved, or found valuable, rather than ignored, un-opened, or whitelisted)

Quarterly, LightCyber will self-report its own measured Attack Detection Metrics based on aggregated and anonymous metadata from customer production deployments. For the first quarter in 2016, LightCyber customers achieved a median Efficiency of 1.1 alerts per 1,000 endpoints per day. For example, a company with 5,000 endpoints would expect to receive a median of 5.5 total alerts per day from LightCyber Magna. As it relates to Accuracy metrics, Magna creates three categories of alerts: Confirmed, Suspicious and Unverified attacks. The median Accuracy reported for LightCyber customers is 62% percent useful alerts across all alert categories, as compared to 4% typically produced by other security products.1 The subset of alerts automatically categorized by Magna as “Confirmed” attacks achieved an accuracy of 99%.

“Mainstream enterprise security organizations are drowning in floods of daily alerts, resulting in complete paralysis and inability to focus critically scarce security resources on the important work of remediation,” said Jason Matlof, executive vice president, LightCyber. “Most reasonably sized security organizations have only the capacity to triage and research a handful of alerts per day, so attack detection systems must provide a manageable volume of accurate alerts so security teams can effectively contain cyber attacks before damage is done. These metrics will determine which solutions will drive true value for customers versus more of the same paralyzing analytics that have plagued the security industry for years.”


Attack Detection Metrics information page
Infographic: Noise is the Enemy of Security
SANS Product Review: Detecting a Targeted Breach With Ease

About LightCyber

LightCyber is a leading provider of Behavioral Attack Detection solutions that provide accurate and efficient security visibility into attacks that have slipped through the cracks of traditional security controls. The LightCyber Magna™ platform is the first security product to integrate user, network and endpoint context to provide security visibility into a range of attack activity. Founded in 2012 and led by world-class cyber security experts, the company’s products have been successfully deployed by top-tier customers around the world in industries including the financial, legal, telecom, government, media and technology sectors. For more information, please visit the company’s web site or follow us on Twitter, LinkedIn and Facebook.

1 “The Cost of Malware Containment,” Ponemon Institute LLC, January 2015

2 “Market Guide for User and Entity Behavior Analytics,” Gartner G00276088, September 22, 2015