“Anti-virus and anti-malware applications are vital components of any cybersecurity strategy, but they are not a complete answer,” he says. “Anti-virus software works by building up massive databases of known malware and protecting against them— it cannot detect new threats, the so-called ‘zero-day attacks’.
“And what about targeted attacks, aimed at a specific company or even individual, which typically rely on sophisticated social engineering to gain network access? These types of attack target humans rather than operating systems, and they are on the rise. They are particularly associated with ransomware extortion—as we have seen, they can be extremely damaging in all sorts of ways.”
LucidView’s multifaceted solution, Wilson says, provides the missing part of the puzzle by deploying sophisticated behavioural analysis to detect hackers. Research shows that hackers typically spend an average of three months on a network. The process is so slow because the hacker’s No 1 priority is to fly beneath the radar while he or she spies out the lay of the land, and identifies vulnerabilities and the location of sensitive data.
One component of LucidView’s solution is a powerful Traffic-Flow Analyser, which provides total visibility of all internet traffic via a userfriendly interface.
Says Wilson: “Data logs are hard to interpret—LucidView does the analysis and presents the results via an interface that enables the CISO to hunt down intruders and tighten up network security all round. You need to be able to see the network properly to manage it effectively— hence the name of the company.”
The Traffic-Flow Analyser also provides an excellent audit trail, something that is becoming critical as the governance of technology and information becomes part of codes like the King Code and law.
Spotting dodgy behaviour
LucidView’s Intrusion Detection and Prevention System (IDPS) also plays an important role in providing protection against new vulnerabilities or targeted attacks. This is where the behaviour-based analysis referred to above occurs.
“Our powerful IDPS is a LucidView hallmark. It uses big-data analysis combined with sophisticated artificial intelligence to detect the type of connection that hackers would typically use to gain remote unauthorised access, and reports it in a way that allows the CISO to identify the vulnerability rapidly,” Wilson says.
“These untrustworthy command-and-control connections are automatically blocked by the IDPS, offering unprecedented protection against zero-day and targeted attacks.”
Wilson says that LucidView’s unique network-centric approach is also evident in a complementary offering, Saturation Manager, which is targeted at internet service providers and enterprise clients. Saturation Manager manages internet traffic to ensure that large consumers of bandwidth don’t cause bottlenecks during peak traffic times.
“Overall, our solutions aim to ensure that your internet links are optimal both in terms of how the traffic on them is shaped, and in terms of providing the visibility needed to identify and deal with intruders,” he concludes.
Another South African success story
LucidView is a South African company that has been in business for 16 years. For the first decade, its innovative approach to network security was primarily focused on the South African market. In the past five years or so, it has begun competing on international markets and has successfully amassed some 88 global clients.
Don’t become a statistic. Stop Hackers in their tracks before they attack.
(original article on ITWeb over here)