Unveiling Magnifier Behavioral Analytics: Rapidly Hunt Down and Stop the Stealthiest Network Threats

Kasey Cross


This post is also available in: Deutsch (German) Español (Spanish)

At Palo Alto Networks, we constantly seek out new ways to achieve our mission to protect our way of life in the digital age by preventing successful cyberattacks. We analyze all the steps threat actors take to carry out their attacks and systematically add new protections to disrupt each step. By blocking threat actors’ every move, we limit the opportunity for any attack to succeed.

To bolster organizations’ ability to stop threats across the attack lifecycle, including hard-to-detect attacks inside the network, we’re pleased to introduce Magnifier behavioral analytics. Magnifier is a cloud-based application that analyzes data collected from the Next-Generation Security Platform, profiles the behavior of users and devices in the network, and detects behavioral anomalies that suggest an attack is underway.

But Magnifier doesn’t stop there. It also gathers high-value information from suspicious endpoints and delivers this information, along with user and device context, in actionable alerts. Based on the investigative detail in alerts, security analysts can quickly block attacks.

Magnifier offers several key features to help security teams find the attacks that matter, respond to threats quickly and overcome the challenges associated with logging enormous amounts of data. These key features include:

  • Automated Detection: Magnifier uses machine learning to analyze rich network, endpoint and cloud data from the Next-Generation Security Platform and profile behavior. Based on this information, Magnifier detects behavioral anomalies that indicate command and control, lateral movement and data exfiltration. Magnifier produces a small number of accurate alerts that reveal targeted attacks, insider abuse and malware running on endpoints.
  • Accelerated Response: Magnifier speeds up investigations by dynamically scanning attack sources to find running processes. Then, Magnifier examines suspicious processes with WildFire cloud-based threat analysis to uncover malware. Security analysts receive detailed user, device and endpoint process information in alerts, providing them the information they need to rapidly block threats with Palo Alto Networks Next-Generation Firewall.
  • Cloud Scale and Agility: As a cloud-based application, Magnifier overcomes the scaling challenges of on-premise analytics and allows Palo Alto Networks researchers to roll out security innovations faster. Magnifier analyzes data stored in our Logging Service, which provides an intelligent, operationally efficient and cost-effective way to store the large volumes of data needed for behavioral analytics. Magnifier also increases the speed of innovation by allowing researchers to rapidly roll out new detection algorithms to all customers at once without lengthy software update cycles causing delays.

Magnifier’s detection algorithms are not new; they are based on award-winning technology from LightCyber, a company Palo Alto Networks acquired in February 2017.

Now that LightCyber’s behavioral analytics technology is a part of the Next-Generation Security Platform, we can deliver even better security outcomes. By leveraging the power of the platform, we gain more data sources for attack detection – including unique User-ID, App-ID and Content-ID information – as well as industry-leading threat analysis from WildFire. Our customers can quickly shut down attacks with the next-generation firewall.

Magnifier

Magnifier analyzes metadata from next-generation firewalls and Magnifier Pathfinder endpoint analysis service to uncover active attacks.

Join us on our journey to transform how organizations combat post-intrusion attacks. Subscribe to the first application available on Palo Alto Networks Application Framework.

Availability
Magnifier is expected to become available in February 2018. Contact your Palo Alto Networks account team to find out if you qualify for a free trial of Magnifier, and gain unprecedented visibility into threats inside your network.

Learn more about Magnifier:

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42