How LMNTRIX Does
People are the most important aspect of LMNTRIX. It’s a cliché in virtually all areas of business, but it’s true. In cyber defense one good analyst can do the job of 100 mediocre ones and so at LMNTRIX the quality of our intrusion analysts is vastly more important than analyst quantity.
Moreover, while analysts can be trained to use a tool in a rudimentary manner, they cannot be trained in the mind-set or critical thinking skills needed to master the tool. As such at LMNTRIX we exercise great care in hiring and retaining our intrusion analysts.
A typical intrusion analyst at LMNTRIX is skilled in software development, scripting, ethical hacking, forensics, incident response, malware & threat analysis, reverse engineering, threat intelligence, PCAP analysis, network security and possesses multiple GIAC certifications.
.01 Our team comes from diverse backgrounds, possesses deep experience in IT, offense & defense
.02 We look for out-of-the-box thinking like the adversary
.03 Our team understands our mission and our customers networks
.04 We look for people who can build trust, credibility, strong customer connections
While clearly defined processes are fundamental to achieving repeatable outcomes, at LMNTRIX we also understand that processes may need to be updated rapidly in response to new intelligence. Therefore, not only have we developed a catalogue of processes with enough depth to address the myriad potential incident and hunting scenarios (everything from data exfiltration and denial of service attacks to phishing and malware infections), but we also have robust change management mechanisms which enables us to rapidly adapt to advances in both attacker behavior and defensive strategies.
Additionally, we extend our processes with our clients through joint planning sessions. This collaborative approach allows us and the client to respond in a unified manner while also enabling a thorough assessment of any potential impact to the client’s organization.
Adaptive Threat Response Platform
Often times, the difference between preventing a cyber attack or suffering a crippling loss is simply knowing where to look for the signs of a compromise.
Even the most advanced attackers leave traces of their presence so an effective defense must not only be vigilant, but also ever-adaptive in response to changes in attacker tactics. A critical element in this age of constantly evolving threats is a detailed view of an organization’s entire potential attack surface. Log collection solutions are simply outgunned against today’s advanced threat actors as they either lack the data, or the ability to analyze their data in a manner that allows rapid attack detection.
As a result, the LMNTRIX Adaptive Threat Response (ATR) platform is a must-have validated technology stack that improves our visibility and can be consumed as a service using the LMNTRX Cloud or on premise.
Our platform is based on a number of detective, responsive and predictive capabilities that integrate and share information to build a security protection system that is more adaptive and intelligent overall than any one system.
It is this constant exchange of intelligence – both between various aspects of our Adaptive Threat Response platform and with the wider cyber security community – that enables the LMNTRIX platform stay ahead of even the most persistent, well-resourced and skilled attack groups.
The LMNTRIX Portal provides you with an overview of your entire network with the ability to cut through the static in order to respond to the highest priority threats via deep forensics and powerful collaboration tools.
The LMNTRIX Adaptive Threat Response platform aggregates threats from every one of the detective, responsive and predictive capabilities using standard protocols then it provides the required workflow to triage, investigate, escalate, and effectively remediate security incidents. The response procedure library is customized based on the threat category of each incident type. Additionally, the incidents are prioritized with business context so intrusion analysts investigate the incidents that pose the biggest risk to our clients.
After an incident has been positively categorized as a data breach, the LMNTRIX ATR platform enables our analysts to proactively manage the breach response process. Throughout this process, client incident and breach information is protected and shared only with the stakeholders that must know about it. Additionally, the LMNTRIX platform enables our team to assess the Confidentiality, Impact and Availability (CIA) of the breach which allows us to formulate client specific breach response plans. Each clients’ predetermined breach response procedures are catalogued in the response procedure library, allowing our analysts to respond rapidly when a breach is confirmed.
CDC Program Management
The LMNTRIX platform enables us to manage the overall effectiveness of our Cyber Defense Center (CDC) team from resources, scheduling, contacts, security controls efficacy and shift-handoff. With the use of the Program Management functionality we ensure that the overall CDC program is being managed as an effective, consistent and predictable process.
Multi-Threat Detection System
A proprietary virtual system powers our platform, delivering an integrated, multi-layered detect-in-depth capability which can be deployed on either dedicated or virtual servers. The MTD sensor connects with multiple clouds for updates, intelligence, policies, and cloud emulation and employs ten (10) threat detection modules.
Advanced Endpoint Threat Detection & Response
The LMNTRIX Advanced Endpoint Threat Detection and Response service uses a light weight sensor deployed on all your endpoints to capture detailed state information. Additionally, it is used by our Cyber Defense Center to continuously monitor all endpoint activity, conduct adversary hunting, validate breaches and detect encrypted attacks. Using a light weight sensor allows our intrusion analysts to delve deep into the inner workings of endpoints and expose anomalous behaviors.
Our techniques include live memory analysis, direct physical disk inspection, network traffic analysis, and endpoint state assessment. Our service doesn’t require signatures or rules. Instead, by leveraging unique endpoint behavioral monitoring and advanced machine learning, we dive deeper into endpoints which allows us to better analyze and identify zero-days and hidden threats that other endpoint security solutions miss entirely.
Armed with this information, our intrusion analysts instantly find similarly infected endpoints and quickly expand their visibility into the full scope of a compromise. Once an intrusion is confirmed, we disrupt malware-driven tactics, techniques and procedures (TTPs), and limit attacker lateral movement by quarantining and blocking the threat.
Hunting, Behavior Analytics and Forensics
Our platform delivers extensive visibility, high performance threat hunting and unrivalled incident response by augmenting our Hunt Team’s capabilities with Behavior and Analytics technology.
Our technology gives your network photographic memory. Full fidelity packet capture, which is optimized and stored for up to a year, means you will know with absolute certainty whether or not events have impacted your environment. Our platform is also able to detects threats in real time and automatically replay stored packets to discover previously unknown threats through the correlation of proprietary research intelligence, machine learning, flow-based traffic algorithms and multiple third party threat intelligence feeds.
Our platform deploys deceptions everywhere to divert attackers and change the asymmetry of cyber warfare by focusing on the weakest link in a targeted attack - the human team behind it. Targeted attacks are orchestrated by human teams, and humans are always vulnerable.
By weaving a deceptive layer over every endpoint, server and network component, an attacker is faced with a false world in which every bit of data cannot be trusted. If attackers are unable to collect reliable data, their ability to make decisions is negated and the attack is stopped in its tracks.
Not only does this technique waste hackers' time, but it also allows the quick identification of attackers with high assurance. This is due to the fact that legitimate users have no reason to access the fake systems, vulnerabilities and information, allowing security teams to rapidly respond and prevent attackers from causing damage.
PIE - Predictive Intelligence Exchange
We are all facing attacks, all the time. As a result, we have a lot of data – why not share it?
That is the idea behind PIE: Attackers are known to share methods and tactics so, in order to advance the state of threat intelligence, organizations must collaborate and correlate more of their data, more quickly.
Today PIE aggregates over 200 threat intelligence sources with the aim of aggregating thousands more in the future. The proprietary technology behind PIE allows us to deliver earlier detection and identification of adversaries in your organization’s network. This is achieved by making it possible to correlate tens of millions of threat indicators against real-time network logs. This approach means threats can be detected at every point throughout the attack lifecycle, enabling mitigation before your organization experiences any material damage.
Deep & Dark Web Intelligence
It’s not enough to know what's happening on the inside of your network, you need to have someone who has your back on the outside too. After all, when hackers steal data, it almost always finds its way to an online black market – the deep and dark web.
We shine a light on this back alley of the cyber world by using our intelligence, knowledge and proprietary techniques to your advantage. Whether an attacker has stolen your data and is looking to sell it online or if someone is planning to breach your organization and is seeking advice on how to do so, we can use the attacker’s platforms against them. Our proprietary reconnaissance technology detects these and other cyberthreats in the deep and dark web by aggregating unique cyber intelligence from multiple sources.
LMNTRIX ThinkGrid is not a SIEM, but it is the perfect replacement for a SIEM as it uses an open source search and analytics engine enabling scalability, reliance and extremely simple management. It offers a sophisticated, developer-friendly query language covering structured, unstructured, and time-series data. Our use of machine learning algorithms means our platform gets smarter every minute while also eliminating the need for clients to write rules or create thresholds. By analysing your data in order to find discrepancies and unorthodox behavior, our platform is able to link these anomalies together, joining the dots and uncovering the truth behind advanced threat activity. Critically, in order to ensure accuracy, our algorithms are based on your data because the only way we can know what is “abnormal”, is to know what’s “normal” for your organization.
Data Centers, Security & Certifications:
LMNTRIX Adaptive Threat Response platform is hosted on Amazon Web Services. However, our platform can also be deployed in-house if there are security compliance regulations or audit standards that preclude you from using cloud services.
With our future globalization plans we intend on geographical expansion of our platform across multiple AWS regions.
Amazon Web Services Cloud Compliance enables our customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud. As the LMNTRIX platform is built on top of AWS cloud infrastructure, compliance responsibilities are shared and, as such, we have further enhanced the existing AWS controls with additional preventive, detective, response and predictive capabilities.
For further information on how the LMNTRIX Adaptive Threat Response complies to any certifications/attestation, laws, regulations, privacy standards, alignments, or frameworks please contacts us for further details.
As a condition of employment all LMNTRIX staff must attain clearance from Australian History Check. A National Criminal History Check involves identifying and releasing any relevant Criminal History Information (CHI) subject to relevant spent convictions/non-disclosure legislation and/or information release policies.
LMNTRIX intrusion analysts hold individual certifications through the SANS-founded Global Information Assurance Certification (GIAC) program. Certifications held by LMNTRIX security analysts include:
- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Systems and Network Auditor (GSNA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Information Security Fundamentals (GISF)
- GIAC IT Security Audit Essentials (GSAE)
- GIAC Certified ISO-17799 Specialist (G7799)
- GIAC Security Leadership Certification (GSLC)
- GIAC Certified Security Consultant (GCSC)
Cyber Defence Centers:
At the core of our CDC is a strong foundation for operational excellence driven by well-designed and executed processes, strong governance, capable individuals and a constant drive for continuous improvement to stay ahead of the cyber adversaries.
24 x 7 Continuous Monitoring and Investigation
A global network of cyber defense centers with highly trained and certified intrusion analysts who provide constant vigilance and on-demand analysis of your networks.
Our intrusion analysts monitor your networks and endpoints 24x7, applying the latest intelligence and proprietary methodologies to look for signs of compromise. When a potential compromise is detected, the team performs an in-depth analysis on affected systems to confirm the breach.
High Touch Management and Incident Support
Each client is assigned a designated investigation manager. This highly-trained security analyst stays up-to-date with your unique environment and network goals, which allows them to provide incident management tailored to your specific needs.
Continuous Threat Hunting
The most advanced malicious activity will not be identified by traditional alerting mechanisms – this is where proactive hunting methods will uncover threats that standard perimeter defenses are blind to. All activities are documented and updated as malicious campaigns evolve.
Validated Breaches Not Alerts
Our intrusion analysts leverage deceptions and multi-threat network detection – together with endpoint and network forensics capabilities – on live systems to investigate, classify, and analyze risks in real time. Detailed reports on exactly what happened and recommendations on how to contain the threat are provided immediately.
When data theft or lateral movement is imminent, our endpoint containment feature makes immediate reaction possible by quarantining affected hosts, whether they are on or off your corporate network. This significantly reduces or eliminates the consequences of a breach.
Remote expert incident responders from our CDC – or onsite incident response from one of our local certified partners – can be engaged rapidly when needed to investigate breaches, re-secure your network, remediate technical damage and assess the potential business impact. This allows clients to make prompt and accurate disclosure where necessary.