An organization using AlienVault missed a critical correlation of “indicators of compromise” resulting in a months long breach. Léargas automatically correlated the atomic indicators and the breach was quickly resolved.
Introducing Léargas, the first Converged Threat Detection Platform
North-South / East-West
Our clients can now add profile-based sensor and aggregation points anywhere they wish in their network. Léargas will do the rest. Léargas currently supports sensors in physical implementations, VM-based, and even Raspberry Pi 3 for those “hard to reach” places. Léargas performs significant local queuing to allow ICS and Dark Territory monitoring.
Leveraging the File Extraction capabilities of Bro (Zeek), Léargas now provides sandboxed, malware analysis on-the-fly with fully integrated, multi-node Cuckoo Sandbox. The best part is that your sensitive information never leaves your network. Léargas and Cuckoo can even provide a pcap of the network traffic for the incident response!
Real-time Correlation with the “Dark Web”
Léargas not only adds real-time correlation of Pastebin and similar site traffic on the clear web, but Léargas also ingests Stronghold-based Paste sites in TOR. There’s no reason to wait for point-in-time results, we gather information within minutes and trigger an alert. As Léargas continues to ingest pastes that contain .onion sites, they will be automatically added to the efforts. Léargas currently monitors several hundred locations in real-time.
Léargas is primarily a Bro (Zeek) and Suricata based platform, but we felt the need to extend the platform with a vast array of enrichment options. We’ve partnered with RiskIQ and PREDICT, just to name a few. So there’s no need to leave Léargas to get the answers you need as a Managed SOC customer. Of course, we still collect and correlate Microsoft, Syslog, WatchGuard, AWS, and most endpoint log data. Send it to us and we bring it all back to you in Léargas.
Passive DNS Malware
Léargas ingests and correlates matches to the PREDICT passive DNS project, originally created at Georgia Tech! Right down the street from our Atlanta office, automatically streamed straight to Léargas.
Make it an action! Reduce the dwell time! Léargas currently supports alerting Email, JIRA, Slack, PagerDuty, and Twilio. Plus, we’re adding more with each version release!
Bridging Physical Security and Information Security - The Léargas platform team is always striving to find ways to converge Physical Security and Information Security team efforts and this release is a shining example of those efforts.
Twitter and Social Media Analysis - Léargas is performing near real time ingestion of tweets, blended with our new behavior modeling and geotagging. Our hope is these efforts will help teams prevent active shooter scenarios, as well as aid in “Kidnap and Ransom” cases, with the primary effort of saving lives.
WiFi Beacon Location - Léargas can now visualize beacon traffic from Wireless Access Points. Additionally, these efforts will help teams prevent active shooter scenarios by pinpointing where potential victims are located in the organization using signal strength, heat maps, and floor plans.
All research and developed tools regarding Social Media Analysis and WiFi Beacon Location are freely available to Law Enforcement.
Reach out and schedule a demo! Learn how Léargas can help you!