“I have no illusions of the future. Or maybe it’s all an illusion. I don’t know. I’ve always been ready for it.” — Gord Downie
When the Critical Path Security team set out to build Léargas, we knew it would be quite the undertaking. For some of us it was about unfinished business, for others it was an opportunity to solve interesting problems in novel ways, using a mix of open source platforms and custom development. It started as a desire to build a Next Generation Network Security Monitoring platform that performed analysis in multi-dimensional and multi-contextual methods, without the brutal licensing fees. It turned in to so much more!
Today, we’re thrilled to announce a list of brand new features available for our current and future customers.
North-South / East-West - Our clients can now add profile-based sensor and aggregation points anywhere they wish in their network. Léargas will do the rest. Léargas currently supports sensors in physical implementations, VM-based, and even Raspberry Pi 3 for those “hard to reach” places. Léargas performs significant local queuing to allow ICS and Dark Territory monitoring.
Enrichment - Léargas is primarily a Bro (Zeek) and Suricata based platform, but we felt the need to extend the platform with a vast array of enrichment options. We’ve partnered with RiskIQ and PREDICT, just to name a few. So there’s no need to leave Léargas to get the answers you need as a Managed SOC customer. Of course, we still collect and correlate Microsoft, Syslog, WatchGuard, AWS, and most endpoint log data. Send it to us and we bring it all back to you in Léargas.
File Integrity Monitoring - Léargas performs File Integrity Monitoring, out of the box, for all popular platforms.
Real-time Correlation with the “Dark Web” - Léargas not only adds real-time correlation of Pastebin and similar site traffic on the clear web, but Léargas also ingests Stronghold-based Paste sites in TOR. There’s no reason to wait for point-in-time results, we gather information within minutes and trigger an alert. As Léargas continues to ingest pastes .onion sites, they will be automatically added to the efforts. Léargas currently monitors several hundred locations in real-time.
Passive DNS Malware - We’re thrilled that Léargas now ingests and correlates matches to the PREDICT passive DNS project, originally created at Georgia Tech! Right down the street from our Atlanta office, automatically streamed straight to Léargas.
Malware Analysis - Leveraging the File Extraction capabilities of Bro (Zeek), Léargas now provides sandboxed, malware analysis on-the-fly with fully integrated, multi-node Cuckoo Sandbox. The best part is that your sensitive information never leaves your network. Léargas and Cuckoo can even provide a pcap of the network traffic for the incident response!
Alerting - Make it an action! Reduce the dwell time! Léargas currently supports alerting Email, JIRA, Slack, PagerDuty, and Twilio. Plus, we’re adding more with each version release!
Convergence
Bridging Physical Security and Information Security - Our Léargas platform team is always striving to find ways to converge Physical Security and Information Security team efforts and this release is a shining example of those efforts.
Twitter and Social Media Analysis - Léargas is performing near real time ingestion of tweets, blended with our new behavior modeling and geotagging. Our hope is these efforts will help teams prevent active shooter scenarios, as well as aid in “Kidnap and Ransom” cases, with the primary effort of saving lives.
WiFi Beacon Location - Léargas can now visualize beacon traffic from Wireless Access Points. Additionally, these efforts will help teams prevent active shooter scenarios by pinpointing where potential victims are located in the organization using signal strength, heat maps, and floor plans.
All research and developed tools regarding Social Media Analysis and WiFi Beacon Location are freely available to Law Enforcement.
Reach out! Schedule a demo! Learn how Léargas and Critical Path Security can help you!