Introducing Léargas

The Multi-directional & Contextual IDS and Breach Detection Platform

Intrusion Detection Systems at the border only tell a portion of the story. Traditional IDS appliances generally only see traffic flowing north to south and are unable to see the full picture. Critical Path Security is proud to present Léargas, a new breed of multi-directional IDS with the ability to see traffic moving North-to-South and East-to-West and glue this traffic together with a common identifier to create a complete view of your network traffic.

Léargas combines the signature-based detection capability found in traditional systems with full protocol, behavioral-based analysis, arming our managed security operations customers with the information they need to quickly weed out false positives and to identify and isolate real attacks. Additionally, it performs real-time file analysis revealing the true nature of files being transmitted over your network.  With "Shadow IT" being an established and growing threat against organizations, Léargas provides insight to actions taking place on endpoints, where an EDR agent hasn't been installed.

The ultimate goal of Léargas is revealing actionable intelligence that takes into consideration the true risk posed to the business and weights the alerts in that light. This task cannot be achieved by leveraging and applying “threat intelligence” feeds as the primary form of correlation. Instead, it requires developing context around the core assets, networks, and layers of security controls that comprise the network.

Finally, understanding that several breaches are occurring due to the weak security posture of a 3rd party vendor, Léargas continually ingests data from Paste sites, TOR, online forums, and other sources to alert a disclosure of sensitive information.


North-South / East-West - Our clients can now add profile-based sensor and aggregation points anywhere they wish in their network. Léargas will do the rest. Léargas currently supports sensors in physical implementations, VM-based, and even Raspberry Pi 3 for those “hard to reach” places. Léargas performs significant local queuing to allow ICS and Dark Territory monitoring.

Enrichment - Léargas is primarily a Bro (Zeek) and Suricata based platform, but we felt the need to extend the platform with a vast array of enrichment options. We’ve partnered with RiskIQ and PREDICT, just to name a few. So there’s no need to leave Léargas to get the answers you need as a Managed SOC customer. Of course, we still collect and correlate Microsoft, Syslog, WatchGuard, AWS, and most endpoint log data. Send it to us and we bring it all back to you in Léargas.

File Integrity Monitoring - Léargas performs File Integrity Monitoring, out of the box, for all popular platforms.

Real-time Correlation with the “Dark Web” - Léargas not only adds real-time correlation of Pastebin and similar site traffic on the clear web, but Léargas also ingests Stronghold-based Paste sites in TOR. There’s no reason to wait for point-in-time results, we gather information within minutes and trigger an alert. As Léargas continues to ingest pastes that contain .onion sites, they will be automatically added to the efforts. Léargas currently monitors several hundred locations in real-time.

Passive DNS Malware - We’re thrilled that Léargas now ingests and correlates matches to the PREDICT passive DNS project, originally created at Georgia Tech! Right down the street from our Atlanta office, automatically streamed straight to Léargas.

Malware Analysis - Leveraging the File Extraction capabilities of Bro (Zeek), Léargas now provides sandboxed, malware analysis on-the-fly with fully integrated, multi-node Cuckoo Sandbox. The best part is that your sensitive information never leaves your network. Léargas and Cuckoo can even provide a pcap of the network traffic for the incident response!

Alerting - Make it an action! Reduce the dwell time! Léargas currently supports alerting Email, JIRA, Slack, PagerDuty, and Twilio. Plus, we’re adding more with each version release!


Bridging Physical Security and Information Security - Our Léargas platform team is always striving to find ways to converge Physical Security and Information Security team efforts and this release is a shining example of those efforts.

Twitter and Social Media Analysis - Léargas is performing near real time ingestion of tweets, blended with our new behavior modeling and geotagging. Our hope is these efforts will help teams prevent active shooter scenarios, as well as aid in “Kidnap and Ransom” cases, with the primary effort of saving lives.

WiFi Beacon Location - Léargas can now visualize beacon traffic from Wireless Access Points.  Additionally, these efforts will help teams prevent active shooter scenarios by pinpointing where potential victims are located in the organization using signal strength, heat maps, and floor plans.

All research and developed tools regarding Social Media Analysis and WiFi Beacon Location are freely available to Law Enforcement.

Reach out!  Schedule a demo! Learn how Léargas and Critical Path Security can help you!

Ready to find out more?

Drop us a line today!