LECS is a plug&play appliance that performs the functions of NDR, Network Detection and Response, and IPS, Intrusion Prevention System, based on three different AI systems.
LECS is a plug&play system as it does not need to be configured to be installed, but, once connected to the network, it automatically recognizes the context and self-configures, integrating with the other digital security tools present and connecting in polling with 4C, Control Center CyberEvolution in Cloud, the LECS control center in the cloud, to perform various functions.
NDR solutions are designed to detect cyber threats on enterprise networks using AI and data analytics. These tools build behavioral models and continuously analyze north/south network traffic passing through the enterprise perimeter, as well as east/west lateral traffic, and then use these models to identify anomalous or suspicious traffic patterns. They also incorporate incident response capabilities, such as blocking suspicious traffic. This may include automatically updating firewall rules to block suspicious traffic or providing capabilities to aid in incident and threat/risk investigations.
IPS systems perform prevention activities on incoming traffic, blocking suspicious traffic, and also referring, in the LECS implementation, to the traffic models of the NDR.
Connected to the mirroring port of a switch or a network router (see example in the figure below), LECS analyzes all the traffic of the local network and the incoming and outgoing traffic on the Internet connections, and once an anomaly is detected, it classifies it and acts based on the degree of severity with a modulated response to the potential attack.
LECS is based on 3 AI engines that are the cornerstone of its entire operation: Specto, Raises and Tiresia. The three AI systems with their machine learning algorithms work synergistically and in parallel to protect an entire network segment, performing detection and classification of anomalies on network traffic, acting with targeted countermeasures and responses in cases of critical threats and performing an intelligent prediction that provides an update feedback based on the latest statistics detected.
The operating phases of a LECS are:
- CHECK & CONNECT LECS: after having positioned it on a mirroring port of a "strategic" switch of the network infrastructure, LECS self-configures (plag&play) and becomes a component, host, of the network, and begins its passive monitoring, which does not impact network performance;
- TRAP & DETECTION ANALYSIS: during the continuous and real-time monitoring of network traffic, LECS identifies and analyzes possible threats in real time, classifying them based on the severity of the possible impact;
- IMPACT ISOLATION RESPONSE: in case of detection of a high-impact threat, LECS intervenes by creating packets that mix with those of the identified malicious traffic and therefore blocking the threat at the protocol level; in extreme cases, LECS blocks the power supply of the switch to which it is connected;
- INSPECTION & RECOVERY NETWORK: following the above intervention, LECS LECS restores the network connection, checks for the presence of further threats and, thanks to the Tiresia algorithm, learns and parameterizes the threat data.
False positives and false negatives have always been a very serious problem for threat detection systems. Thanks to the internal detection systems that perform machine learning action, LECS carries out a strong Auto Reduction for both.
Current LECS products
For more information, for a live demonstration and for a quote please contact