News & Events

Palo Alto Networks acquire LightCyber for $105m

  • 1 March, 2017

Industry News, Palo Alto Networks, Security

Yesterday it was announced that leading cyber security vendor Palo Alto Networks have completed their acquisition of automated behavioural analytics company LightCyber for $105m.

LightCyber has focused on developing technology which harnesses the power of machine learning in order to identify hacker behaviour and malware based attacks through identifying behavioural anomalies within deployed networks.

Palo Alto Networks have plans to integrate this technology into the Next Generation Security Platform towards the end of this calendar year. In the mean-time, existing LightCyber deployments will of course be supported.

Quotes from the CEOs

Palo Alto Networks has been driving a paradigm shift in the security industry with its natively engineered and highly automated Next-Generation Security Platform designed to change the equation in how organizations prevent cyber breaches. We are pleased to join the Palo Alto Networks team, combining our technology innovations and accelerating adoption of behavioral analytics to help organizations bolster their defenses against the advanced and sophisticated adversaries they are facing today.
Gonen Fink, CEO of LightCyber
The LightCyber team’s vision to bring automation and machine learning to bear in addressing the very difficult task of identifying otherwise undetected and often very sophisticated attacks inside the network is well-aligned with our platform approach. This technology will complement the existing automated threat prevention capabilities of our platform to help organizations not only improve but also scale their security protections to prevent cyber breaches.”
Mark McLaughlin, chairman and CEO of Palo Alto Networks

About LightCyber

LightCyber’s research has shown that around 99% of post-intrusion cyber attack activities didn’t actually employ malware and instead the hackers chose to use conventional networking and administration tools. The attackers likely favour this method in order to stay under the radar for as long as possible and avoid detection once they have achieved the initial breach.

LightCyber discovered this tendency for attackers to use common administrator and desktop tools for reconnaissance and lateral movement within a network, rather than what the malware you may expect them to be using.

Commonly used tools such as TeamViewer and WinVNC are regularly used by hackers to laterally traverse networks once they’ve gained initial access through spear-phishing or other hacking techniques. Attackers have also taken advantage of ordinary end-user programs such as browsers, FTP clients and native system tools for data exfiltration and command and control activities.

LightCyber’s study involved monitoring organisations ranging in size from 1,000 to 50,000 endpoints in a variety of industries over a period of 6 months.

Reconnaissance was the most commonly identified attacker activity during this study, followed by lateral movement and rounded off by command and control communication.

Another interesting point of note from the study was that more than 70% of the active malware used for the initial intrusion was detected only on a single site. This points towards the malware being polymorphic or of a customised/targeted type, designed specifically for that attack.


We’re looking forward to seeing how Palo Alto Networks integrates LightCyber’s technologies into their Next Generation Security Platform.

If you’d like to find out more about Palo Alto Networks or the Next Generation Security Platform and the technologies within, please get in touch with us and we’ll answer any questions you may have.