Previct™ Anti-Malware Gateway
When malware gets in…It won't call out.
Previct is a network-based appliance that acts as a malware "reverse firewall." Previct monitors outgoing network traffic, and identifies suspicious activity (e.g., such as requests to download malware, access to drive-by exploit sites, communication with command & control servers, and uploading stolen information to drop zones).
Previct Features:
- Alerts and Prevents communication between your computers and the malware infrastructure (the Malscape)
- Identifies infected hosts within your network
- Provides actionable intelligence about detected threats
How Previct Works
Deployed behind your network firewall, Previct can be configured as a passive monitor to identify malicious activity that has bypassed traditional defenses or as an inline component to actively disrupt communication between malware and its command and control infrastructure. Previct is your last line of defense against targeted attacks, advanced persistent threats (APTs), web-based drive-by download attacks, and other malicious activity.
To protect an enterprise network, a simple sensor (1) monitors the network traffic at the egress to the Internet. This sensor reviews the connections attempted by the enterprise’s internal hosts and compares them (2) to Lastline’s proprietary threat repository of known command and control and exploit sites. When the sensor detects a connection attempt to an exploit site (3) or a location known to be a command and control site (4), the connection is blocked (5) by issuing a command to the host to close the connection (optional). An alert is issued (6) to your team and also logged for review through a web interface.
Automated Reporting
Alerts are sent to support staff when malicious activity surpassing a selected threshold occurs. Also, management reports are automatically generated on a daily, weekly, or monthly frequency.