Lastline’s Network Detection and Response – You Can’t See Without It

Lastline’s Network Detection and Response – You Can’t See Without It

Network Detection & Response

According to the Ponemon’s 2019 Cost of a Data Breach Report, the time between when a data breach incident occurs and when the breach is finally contained (also known as the breach lifecycle) grew noticeably between 2018 and 2019. The average time to identify a breach in 2019 was 206 days and the average time to contain a breach was 73 days, for a total of 279 days. This represents a 4.9 percent increase over the 2018 breach lifecycle of 266 days.

Limited visibility into voluminous network traffic is a large contributing factor as to why it takes so long to detect and contain a breach.  Simply put, you can’t protect what you can’t see.  Evasive threats or even a chain of misconfigurations enables one to easily bypass security controls and, once inside, attackers know how to hide their activities on your network.  This helps to explain why so many Lastline customers have turned to our Network Detection and Response (NDR) platform, Lastline Defender, to provide the needed visibility into their networks enabling the detection and containment of threats before they disrupt their business.

Let in the Light!

Lastline Defender shines the light on anomalous activities within networks, illuminating threats you were previously blind to versus being thrown into the darkness of false positives streaming into your SOC.

See What Intruders are Doing

Lastline Defender is constantly sensing  your network traffic to identify anomalies and malicious behavior such as:

  1. Threats hiding in your internal network
    • Once threat actors gain a foothold within your network, how are you getting visibility into how they are moving laterally? Are you just looking at lateral traffic or are you correlating with just ingress/egress traffic?
  2. Threats hiding in encrypted network traffic
    • Are you utilizing encrypted traffic analytics, which doesn’t require bulk decryption, to discern normal versus anomalous and malicious encrypted traffic?
  3. Lateral movement within your on-premises and cloud networks
    • How are you collecting and analyzing both on-premises and cloud network traffic as one cohesive threat detection solution?
  4. Ransomware and other persistent threats infiltrating and spreading through the network
    • Can you analyze files to determine maliciousness, anomalous file transfers, unusual traffic patterns, malicious RDP  and other clues that signal ransomware spread or other persistent threats?
  5. Adversary enumeration techniques
    • Do you have visibility into discovery techniques such as account, domain trust, network and password discovery that an adversary uses to gain visibility of your networks?
  6. Adversary evasion techniques
    • Adversaries want to evade, hide and cover their tracks, however, the network is the source of truth. Do you have the ability to see evasive DNS tunneling techniques, beaconing or protocol evasion techniques?
  7. Adversary communications
    • Do you have the ability to detect and respond to custom command and control communications, detect malicious domain generation algorithms or custom cryptographic protocols used to hide communications?
  8. Privilege escalation
    • Can you see the techniques that adversaries use to gain higher-level permissions on your network like exploits for privilege escalation?
  9. Data harvesting and exfiltration
    • Can you see and detect data leaving your network via command and control or alternate channels used by intruders?

See Real Threats

Start seeing real threats and stop the avalanche of false positives. Lastline Defender uses unsupervised machine learning (ML) to figure out what is normal, and what’s anomalous. But simply identifying something as anomalous does not mean it’s malicious. Lastline Defender can also understand what malicious behavior looks like using supervised ML to distinguish between benign and malicious anomalies. This dramatically minimizes false positives and improves the detection of high-risk activity.

See Missed Threats

Lastline Defender is integrated with Kibana enabling threat hunters to reduce the risk of intrusions. Using Kibana, security analysts can proactively and iteratively hunt through all network data for IoCs. Lastline Defender also has extensive integration with MITRE ATT&CK tactics and techniques which provides valuable insight into the stages of intrusions to further speed threat detection and response.

Learn More

We’d like to show you why you can’t see without Lastline Defender.  Be sure to check out our demos that showcase Lastline Defender with Kibana and Lastline Defender with MITRE ATT&CK. 

Chad Skipper

Chad Skipper

Chad serves as a security technologist, marketing, and sales executive focusing on a broad section of the Information Security space. He provides strategic thought leadership, vision, and execution guidance in the advancements of security technologies that proactively protect organizations’people, processes, and assets. Chad is a seasoned public speaker and is co-author of “Next-Generation Anti-Malware Testing for Dummies."
Chad Skipper