Stop Boiling the Ocean: Lastline Reduces Thousands of Alerts Down to a Handful of Real Intrusions
214 Petabytes of Data Processed
Many organizations have massive volumes of network traffic. Network traffic analysis attempts to make sense of all of this data, but the outcome often is little more than a massive volume of false positives and the resulting alert fatigue (read our recent white paper on this problem).
Below is a real example from one of our customers. In it, Lastline Defender, a Network Detection and Response (NDR) platform, analyzed 214 petabytes of data in just one month. This is A LOT OF DATA! It’s like processing the entire Library of Congress’s Digital Collection (currently over 7 petabytes) 30 times each month!
How are you ever going to find real threats in this avalanche of network traffic? Lastline’s NDR helps your SOC team to avoid boiling the ocean by reducing thousands of anomalies down to just a handful of real threats. Keep reading to learn the details on how we do this and why other solutions can’t.
Visibility You Can Act On Delivered by Lastline’s Network Detection and Response
522 Million Network Connections
With its focus on the network, Lastline’s NDR can easily see raw connections such as DNS, Web and Email. Our solution analyzed 522 million network connections in this customer’s network.
1,011 Interesting Events
Lastline’s NDR includes Intrusion Detection and Prevention Systems (IDPS), Network Traffic Analysis (NTA) and Artifact Analysis, all powered by Artificial Intelligence (AI), to analyze network activity. IDPS and Artifact Analysis detect threats entering the network and NTA detects anomalous activity and malicious behavior as it moves laterally across your network.
Using these three essential technologies, Lastline’s NDR discovered 1,011 interesting events, meaning that these are anomalies that are worthy of further analysis to determine if they are real threats.
This is where other products stop, delivering alerts for each anomaly. This limitation creates extra, unproductive work for SOC teams and causes real threats to go undetected since large numbers of false positives overwhelm the SOC with unnecessary incident investigations.
91 Security Events
Lastline does more than any other NDR vendor to validate alerts since it has Artifact Analysis. This is a technology that uses Machine Learning and Deep Learning to apply our understanding of malicious behaviors so that it can distinguish between benign and malicious anomalies. The result is that we’re able to reduce anomalies into security events, 91 in our customer example.
But we take it one step further. In the final stage of analysis, Lastline uses a correlation engine to identify events that are connected as part of a single intrusion. By pulling security events together, it can provide a complete picture of the threat instead of isolated alerts. For example, the software would understand that something was downloaded which, in turn, led to an infection, and then initiated a connection out to a botnet for command and control.
After correlation, the customer now sees only 4 intrusions that are highly likely to be real threats. Our prioritized event correlation includes context and actionable intelligence to help besieged SOC teams separate the signals from the noise.
Visibility You Can Act On
We refer to our unique ability to reduce petabytes of data into a small number of real intrusions as Visibility You Can Act On. To get these results, make sure your NDR solution can detect threats entering and operating within your network, reduce anomalies into security events and then correlate events to identify real threats.
Your SOC team shouldn’t have to boil the ocean to find threats.
Schedule Your Demo to see how Lastline’s NDR delivers Visibility You Can Act On with 1/250th the number of alerts that you can get with other solutions.