What’s New in Lastline Enterprise Advanced Malware Detection and Management

What’s New in Lastline Enterprise Advanced Malware Detection and Management

At Lastline, we’re continuously strengthening and refining our advanced malware protection software and services that detect and block the advanced malware on the Web, in email and in mobile apps. As malware rapidly evolves, so do we.

In fact, using machine learning, we maintain an automated approach to advanced malware detection that flips the economics of malware on its head. Malware developers have to work much harder to catch up with our next-generation sandboxing technology, rather than the other way around.

Still, we’re working hard to stay ahead of advanced malware trends and techniques. Since 2011, we’ve analyzed billions of programs, documents, and URLs to identify and stop known and unknown threats. We’ve indexed billions of hashes, signatures and behavioral footprints of an exponentially growing class of advanced malware in our massive threat intelligence cloud.

When a Lastline virtual or bare-metal sensor detects suspicious or unrecognized code or network behavior, it cross-checks against these known threats. Then, if the threat status for a file is still unknown, it is sent to one of our next-generation sandboxes for high-resolution, dynamic analysis. Our scalable, elastic sandboxes emulate full computing systems, including CPU and memory, to remain invisible to evasive malware while having optimal visibility into malicious activity. And our dynamic analysis can literally speed up time to observe the behavior of malware that may loop or pause for hours or days to both evade and detect traditional sandboxing.

Given the rapid rise of advanced malware and adoption of first-generation sandboxing technology, our customers are drowning in security alerts — both false positives and true threats — so we offer prioritized event correlation with actionable intelligence to help besieged IT security teams separate the signals from the noise.

I’d like to highlight some key enhancements in Lastline Enterprise detection, analysis, notification and management since our last announcement:

  • Analysis engine enhancements: Includes an engine extension for extracting information from fake Android banking applications (APKs), support for extraction of full-process dumps in IDA-Pro compatible format for Windows PE analysis and now captures and analyzes files transferred by FTP.

  • In-depth malicious Java detection: Java applet analysis and reporting are new and improved.

  • Intelligent notifications: Users control which types of events trigger push notification, and whether they want emailed notification, CEF messages to SIEM systems and/or reputation information for network hosts to an HP Tipping Point SMS server. Event whitelisting is now available, so no alerts are triggered for IP ranges of open wireless networks or guest IPs, for example.

  • Incident response coordination: New workflow functionality has been added to our incident, event and analysis views that allows users to comment on individual detections on the network. This can be helpful for coordinating investigation and response to an incident, as well as providing feedback to Lastline about the accuracy of our detection.

  • Appliance status and metrics: Improved geolocation support for appliances using browsers’ geolocation APIs. New sensor status graphs include CPU and memory usage.

  • Improved analysis reports: Get greater visibility into keylogger behavior and representations of the relationships between analysis subjects as well as visited web pages. Reports load even faster.

  • Critical audit logging: A new audit log collects and displays security-relevant and other critical activities performed on the system.

  • Customization: Customers can add their own threat intelligence to our system, in case they know about threats that specifically target them.

Customers can get details about what’s new in each new version of Lastline Enterprise in the Release Notes pages at the top right of their management consoles.

Later this summer, we’ll be rolling out more improvements to our next-generation sandboxing technology, including dormant code analysis (inspecting suspicious code in memory that is not executed by the sandbox), a reputation system for Android APKs and new network anomaly detectors. We will also add enterprise features, such as active directory integration and improvements to our email solution.

Brian Laing

Brian Laing

For more than 20 years, Brian Laing has shared his strategic business vision and technical leadership with a range of start-ups and established companies in various executive level roles. The author of “APT for Dummies,” he was previously vice president of AhnLab, where he directed the US operations of the internationally known security and software leader. Brian previously founded Hive Media where he served as CEO. He co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, who released the industry’s first commercial IPS/FW testing tool.
Brian Laing