Lastline Defender
Network Detection and
Response Platform
Detect and Automatically Respond to Advanced Threats
Lastline DefenderTM, a Network Detection and Response (NDR) platform, detects and contains sophisticated threats before they disrupt your business.
Our network security software delivers the cybersecurity industry’s highest fidelity insights into advanced threats entering or operating in your on-premises and cloud network, enabling your security team to respond faster and more effectively to threats. (Download the datasheet.)
Collect
See Threats Everywhere
Lastline’s agentless architecture relies on lightweight Sensors to provide comprehensive visibility into traffic that crosses your network perimeter (“north/south”) and moves laterally inside your perimeter (“east/west”).
You can deploy Sensors in both your on-premises network and cloud environments to protect your entire network
Analyze
Powered by AI
The Defender Platform combines four complementary AI-powered technologies to detect the advanced threats that other network security tools miss:
Network Traffic Analysis (NTA)
Detects anomalous
activity and malicious
behavior as it moves
laterally across your
network
Intrusion Detection and Prevention (IDPS)
Detects and prevents
known threats entering
your network
File
Analysis
Detects malicious content
attempting to enter your
network via the web,
email, or file transfers
Global Threat Intelligence
Updates Lastline
Defender’s detection and
analysis capabilities in real
time
Network Traffic Analysis
Lastline Defender uses AI-powered (see sidebar) network traffic analysis (NTA) to analyze your network traffic and uncover anomalous activity caused by an active threat in your network, including:
- Protocol Anomalies: Identifies unusual protocols in your network
- Traffic Anomalies: Discovers unusual activity in your network
- Host Anomalies: Detects unusual behavior by computers and other systems on your network
Lastline’s NTA is automatically trained both on network traffic and malicious behaviors to minimize the false positives that other network traffic analysis tools generate.
IDPS
Lastline Defender incorporates Intrusion Detection and Prevention System (IDPS) technology, continuously updated by AI, to detect known threats entering your network. We apply AI to the latest malicious activity detected anywhere in our Global Threat Intelligence Network to create new signatures and IOCs automatically.
Solution Guide
To learn more, download our IDPS Solution Guide.
File Analysis: Malicious Behavior Detection
Lastline Defender applies File Analysis, Lastline’s patented, market-leading behavioral analysis technology, to malicious content entering your network via web, email, or file transfers.
Our AI-powered (see sidebar) analysis environment interacts with the malware to elicit every behavior engineered into malicious code. Lastline Defender uses this unmatched visibility to create a complete inventory of file behaviors that other tools fail to detect.
Global Threat Intelligence
The Lastline Global Threat Intelligence Network is the industry’s largest curated repository of malicious artifacts, continuously updated with new artifacts as new threats (and new relationships among existing threats) emerge across our global customer and partner base.
Our AI uses this threat intelligence data to construct new detection models. We then automatically update all Lastline customers and partners, arming you against the latest variations of evasive threats.
Not All AI is the Same
Using AI for network traffic analysis will inevitably detect anomalies, because that is what AI does. Unfortunately, it is virtually impossible for other AI-based tools to understand if the detected anomaly is malicious or benign. After all, not all anomalous activity is malicious.
Lastline is different. We eliminate most false positives because our AI is trained both on network traffic and malicious behaviors, and we apply both unsupervised and supervised ML:
- Unsupervised ML to network traffic to detect protocol and traffic anomalies
- Supervised ML to automatically create classifiers that recognize malicious network behaviors and previously unknown malware
Learn more about how Lastline’s AI-powered network security delivers the most accurate insights.
Caption: Lastline creates an inventory of every malicious behavior engineered into a file.
Respond
Automate Remediation
Visualize the Entire Attack
Lastline Defender automatically creates attack visualizations that give your SOC the context it needs to quickly understand the scope of an attack and prioritize response, including:
- The extent and duration of every event
- Active threats and affected hosts
- Communication between local and external systems
- Data sets accessed and harvested
Active Threats and Attack Stages
Summary of malicious activity in your network showing affected hosts and stages of the active threats.
Intrusion Blueprint
A dynamic blueprint shows how an attack enters and moves laterally across your on-premises and cloud networks, including compromised hosts and external communications.
Attack Timeline
Detailed chronology of each stage of an attack in your network
Faster Incident Response
Your security team faces many challenges as it attempts to stop lateral movement of advanced threats:
- Alert fatigue from a deluge of false positives and generic alerts
- Low-fidelity assessment of the scope of the threat
- Time-consuming manual steps to investigate suspicious activity
- Inability to “connect the dots” to identify attack campaigns
Lastline Defender reduces massive amounts of network data down to a just a handful of intrusions so thatyour analysts can spend their time solving real incidents and protecting your organization, not chasing false positives.
Integration with Existing Tools
Lastline Defender gives your incident response team the accuracy it needs to automate response protocols including the blocking of malicious activity.
- Powerful, built-in integrations with products from our Technology Alliance Partner ecosystem (such as SIEMs, NGFWs, UTMS, and endpoint agents) utilize Lastline Defender’s high-fidelity alerts
- A rich set of open APIs facilitate an fastintegration withlegacy systems and workflows