press release

Lastline Launches Industry-First Deep Kernel Malware Analysis

Lastline Launches Industry-First Deep Kernel Malware Analysis

Unmatched Visibility into Windows Kernel Rootkits Unveiled at SXSW Interactive

AUSTIN, Texas, March 17, 2015 – Lastline, a global breach detection provider, today unveiled a new analysis capability that provides unprecedented insights into a pernicious type of malware hidden in the kernel of Microsoft Windows operating systems. The behavior and actions of kernel-based malware is invisible to most traditional emulation and virtualized sandboxes. As part of its latest update to its software-based Breach Detection Platform, Lastline adds the industry’s first capability for automated and deep analysis of kernel behavior and rootkit detection. This deep kernel-based malware analysis capability adds to existing network-based detection of kernel components in the platform.

“Once injected into the kernel, malware enjoys higher privileges than even the system administrator and most security systems do, so it is protected from scrutiny and can execute malicious code and exfiltrate valuable data completely undetected,” said Christopher Kruegel, Chief Scientist at Lastline. “We are now able to provide unprecedented, in-depth analysis of activity of kernel-based malware, leveraging the full-system emulation capabilities of our Lastline Breach Detection Platform.”

New Lastline Labs analysis highlighted today in a SXSW Interactive presentation on advanced and evasive malwareindicates that many recently-discovered, sophisticated attacks (true Advanced Persistent Threats or APTs) against Windows users — including Equation, Regin, Dark Hotel and Turla/Uroburos — use at least one component executing in the kernel of the operating system.

“Network-based sandboxing is a proven technique for detecting malware and targeted attacks,” said Lawrence Orans, network security research vice president and Jeremy D’Hoinne, infrastructure protection research director at Gartner. “Network sandboxes monitor network traffic for suspicious objects and automatically submit them to the sandbox environment, where they are analyzed and assigned malware probability scores and severity ratings.”1

Lastline’s software-based, full-system emulation sandboxing defeats advanced persistent threats (APTs), including those driven by evasive malware that are crafted to bypass the traditional sandboxes deployed by first-generation APT security appliance vendors. The new rootkit detection capabilities in the 6.5 release of the platform offer deep analysis of kernel-based malware that is not visible to other sandboxes, including FireEye malware analysis technology. The Lastline Breach Detection Platform offers advanced malware protection for email, file, Web content and mobile applications.

Lastline 6.5 is priced per user per year and includes the ability to deploy an unlimited number of network locations and inspect any number of protocols. To learn more about Lastline, please visit:

1Gartner, “Market Guide for Network Sandboxing,” Lawrence Orans and Jeremy D’Hoinne, 2 March, 2015

About Lastline

Lastline is innovating the way companies detect active breaches caused by advanced persistent threats, targeted attacks and evasive malware with its software-based Breach Detection Platform. Lastline’s open architecture integrates advanced threat defenses and intelligence into existing operational workflows and security systems. Inspection of suspicious objects occurs at scale in real-time using a full-system emulation approach to sandboxing that is superior to virtual machine-based and OS emulation techniques. Lastline’s technology correlates network and object analysis to achieve timely breach confirmation and incident response. Lastline was built by Anubis and Wepawet researchers and industry veterans with decades of experience focused specifically on advanced breach weaponry and tactics.

Headquartered in Redwood City, California with offices throughout North America, Europe and Asia, Lastline’s platform is used by global managed security service providers, Global 2000 enterprises and leading security vendors worldwide. To learn more, visit


Jeannie Hornung