Lastline Email Defender

DEFEAT ADVANCED THREATS TO YOUR EMAIL

Eliminate Advanced Threats Hiding in O365 Mail and Gmail Messages

Lastline® Email Defender™ is a complementary layer of defense to enhance your email security  controls. You can deploy it anywhere you want to improve your email security against advanced threats engineered to evade detection:

  • In the cloud to protect Office 365 mail and Gmail
  • In customer-managed email systems, whether on-premises or cloud systems

Lastline Email Defender works with your existing email system to protect your organization from email-based threats like ransomware, crypto-mining, credential stealing, social engineering, and spear-phishing.

Secure Any Email System

Lastline Email Defender gives you the ability to protect your email system, regardless if it is in the cloud or customer-managed.

Lastline Email Defender-Cloud for Office 365 mail and Gmail

Lastline Email Defender-Cloud provides unmatched threat protection for Office 365 mail and Gmail. It is an additional layer of defense against threats that bypass those applications’ limited security controls.

You can quickly secure your cloud email against advanced malware attacks, phishing, email compromise (BEC) and account take-overs (ATO). Lastline Email Defender-Cloud scans inbound, outbound, and internal emails looking for threats.

Lastline Email Defender for Customer-Managed Email Systems

Lastline Email Defender gives you the ability to augment your existing email security controls with a complementary layer of protection that detects the advanced malware other technologies miss, without adding significant cost or complexity.

Security controls such as Secure Email Gateways (SEGs) are effective for blocking some threats like spam but cannot combat advanced malware like keyloggers and ransomware. The evasion techniques that are commonplace in advanced malware easily fool even “Next-generation” technologies like sandboxes that supplement SEGs.

We designed the Lastline architecture to give you the maximum protection you want while offering the deployment flexibility and low TCO you need. Lastline Email Defender-Enterprise has three components to deploy:

  • Sensors scans traffic for indicators and anomalies that reveal malicious content and behavior. Sensors reside in your network and run on either off-the-shelf hardware or on virtual machines.
  • The Manager analyzes files sent by Sensors. The Manager will then send objects to Detection Engines for analysis if needed.
  • The Detection Engine performs analysis using Deep Content Inspection of suspect files. The Detection Engine sends the results of the analysis back to the Manager.

You can configure these components to complement your SEG and MTA (Mail Transport Agent) systems. You can choose between three deployment options to passively monitor or actively block malicious content.

Deploy Lastline Email Defender in different modes, on-prem or in the cloud, to meet your requirements.

Defeat Account Takeover

Lastline Email Defender delivers unmatched threat visibility and accurately detects ransomware, fileless malware, credential stealers, and other mail-based attacks. It enables you to understand the objective of the attack, as well as respond faster to the threat before a data breach occurs. Your IR team can respond to alerts with certainty, eliminating the need to investigate generic alerts for potential false positives.

Industry-Leading Detection

At the heart of Lastline Email Defender is Deep Content Inspection™, a unique isolation and inspection environment. Deep Content Inspection imitates a complete operating system and hardware environment, delivering unmatched visibility into the malware, all programs and services it invokes, all operating system functions, and all kernel activity. It analyzes every action, including all CPU instructions, memory locations accessed, devices used, and network connections.

Traditional sandboxes only have visibility down to the operating system level. They can inspect content and identify potentially malicious code, but they can’t interact with the malware like Email Defender can. As a result, they have significantly lower detection rates and higher false positives.

Deep Content Inspection Delivers Unmatched Visibility into Malware.

Option Description Detect or
Block?
In-line Deployment?
1 SMTP Monitoring Detect Only No
2A MTA Mode with Email Delivery Detect & Block Yes
2B MTA Mode without Email Delivery Detect Only No
3 BCC Mode Detect Only No
Breach Detection System, Network Threat Protection, Network Security

Global Threat Intelligence

Lastline Breach Defender™ also augments the data it collects by incorporating global context for malicious activity detected locally on your systems. This insight enables you to understand how activity on your network relates to activity detected across Lastline’s global customer base, including all other malware detected by Lastline customers that reference IOCs discovered in your network.

Prevent Business Email Compromise

Business Email Compromise (BEC) attacks often target cloud email systems like Office 365 mail and Gmail. They start with a spear-phishing attack or spoofed emails targeted at specific executives in order to commit fraud.

Difficult to Identify

These attacks evade detection from email security controls that rely on content scanning or signature-matching. The emails do not contain links to any fraudulent sites or have malicious attachments, which normally trigger alerts.

Instead BEC attackers use publicly available data from social and business media sites to identify reporting relationships as well as names and titles of coworkers, upcoming travel, and so forth. They’ll use this knowledge to create a realistic looking message from a trusted co-worker to initiate a fraudulent transaction, such as a wire transfer.

Experience Lastline’s Malware Detection Solution For Yourself