Lastline Network Defender

AI-Driven Network Security

Defeat Advanced Threats Operating in Your Network

Lastline® Network DefenderTM delivers unmatched AI-driven network security. It enables your understaffed security teams to stop the most advanced threats from operating within your network and causing business disruption.

Our AI learns from both network traffic analysis (NTA) and a deep understanding of malicious behaviors generated from our market-leading sandbox to eliminate false positives and deliver the highest fidelity insights possible into threats attempting to enter or operating within your network. This innovative approach provides the critical context that the other technologies lack.

The result is AI Done Right.

AI Done Right

Your existing security team and security controls are more effective on Day One with Lastline Network Defender. Its deterministic alerts deliver fewer false positives than other approaches and fewer generic alerts that require additional investigation. Your security team finally has the confidence and ability to respond immediately and even automate a large percent of your threat response protocols. This means better enterprise security requires far fewer resources.

Other AI Approaches Fall Short

Applying AI techniques to network traffic analysis (NTA) will find anomalous behavior within network traffic. However, because these other tools lack context it is difficult for them to understand if the anomaly is malicious or benign. As a result they offer low-fidelity, probabilistic alerts that requires hours of unnecessary and costly additional investigation.

AI-Driven Threat Detection

Lastline Network Defender applies AI to both North/South and East/West traffic, enabling it to deliver the highest fidelity insights possible into threats operating within your network. By analyzing both network traffic and payloads, Lastline Network Defender learns from both network traffic and malicious behaviors.

Advanced Network Analytics

Lastline Network Defender monitors your network activity, including low-level events and seemingly benign activity, to uncover all malicious events. It analyzes a range of traffic, including:

Reputation Information: Delivers fast classification of known bad and good domains, IPs and URLs
Protocol Anomalies: Identifies unusual protocols in your network, including:
  • DNS tunneling
  • DNS zone transfers
  • Suspicious HTTP headers
  • Suspicious TLS certificates
Traffic Anomalies: Discovers unusual traffic in your network, including:
  • Port scans
  • Brute force logins
  • DNS fast flux
  • Remote file execution
  • Web shell
  • Web proxy bypass
  • Bitcoin mining
Host Anomalies: Identify unusual behavior by your hosts
  • Upload/download volume
  • Port profile anomaly
  • Unusual geo destinations
  • Periodic check-ins
  • Lateral movement detect

Lastline Network Defender’s network analytics speed understanding of the scope of the threat by identifying compromised systems, communication between local and external systems, and data sets accessed or uploaded. It facilitates hunting of latent threats residing in your network, resulting from file downloads, website content, and email attachments.

Unmatched Awareness of Malicious Behaviors

Deep Content Inspection™, our network-based malware detection technology, detects malicious behaviors and content that other security controls fail to detect. Deep Content Inspection is the highest-rated malware detection on the market because of its ability to create an inventory of every malicious behavior engineered into the code. No other sandbox technology can deconstruct the malware as completely as Deep Content Inspection.

In addition, it detects the advanced malware engineered to evade sandboxes, NGFWs, and other “next-gen” tools. Sophisticated evasion techniques can easily fool technologies that rely on alternative methods to malware detection, like OS emulation and virtualization.

aware-250x250
designer hand working and smart phone and laptop on wooden desk in office with london city background

Global Threat Intelligence

Lastline Network Defender also augments the data it collects by incorporating global context for malicious activity detected locally on your network. The Lastline Global Threat Intelligence Network is a cloud-based global repository of network threats. The “network effect” of shared threat intelligence enables you to understand how activity on your network relates to activity detected around the world, as well as immediately instrumenting your network against emerging threats as soon as they are seen by any Lastline partner or customer.

Visualize the Entire Breach Chain

Lastline Network Defender generates a dynamic blueprint of an advanced threat as it moves laterally across your network, enabling your security team to quickly understand the scope of the attack. It provides complete visibility into the full scope of the threat, including:

  • North/South and East/West traffic
  • Extent and duration of every event
  • Attack stages
  • Compromised systems
  • Communication between local and external systems
  • Data sets accessed and harvested

It analyzes anomalous traffic and unknown objects in real time, not in minutes or hours, to provide you with the quickest time to notification and remediation.

Lastline’s AI-driven approach ties together both East/West and North/South traffic to identify relationships among seemingly unrelated aspects of the malicious activity, including anomalous behavior of systems, services, and applications, as well as additional IOCs not previously associated with the malware.

It categorizes and consolidates the network data and malicious behavior data to link disparate activity together, spotting elements of an advanced threat that you otherwise would have missed with limited security staffing and narrowly focused security controls.

Prioritize Incident Response

Your security team faces many challenges as it attempts to stop advanced threats such as cryptomining, unauthorized access, and data theft:
  • Alert fatigue from a deluge of false positives and generic alerts
  • Low-fidelity assessment of the scope of the threat
  • Time-consuming manual steps to investigate suspicious activity
  • Inability to “connect the dots” to identify attack campaigns

Lastline Network Defender generates the highest fidelity insights possible, giving your security team the accuracy it needs to automate aspects of your response protocols, such as automatic blocking of malicious activity. You can use Lastline Sensors to automatically defend your network from malicious activity, as well as share data with any third-party security controls to launch response workflows.

Integration with Existing Tools

Collect security data from your third-party products to supplement the data collected by Lastline Network Defender. You can either submit data using our diverse Technology Alliance Partners’ products, or quickly configure data sharing via our robust APIs. Our Technology Alliance Partners have built-in integrations and are ready for you to deploy.