The Lastline Advanced Malware Protection Platform provides the foundation for the Lastline products. The result of over a decade of research on advanced malware, this technology delivers the industry’s most effective solution for advanced malware detection.
These five components work together continuously to monitor your network, deliver detailed information about all of the Indicators of Compromise (IoCs) related to active threats and data breaches, and prioritize your incidence response.
Lastline Sensors continuously monitor activity across your network to gather information related to active threats. The Sensors extract suspicious objects from the wire across threat vectors such as the web, email, and file sharing. You can deploy Sensors as physical appliances on a span port or in-line on standard server hardware, or as virtual appliances (VMWare). When deployed in-line, your Sensors can automatically block malicious objects and network callbacks.
The Lastline Threat Protection Platform utilizes Deep Content Inspection™, a unique isolation and inspection environment, to analyze suspicious objects and detect the threats that other technologies miss.
Deep Content Inspection simulates an entire host (including the CPU, system memory, and all devices) to analyze malware. It interacts with the malware to observe all the actions a malicious object might take. The malware can’t execute a behavior that it can’t see. This method of analysis is superior to competing methods like OS emulation and virtualization because it provides greater visibility into behaviors, and resistance to detection.
Sandboxes only have visibility down to the operating system level. They can inspect content and identify potentially malicious code, but they can’t interact with the malware like the Detection Engine can. As a result, they have significantly lower detection rates and higher false positives, in addition to being easily identified by evasive malware.
Elastic analysis capabilities ensure the Lastline Threat Detection Platform can meet changes in volume without compromising the speed or integrity of its analysis. It analyzes suspicious traffic and objects in real time—not minutes or hours—providing the quickest time-to-notification and remediation. Once the Detection Engine analyzes the unknown object, it sends the behavioral profiles it generates to the Lastline Manager for incident-centric correlation and prioritization.
You can install the Lastline Detection Engine on standard server hardware in your data center, or Lastline can host it in the cloud, and it supports clustering to scale to process millions of suspicious artifacts.
The Lastline Manager gathers security events collected from Sensors and third-party tools, as well as the object analysis from Detection Engines. It correlates all event data and all related activity from across your network into a single security incident in the Lastline Portal.
The automatic correlation of the various elements of an incident gives you a comprehensive view of the entire attack chain. This incident-centric approach allows your security operations center (SOC) and incident response (IR) staff to quickly prioritize and respond to threats.
The Lastline Portal displays the analytics from the Manager. You can install Managers on standard server hardware in your data center or Lastline can host it in the cloud.
The Global Threat Intelligence Network automatically shares the malware characteristics, behaviors and associated IoCs of every malicious object curated and analyzed by Lastline with all Lastline customers and partners. You benefit by anonymously contributing local threat data and receiving actionable, global threat intelligence in return.
We quickly analyze all new objects and share the results of the analysis across our entire network. This allows for faster detection and analysis of previously unseen threats as well as reducing the time for you to respond to malicious activity.
The Threat Intelligence Network enables your security team to conduct detailed analysis of malicious code seen in the wild. Security professionals can analyze threats within the global threat context, including information about attack types, frequency, and alignment with any malware campaigns.
Lastline continuously updates the Network in real-time with intelligence from partner and customer environments around the world.
Lastline’s open architecture was designed to complement your legacy security investments and optimize existing Security Operation Center (SOC) and Incident Response (IR) workflows. Through our APIs, you can integrate data sharing bi-directionally with third-party products.
You can use your existing security infrastructure to send suspicious content to Lastline Enterprise to increase your visibility into malicious behavior in your network. You can also receive actionable threat intelligence from Lastline and update existing rules or create new workflows to block active threats in your existing security controls.
For example, you can use the threat intelligence to:
In addition to using the APIs to integrate your products with the Lastline Threat Protection Platform, you can also deploy products from our Technical Alliance Partners with built-in integration. Lastline has built an extensive partner network of leading security vendors whose built-in integration accelerates your ability to detect and respond to evasive malware.
With unmatched accuracy, protection at all malware entry points, and full visibility into malicious activity, Lastline is a compelling solution to defeat advanced malware.