Lastline Analyst™ provides your threat analysts and incident response teams with the advanced malware inspection and isolation environment they need to safely execute advanced malware samples and understand their behavior.
Your security team gets the benefit of the Lastline® team’s years of research on evasive malware. Lastline Analyst puts the combined expertise of our internationally recognized experts on advanced malware at your team’s fingertips.
Once your team submits an unknown file to Lastline, our Deep Content Inspection™ environment evaluates it for malicious content. Deep Content Inspection is designed to provide complete visibility into malware behavior while remaining hidden.
Sophisticated malware can determine whether it is on an actual user’s device or inside an environment like a sandbox or a virtual machine instance. Once it detects these environments it alters its behavior and avoids detection. Deep Content Inspection can remain hidden while determining which malicious objects are capable of evasion techniques and then provide the appropriate input to analyze the complete range of malicious behavior.
Sandboxes and VMs only have visibility down to the OS level and don’t provide complete malware inspection. They can inspect content and identify potentially malicious code, but they have lower detection rates and higher false positives because they can’t interact with the malware or detect evasion techniques.
The Deep Content Inspection detection algorithms are located outside of the operating system where other vendors’ detection reside. This malware inspection architecture enables us to see what other tools see and much more because we reside inside the hardware and not simply on the OS. The malware can’t execute a behavior that Lastline Analyst can’t see.
Lastline Analyst delivers a detailed, in-depth report of the analysis of malware. This report includes all artifacts and attributes discovered during the analysis, such as additional executables, IoCs, targeted services, and captured network traffic.
You can deploy Lastline Analyst on-premises or in the cloud. If your organization is subject to strict privacy policies, deploy Lastline Analyst on-premises and install it in your data center. Or, you can utilize a hosted deployment model and quickly deploy Analyst in Lastline’s cloud.