Lastline DefenderTM, a Network Detection and Response (NDR) platform, detects and contains sophisticated threats before they disrupt your business. It delivers the cybersecurity industry’s highest fidelity insights into advanced threats entering or operating in your on-premises and cloud network, enabling your security team to respond faster and more effectively to threats.
The Defender Platform uses a combination of three complementary techniques to detect the advanced threats that other tools miss and significantly reduce false positives:
This unique combination enables deterministic detections and eliminates most false positives. You can respond faster and more effectively, with fewer resources.
Most AI-based network security products implement less accurate techniques. These probabilistic approaches lead to many false positives and hours of follow-up investigation.
Applying AI to network traffic will inevitably detect anomalous patterns of behavior, because that is what it’s designed to do. Unfortunately, it is virtually impossible for these other AI-based tools to understand if the detected anomaly is malicious or benign. After all, not all anomalous activity is malicious, and not all malicious activity is anomalous. Lastline is different.
We utilize AI that is automatically trained both on network traffic and malicious behaviors. This unique combination enables deterministic detections and eliminates most false positives. This means faster, more effective enterprise security with fewer resources.
To learn more about how we use AI,
download our white paper
Lastline Defender improves threat detection by monitoring your network activity, including low-level events and seemingly benign activity, to uncover all malicious incidents. It applies unsupervised ML to your network traffic to detect anomalous activity, including:
The Lastline Defender platform’s network traffic analytics provides a detailed understanding of a threat’s scope by identifying compromised systems, communication between local and external systems, and data sets that might have been accessed or uploaded. It facilitates hunting of latent threats resulting from file downloads, website content, and email attachments that are now hiding in your network.
A key component in the Lastline Defender platform is Deep Content Inspection™, Lastline’s market-leading sandbox technology. Deep Content Inspection imitates a complete operating system and hardware environment, delivering unmatched visibility into the malware, all programs and services it invokes, all operating system functions, CPU instructions, and all kernel activity.
Our patented technology deconstructs every malicious behavior engineered into an object entering via mail or web traffic, such as a file attachment or download. We see all instructions that a program executes, all memory content, and all operating system activity. This visibility enables us to inventory unique file behaviors that other tools fail to detect, such as activity observed when executing programs, opening documents, unpacking archives, and rendering web content.
Our superior visibility also makes it much more difficult for advanced threats to evade detection. Alternative methods, like OS emulation and virtualization, are fooled by sophisticated evasion techniques, and therefore miss many advanced attacks.
The Lastline Global Threat Intelligence Network is the industry’s largest curated repository of tens of millions of malicious artifacts. It includes malicious code samples, malicious behaviors, domain names, and IP addresses collected by Lastline’s global customer and partner base. We continuously update it with new artifacts as new threats (and new relationships among existing threats) emerge.
In addition, our supervised ML learns from the millions of malicious samples in the Global Threat Intelligence Network and constructs models that continuously enhance our detection capabilities. We then automatically update the detection instrumentation of all Lastline customers and partners, arming you against the latest variations of advanced threats.
The Lastline Defender platform generates a dynamic blueprint of an advanced threat as it moves laterally across your network, both on-premises and cloud infrastructure. This context enables your security team to quickly understand the scope of the network breach by providing complete visibility of all activity generated by an attack, including:
It analyzes anomalous traffic and unknown objects in real time, not hours or days, to speed up notification of your security teams and their remediation efforts.
Lastline’s proven approach links the traffic crossing your perimeter and the traffic moving laterally in your network to identify relationships among seemingly unrelated malicious activities. This includes anomalous behavior of systems, services, and applications as well as additional IOCs not previously associated with the threat. This data consolidation helps you spot elements of an advanced threat that you otherwise would have missed and eliminates the endless isolated, generic alerts that require investigation.
Lastline Defender also gives you immediate visibility into malicious activity entering and operating within your AWS environment, including:
Your security team faces many challenges as it attempts to stop lateral movement of advanced threats:
Lastline Defender generates the highest fidelity insights possible, giving your incident response team the accuracy it needs to automate aspects of your response protocols including the blocking of malicious activity.
Lastline Defender has a modular, scalable architecture and offers a rich set of open APIs that facilitate an easy integration of the product into existing systems and workflows. Powerful, built-in integrations with products from our Technology Alliance Partner ecosystem (such as SIEMs, NGFWs, UTMS, and endpoint agents) complement the APIs.
You have the choice of using the built-in integration offered by our Technology Partners or you can use our robust APIs to optimize your current technologies, staff, and processes.
You have complete flexibility on how you deploy Lastline Defender in your environment. The only component you need to deploy on-premises are Lastline Sensors, as physical or virtual appliances.
The other management and analysis components can reside either in the cloud (your cloud, the Lastline cloud, or a service provider’s cloud) or on-premises. Deploy Lastline Sensors wherever you need unmatched visibility of advanced threats.