Lastline Defender

AI-Powered Network Security

Detect and Contain Advanced Threats

Lastline DefenderTM, a Network Detection and Response (NDR) platform, detects and contains sophisticated threats before they disrupt your business. It delivers the cybersecurity industry’s highest fidelity insights into advanced threats entering or operating in your on-premises and cloud network, enabling your security team to respond faster and more effectively to threats.

The Defender Platform uses a combination of three complementary AI-powered technologies to detect the advanced threats that other tools miss and significantly reduce false positives:

  • Behavioral analysis to detect malicious content attempting to enter your network via web or email
  • Network Traffic Analysis (NTA) to detect lateral movement of evasive threats already inside your network
  • Intrusion Detection/Prevention (IDPS) to detect known threats

This unique combination enables deterministic detections and eliminates most false positives. You can respond faster and more effectively, with fewer resources.

Most AI-based network security products implement less accurate techniques. These probabilistic approaches lead to many false positives and hours of follow-up investigation.

Not All AI is the Same

Applying AI to network traffic will inevitably detect anomalous patterns of behavior, because that is what it’s designed to do. Unfortunately, it is virtually impossible for these other AI-based tools to understand if the detected anomaly is malicious or benign. After all, not all anomalous activity is malicious, and not all malicious activity is anomalous. Lastline is different.

We utilize AI that is automatically trained both on network traffic and malicious behaviors.

  • Lastline Defender applies unsupervised Machine Learning (ML) to your network traffic to detect protocol and traffic anomalies.
  • It applies supervised ML to automatically create classifiers that recognize malicious network behaviors and previously unknown malware

This unique combination enables deterministic detections and eliminates most false positives. This means faster, more effective enterprise security with fewer resources.

To learn more about how we use AI, download our white paper

The Lastline Defender platform provides a detailed understanding of a threat’s scope by identifying compromised systems, communication between local and external systems, and data sets that might have been accessed or uploaded. It facilitates hunting of latent threats resulting from file downloads, website content, and email attachments that are now hiding in your network.

AI-Powered Advanced
Network Traffic Analysis

Lastline Defender improves threat detection by using network traffic analysis to monitor your network activity, including low-level events and seemingly benign activity, to uncover all malicious incidents. It applies unsupervised ML to your network traffic to detect anomalous activity, including:

Protocol Anomalies: Identifies unusual protocols in your network, including:
  • DNS tunneling
  • DNS zone transfers
  • Suspicious HTTP headers
  • Suspicious TLS certificates
Traffic Anomalies: Discovers unusual traffic in your network, including:
  • Port scans
  • Brute force logins
  • DNS fast flux
  • Remote file execution
  • Web shell
  • Web proxy bypass
  • Bitcoin mining
Host Anomalies: Identifies unusual behavior by your hosts, including:
  • Upload/download volume
  • Port profile anomaly
  • Unusual geo destinations
  • Periodic check-ins
  • Lateral movement

The Lastline Defender platform’s network traffic analysis provides a detailed understanding of a threat’s scope by identifying compromised systems, communication between local and external systems, and data sets that might have been accessed or uploaded. It facilitates hunting of latent threats resulting from file downloads, website content, and email attachments that are now hiding in your network.

Complete Malicious
Behavior Detection

A key component in the Lastline Defender platform is Deep Content Inspection™, Lastline’s market-leading behavioral analysis technology. Deep Content Inspection imitates a complete operating system and hardware environment, delivering unmatched visibility into the malware, all programs and services it invokes, all operating system functions, CPU instructions, and all kernel activity.

Our patented technology deconstructs every malicious behavior engineered into an object entering via mail or web traffic, such as a file attachment or download. We see all instructions that a program executes, all memory content, and all operating system activity. This visibility enables us to inventory unique file behaviors that other tools fail to detect, such as activity observed when executing programs, opening documents, unpacking archives, and rendering web content.

Our superior visibility also makes it much more difficult for advanced threats to evade detection. Alternative methods, like OS emulation and virtualization, are fooled by sophisticated evasion techniques, and therefore miss many advanced attacks.


Global Threat Intelligence

The Lastline Global Threat Intelligence Network is the industry’s largest curated repository of tens of millions of malicious artifacts. It includes malicious code samples, malicious behaviors, domain names, and IP addresses collected by Lastline’s global customer and partner base. We continuously update our threat intelligence with new artifacts as new threats (and new relationships among existing threats) emerge.

In addition, our supervised ML learns from the millions of malicious samples in the Global Threat Intelligence Network and constructs models that continuously enhance our detection capabilities. We then automatically update the detection instrumentation of all Lastline customers and partners, arming you against the latest variations of advanced threats.

Been hacked lately?
Our AI-powered network security could have stopped it. Let us show you.

Visualize the Entire Breach Chain

The Lastline Defender platform generates a dynamic blueprint of an advanced threat as it moves laterally across your network, both on-premises and cloud infrastructure. This context enables your security team to quickly understand the scope of the network breach by providing complete visibility of all activity generated by an attack, including:

  • Traffic crossing your perimeter and moving laterally in your network
  • The extent and duration of every event
  • All attack stages
  • Compromised systems
  • Communication between local and external systems
  • Data sets accessed and harvested

It analyzes anomalous traffic and unknown objects in real time, not hours or days, to speed up notification of your security teams and their remediation efforts.

Lastline’s proven approach links the traffic crossing your perimeter and the traffic moving laterally in your network to identify relationships among seemingly unrelated malicious activities. This includes anomalous behavior of systems, services, and applications as well as additional IOCs not previously associated with the threat. This data consolidation helps you spot elements of an advanced threat that you otherwise would have missed and eliminates the endless isolated, generic alerts that require investigation.

Lastline Defender also gives you immediate visibility into malicious activity entering and operating within your AWS environment, including:

  • Inbound exploits of cloud workloads that target vulnerable applications and services
  • Malicious lateral traffic when an attacker scans for other workloads
  • Data exfiltration from anomalous data access

Faster Incident Response

Your security team faces many challenges as it attempts to stop lateral movement of advanced threats:

  • Alert fatigue from a deluge of false positives and generic alerts
  • Low-fidelity assessment of the scope of the threat
  • Time-consuming manual steps to investigate suspicious activity
  • Inability to “connect the dots” to identify attack campaigns

Lastline Defender generates the highest fidelity insights possible, giving your incident response team the accuracy it needs to automate aspects of your response protocols including the blocking of malicious activity.

Integration with Existing Tools

Lastline Defender has a modular, scalable architecture and offers a rich set of open APIs that facilitate an easy integration of the product into existing systems and workflows. Powerful, built-in integrations with products from our Technology Alliance Partner ecosystem (such as SIEMs, NGFWs, UTMS, and endpoint agents) complement the APIs.

You have the choice of using the built-in integration offered by our Technology Partners or you can use our robust APIs to optimize your current technologies, staff, and processes.

Rapid, Flexible Deployment

You have complete flexibility on how you deploy Lastline Defender in your environment. The only component you need to deploy on-premises are Lastline Sensors, as physical or virtual appliances.

  • Physical appliances: Choose between hardware you supply yourself or the Lastline Sensor Appliance
  • Virtual appliances run on VMware

The other management and analysis components can reside either in the cloud (your cloud, the Lastline cloud, or a service provider’s cloud) or on-premises. Deploy Lastline Sensors wherever you need unmatched visibility of advanced threats.

We’ve used AI
since 2011