Lastline Defender

AI-Powered Network Security

Defeat Advanced Threats

Lastline DefenderTM gives you the network visibility and detection you need to contain attacks before they disrupt your business. It enables your under-resourced security teams to stop the most advanced threats from entering or operating within your entire network, including on-premises and cloud workloads.

Lastline Defender’s unique approach to analyzing both network activity and malicious behaviors significantly improves your cyber resilience and reduces your cyber risk. It helps you secure your enterprise across the entire attack chain:

  • Protects systems from inbound threats targeting regulated or confidential data
  • Prevents network breaches by blocking known and unknown attacks
  • Detects threats operating inside your environment
  • Drives automated incident response

To help you prevent advanced threats from operating in your network, Lastline Defender uses AI in a unique way. Lastline Defender learns from both Network Traffic Analysis (NTA) and malicious behaviors to eliminate false positives and deliver the highest fidelity insights possible into threats.  This innovative approach to network traffic analytics provides the critical context that other technologies lack.


Your existing security team and security controls are more effective on day one with Lastline Defender. Its deterministic alerts eliminate the false positives and generic alerts that other tools generate. With this smarter threat intelligence, your security team will finally have the confidence to automate many of your threat response workflows. This means better enterprise security with fewer resources.


Most AI-based network security products apply AI to network traffic only, without an understanding of malicious behaviors. This probabilistic approach leads to many false positives – after all, not all anomalies are the result of attacks. Applying AI techniques to network traffic will inevitably find anomalous patterns of behavior within the network traffic – that’s what AI is designed to do. It is virtually impossible for other AI-based tools to understand if the detected anomaly is malicious or benign. As a result, they offer low-fidelity, probabilistic alerts that require hours of investigation and slow down incident response.

Been hacked lately?
Our AI-powered network security could have stopped it. Let us show you.

AI-Powered Threat Detection

Lastline Defender is a unique approach to identifying network breaches. We use a combination of three complementary techniques to deliver superior AI-powered network security:

  • First, we leverage our Global Threat Intelligence Network to scan traffic metadata and payloads for variants of known threats
  • Second, we apply unsupervised AI to your network traffic to detect protocol and traffic anomalies
  • Third, we use supervised AI to automatically create classifiers that recognize malicious network behaviors and previously unknown malware

Other AI-based network security products rely on less accurate techniques. These probabilistic approaches lead to many false positives requiring additional investigation by your security team.

Lastline Defender is different. It leverages AI that is automatically trained both on network traffic and malicious behaviors. This unique combination enables deterministic detections and eliminates false positives.

Advanced Network Traffic Analytics

Lastline Defender improves threat detection by monitoring your network activity, including low-level events and seemingly benign activity, to uncover all malicious incidents. It analyzes a range of traffic, including:

Reputation Information: Delivers fast classification of known bad and good domains, IPs and URLs
Protocol Anomalies: Identifies unusual protocols in your network, including:
  • DNS tunneling
  • DNS zone transfers
  • Suspicious HTTP headers
  • Suspicious TLS certificates
Traffic Anomalies: Discovers unusual traffic in your network, including:
  • Port scans
  • Brute force logins
  • DNS fast flux
  • Remote file execution
  • Web shell
  • Web proxy bypass
  • Bitcoin mining
Host Anomalies: Identifies unusual behavior by your hosts, including:
  • Upload/download volume
  • Port profile anomaly
  • Unusual geo destinations
  • Periodic check-ins
  • Lateral movement

Lastline Defender’s network traffic analytics provides a detailed understanding of a threat’s scope by identifying compromised systems, communication between local and external systems, and data sets that might have been accessed or uploaded. It facilitates hunting of latent threats resulting from file downloads, website content, and email attachments that are now hiding in your network.

Lastline Defender also gives you immediate visibility into malicious activity entering and operating within your AWS environment, including:

  • Inbound exploits of cloud workloads that target vulnerable applications and services
  • Malicious lateral traffic when an attacker scans for other workloads
  • Data exfiltration from anomalous data access

Unmatched Network
Breach Awareness

Lastline Defender also gives you unmatched visibility into threats attempting to enter your network by incorporating our industry-leading, patented sandbox technology. It deconstructs every malicious behavior engineered into an object entering via mail or web traffic, such as a file attachment or download. It sees all instructions that a program executes, all memory content, and all operating system activity.

This visibility into a network breach enables your security team to see a complete inventory of unique file behaviors that other tools fail to detect, such as activity observed when executing programs, opening documents, unpacking archives, and rendering web content.

Lastline Defender’s superior visibility also makes the analysis much harder to evade. It detects advanced malware that’s engineered to evade sandboxes, next-generation firewalls, and other next-gen tools.


Global Threat Intelligence

The Lastline® Global Threat Intelligence Network, is a repository of tens of millions of indicators of compromise and historic threat data for files, domain names, and IP addresses. It is continuously updated with new threat artifacts and the latest intelligence communicated to partners and customers as new threats (and new relationships among existing threats) emerge.

As a result, all Lastline customers and partners are immediately instrumented to detect any malicious object used to attack another member of our community. This “network effect” significantly increases your detection accuracy and reduces the need for you to conduct your own threat research before responding.

Visualize the Entire Breach Chain

Lastline Defender generates a dynamic blueprint of an advanced threat as it moves laterally across your network, both on-premises and cloud infrastructure. This context enables your security team to quickly understand the scope of the network breach by providing complete visibility of all activity generated by an attack, including:

  • Traffic crossing your perimeter and moving laterally in your network
  • Extent and duration of every event
  • Attack stages
  • Compromised systems
  • Communication between local and external systems
  • Data sets accessed and harvested

It analyzes anomalous traffic and unknown objects in real time, not hours or days, to speed up notification of your security teams and their remediation efforts.

Lastline’s proven approach links the traffic crossing your perimeter and the traffic moving laterally in your network to identify relationships among seemingly unrelated malicious activities. This includes anomalous behavior of systems, services, and applications as well as additional IOCs not previously associated with the threat. This data consolidation helps you spot elements of an advanced threat that you otherwise would have missed and eliminates the endless isolated, generic alerts that require investigation.

Faster Incident Response

Your security team faces many challenges as it attempts to stop lateral movement of advanced threats:

  • Alert fatigue from a deluge of false positives and generic alerts
  • Low-fidelity assessment of the scope of the threat
  • Time-consuming manual steps to investigate suspicious activity
  • Inability to “connect the dots” to identify attack campaigns

Lastline Defender generates the highest fidelity insights possible, giving your incident response team the accuracy it needs to automate aspects of your response protocols including the blocking of malicious activity.

Integration with Existing Tools

Lastline Defender has a modular, scalable architecture and offers a rich set of open APIs that facilitate an easy integration of the product into existing systems and workflows. Powerful, built-in integrations with products from our Technology Alliance Partner ecosystem (such as SIEMs, NGFWs, UTMS, and endpoint agents) complement the APIs.

You have the choice of using the built-in integration offered by our Technology Partners or you can use our robust APIs to optimize your current technologies, staff, and processes.

Rapid, Flexible Deployment

You have complete flexibility on how you deploy Lastline Defender in your environment. The only component you need to deploy on-premises are Lastline Sensors, as physical or virtual appliances.

  • Physical appliances: Choose between hardware you supply yourself or the Lastline Sensor Appliance
  • Virtual appliances run on VMware

The other management and analysis components can reside either in the cloud (your cloud, the Lastline cloud, or a service provider’s cloud) or on-premises. Deploy Lastline Sensors wherever you need unmatched visibility of advanced threats.

We’ve used AI
since 2011