Want to see
us in action?


Lastline Defender

AI-Powered Network Security

Defeat Advanced Threats

Lastline DefenderTM delivers unmatched AI-powered network security. It enables your under-resourced security teams to respond faster and stop the most advanced threats from entering or operating within your network and causing business disruption.

Lastline Defender’s unique approach to applying AI to network security significantly improves your cyber resilience and reduces your cyber risk. It secures your enterprise across the entire attack chain: it protects network and systems from inbound threats by blocking known and unknown attacks, it detects threats operating inside your environment, and it drives automated response.

Our AI learns from both Network Traffic Analysis (NTA) and malicious behaviors to eliminate false positives and deliver the highest fidelity insights possible into threats entering or operating within your network, including compromised personal devices and rogue IoT devices. This innovative approach to network security provides the critical context that other technologies lack.

The result is “AI Done Right.”


Your existing security team and security controls are more effective on day one with Lastline Defender. Its deterministic alerts eliminate false positives than other approaches and fewer generic alerts that require additional investigation. Your security team will finally have the confidence to automate many of your threat response workflows. This means better enterprise security with fewer resources.


Most AI-based network security products apply AI to network traffic only, without an understanding of malicious behaviors. This probabilistic approach leads to many false positives – after all, not all anomalies are the result of attacks. Applying AI techniques to network traffic will inevitably find anomalous patterns of behavior within the network traffic–that’s what AI is designed to do. It is virtually impossible for other AI-based tools to understand if the detected anomaly is malicious or benign. As a result, they offer low-fidelity, probabilistic alerts that require hours of investigation.

AI-Powered Threat Detection

Lastline Defender is a unique approach to network security. We use a combination of three complementary techniques to deliver superior AI-powered network security:

  • First, we leverage our Global Threat Intelligence Network to scan traffic metadata and payloads for variants of known threats
  • Second, we apply unsupervised AI to an organization’s network traffic to detect protocol and traffic anomalies
  • Third, we use supervised AI to automatically create classifiers that recognize malicious network behaviors and previously unknown malware

Most AI-based network security products implement only the first two detection techniques. These probabilistic approaches lead to many false positives requiring additional investigation by your security team.

Lastline Defender is different. It leverages AI that is automatically trained both on network traffic and malicious behaviors. This unique combination enables deterministic detections and eliminates false positives.

Advanced Network Analytics

Lastline Defender improves threat detection by monitoring your network activity, including low-level events and seemingly benign activity, to uncover all malicious incidents. It analyzes a range of traffic, including:

Reputation Information: Delivers fast classification of known bad and good domains, IPs and URLs
Protocol Anomalies: Identifies unusual protocols in your network, including:
  • DNS tunneling
  • DNS zone transfers
  • Suspicious HTTP headers
  • Suspicious TLS certificates
Traffic Anomalies: Discovers unusual traffic in your network, including:
  • Port scans
  • Brute force logins
  • DNS fast flux
  • Remote file execution
  • Web shell
  • Web proxy bypass
  • Bitcoin mining
Host Anomalies: Identifies unusual behavior by your hosts
  • Upload/download volume
  • Port profile anomaly
  • Unusual geo destinations
  • Periodic check-ins
  • Lateral movement

Lastline Defender’s network analytics provides detailed understanding of a threat’s scope by identifying compromised systems, communication between local and external systems, and data sets that might have been accessed or uploaded. It facilitates hunting of latent threats resulting from file downloads, website content, and email attachments that are now hiding in your network.

Unmatched Awareness of
Threats Entering Your Network

Lastline Defender also gives you unmatched visibility into threats attempting to enter your network by incorporating our industry leading, patented sandbox technology. It deconstructs every malicious behavior engineered into an object entering via mail or web traffic, such as a file attachment or download. It sees all instructions that a program executes, all memory content, and all operating system activity.

This visibility enables your security team to see a complete inventory of unique file behaviors that other tools fail to detect, such as activity observed when executing programs, opening documents, unpacking archives, and rendering web content.

Lastline Defender’s superior visibility also makes the analysis much harder to evade. It detects advanced malware that’s engineered to evade sandboxes, next-generation firewalls, and other next-gen tools.


Global Threat Intelligence

The Lastline® Global Threat Intelligence Network, is a repository of tens of millions of indicators of compromise and historic threat data for files, domain names, and IP addresses. It is continuously updated and communicated to partners and customers as new threats (and new relationships among existing threats) emerge.

As a result all Lastline customers and partners are immediately instrumented to detect any malicious object used to attack another member of our community. This “network effect” significantly increases your detection accuracy and reduces the need for you to conduct your own threat research before responding.

Visualize the Entire Breach Chain

Lastline Network Defender generates a dynamic blueprint of an advanced threat as it moves laterally across your network. This context enables your security team to quickly understand the scope of the attack by providing complete visibility of all activity generated by an attack, including:

  • Traffic crossing your perimeter and moving laterally in your network
  • Extent and duration of every event
  • Attack stages
  • Compromised systems
  • Communication between local and external systems
  • Data sets accessed and harvested

It analyzes anomalous traffic and unknown objects in real time, not hours or days, to speed up notification of your security teams and their remediation efforts.

Lastline’s proven approach links the traffic crossing your perimeter and the traffic moving laterally in your network to identify relationships among seemingly unrelated malicious activities. This includes anomalous behavior of systems, services, and applications as well as additional IOCs not previously associated with the threat. This data consolidation helps you spot elements of an advanced threat that you otherwise would have missed and eliminates the endless isolated, generic alerts that require investigation.

Faster Incident Response

Your security team faces many challenges as it attempts to stop lateral movement of advanced threats:

  • Alert fatigue from a deluge of false positives and generic alerts
  • Low-fidelity assessment of the scope of the threat
  • Time-consuming manual steps to investigate suspicious activity
  • Inability to “connect the dots” to identify attack campaigns

Lastline Defender generates the highest fidelity insights possible, giving your incident response team the accuracy it needs to automate aspects of your response protocols including the blocking of malicious activity.

Integration with Existing Tools

Lastline Defender has a modular, scalable architecture and offers a rich set of open APIs that facilitate an easy integration of the product into existing systems and workflows. Powerful, built-in integrations with products from our Technology Alliance Partner ecosystem (such as SIEMs, network devices, and endpoint agents) complement the APIs.

You have the choice of using the built-in integration offered by our Technology Partners or you can use our robust APIs to optimize your current technologies, staff, and processes.