Use Cases

Detect And Respond To Advanced Threats Faster

Secure Any
Email System

Lastline Email Defender™ is an additional layer of defense that delivers unmatched protection for cloud email as well as customer-managed email systems. It protects your users from advanced threats that are engineered to defeat other security tools, such as spear-phishing, ransomware, and credential stealers.

You can deploy Lastline Email Defender-Cloud to protect Office 365 email and Gmail, or Lastline Email Defender-Enterprise to protect customer-managed email systems.

Defeat Account Takeover

In order to defeat Account Takeover (ATO) attacks , Lastline utilizes a unique machine learning algorithm that analyzes 300+ indicators in each email by looking at each email component, including:

  • Headers
  • Subject
  • Body
  • Links
  • Content the links point to
  • Zero fonts

The API-based integration also allows Lastline to analyze historical emails to determine the prior trust relations between the sender and receiver. Even with these security measures, users may still lose their credentials.

To provide a complete solution for phishing, Lastline analyzes login and account activity to detect and block account takeovers. This is done by correlating login events with past activity based on geography, time of day, and other indicators and account activity, such as sending outgoing phishing emails, sending a high volume of emails, or emails with multiple recipients. By correlating these indicators through another machine learning filter, the algorithm is able to flag compromised accounts while minimizing false alerts.

Lastline’s anti-phishing algorithm combines traditional analysis capabilities with a proprietary machine learning algorithm that looks at all aspects of the email and is specifically trained to catch the things Office 365 email and Gmail miss. With the addition of account takeover prevention and advanced malware detection, Lastline provides a complete security solution to protect your organization from phishing schemes.

Prevent Business
Email Compromise

Business Email Compromise (BEC) attacks often target cloud email systems like Office 365 email and Gmail. They start with a spear-phishing attack or spoofed emails targeted at specific executives in order to commit fraud.

These attacks evade detection from email security controls that rely on content scanning or signature-matching.  The emails do not contain links to any fraudulent sites or have malicious attachments, which normally trigger alerts.

Instead BEC attackers use publicly available data from social and business media sites to identify reporting relationships as well as names and titles of coworkers, upcoming travel, and so forth. They’ll use this knowledge to create a realistic looking message from a trusted co-worker to initiate a fraudulent transaction, such as a wire transfer.

To block the user impersonation that initiates BEC attacks, Lastline Email Defender-Cloud™ utilizes a unique machine to see if a similar sender exists in the organization with a different email address. It also verifies the identity of the sender by cross referencing several fields in the email including the sender and the signature at the bottom of the email. It also detects when the sender is using a domain similar to the known domain but with a different source IP, different mail-flow path, and so forth.

Automate Threat Detection

Lastline® Breach Defender saves your security operations team precious time by automatically detecting and responding to threats operating in your network. It combines AI-driven network traffic analysis with unmatched sandbox technology and generates high-fidelity, prioritized alerts that enable automated response to advanced threats.

Lastline Breach Defender collects and analyzes data from across your network, including activity from perimeter, network, and endpoints, to create a complete picture of a network threat. It performs all this without having to spend months profiling your network, it begins generating actionable insight within a few hours of deployment.

Network Analytics

Lastline is the only vendor that combines deterministic models of advanced threats (derived from its best-in-class sandbox) with AI-driven analysis of network data. Other vendors are limited to probabilistic models that trigger on anomalous network behaviors. Without the context of advanced threats, however, those techniques produce a significantly higher rate of both false positives (caused by the fact that not all anomalies are associated with threats) and false negatives (due to the fact that not all threats produce an anomaly).

We continuously refine our deterministic threat models based on new malware samples automatically submitted to our Global Threat Intelligence Network, and an integrated feedback loop from our team of threat researchers. Our Global Threat Intelligence Network contains hundreds of millions of malicious file samples and billions of behavior data points collected from customers and partners.

Prioritize Incident  Response

Your security operations team doesn’t have the time to investigate every alert before taking action. It needs prioritized, detailed, accurate information detailing the most significant threats targeting your network, the scope of the threat, and where and how to respond. Lastline Breach Defender creates a high-fidelity blueprint of an attack as it enters your network. The data visualization enables even the most junior member of your security operations team to quickly understand the scope of the threat, including compromised systems, communication between local and external systems, and data sets accessed.

You can use Lastline Sensors to protect your network by blocking the malicious activity, as well share data with any third-party security controls to automatically or manually launch response workflows.

Protection from Advanced Threats

Lastline automates the detection, investigation, and response to advanced threats. See for yourself how Lastline can make a difference.