Detect advanced threats, stop data breaches
Lastline's unique breach detection process integrates advanced threat detection capabilities seamlessly into your existing security portfolio.
Lastline provides comprehensive breach detection of advanced and evasive threats across your entire enterprise — different operating systems (Windows, Mac OS X, and Android), physical and virtual hosts, services, users, network infrastructure and Web, email, content, and mobile applications.
Deploy multiple layers of defense
Strategically position defenses across not only your perimeter, but also your data center, internal networks and distribution layers to add additional security and prevent lateral infection spread. Lastline software can be installed on standard server hardware or virtual instances, so deployment is possible in environments where the installation of an appliance is not.
Lastline’s flexible software-based platform allows organizations to scale their breach defenses on a predictable basis, from a single location to an infinite number of remote, branch, and mobile offices. Licensing is done by user - not by location, appliance or bandwidth.For example, an analyst might ask to see “all sessions where a user logged into the VPN from a foreign country for the first time, then accessed a new server for the first time, after which FireEye created a malware alert.” This level of analysis across disjoint activities and systems is simple with Exabeam. Now analysts can ask new questions. With Threat Hunter, machine learning provides intelligent answers, in addition to alerts.
Lastline detects unknown threats (APTs, ATAs, zero-days, etc.) specifically designed to evade first-generation APT sandbox appliances. When compared to competing approaches such as virtualization and OS emulation, Lastline’s full-system emulation provides the deepest level of visibility into unknown malware behavior and is also the hardest for evasive malware to circumvent. The result is the successful detection of highly-evasive malicious attacks that others simply don’t see.
Advanced Threat Intelligence
Lastline’s unique threat intelligence database contains advanced and evasive attack information that no other security vendor can provide. Built on more than ten years of R&D, this knowledge base contains active command and control (C&C) servers, objects with zero-day exploits, toxic web sites and malware distribution points identified as having breach intent. Import custom IDS/IPS rules, YARA rules, and threat intelligence to adjust environment for analysis and defend against threats specific to your organization. This database is continuously updated in real-time with intelligence from partner and customer environments.
Rapid Detection Regardless of Volume
The Lastline Breach Detection Platform identifies key indicators of compromise (IOCs) for breach confirmation and draws on real-time threat intelligence to trigger incident response and block attacks immediately. Elastic analysis capabilities allow the next-generation sandbox to handle changes in volume without compromising the speed or integrity of analysis. Suspicious traffic and objects are analyzed in real time — not minutes or hours — providing the quickest time to notification and remediation.
Breach analysis results are presented via a web-based portal using an incident-centric approach in which evidence from next-generation sandbox analysis, network monitoring, and anomaly detection are correlated to provide actionable analyses of ongoing incidents. Indicators of compromise (IOCs) associated with evasive malware and command and control traffic (C&C) are prioritized to reduce noise and save responders time.
Integrate With Your Security Systems
Powerful APIs were designed to complement traditional security investments (network, end-point, and management systems) and optimize existing SOC and IR operational workflows. Push blocking rules to NGFWs (Next-Generation Firewalls), send breach event information to your SIEM (Security Information Event Management), block in-line with IPSs (Intrusion Prevention Systems) and add evasive malware understanding to SWGs (Secure Web Gateways).
Proactively block known malicious objects & network traffic
Lastline's advanced threat intelligence can feed to existing security investments, such as Next-Generation Firewalls or Intrusion Prevention Systems, to provide security analysts and incident responders with additional behavior information and context on threats.
Quickly respond to the unknown
In the case that a previously unknown or zero-day exploit is identified, the Lastline platform provides sensors and 3rd party security systems with updated intelligence to create blocking rules that stop active breaches.
Deploy in your private cloud or ours
Lastline Enterprise was designed with flexibility in mind. If your Enterprise is restricted by strict privacy laws and policies, deploy on-premise, and install components in your data center. Network behavior models associated with malware will be regularly downloaded from Lastline. Or choose the hosted deployment model and Lastline will manage the backend infrastructure for you.