Blog

International MSSP Chooses Lastline for APT Protection — Case Study

Posted by Freddy Mangum on August 26, 2014 at 10:14 AM

Cellopoint, an international managed security service provider based in Taiwan, is a leading manufacturer of information security and email lifecycle management products. They specialize in anti-spam, security defense, mail auditing and archiving solutions for email.

The Challenge

Cellopoint's Unified Threat Management (UTM) product provides four layers of protection, including anti-spam and distinguished anti-virus engines. However, the security company quickly came to realize that traditional, signature-based methods were not going to be sufficient in providing complete protection to their end-users. They needed a solution that could reliably defend against malware designed to bypass traditional, first-generation defenses.

"Although we provide our customers with a multi-layered defense system, we began to realize it was no longer a sufficient stand-alone tool to protect against all types of existing threats. We needed a product that could detect and stop emerging and evasive malware as well.”

Read More

Topics: MSSP, Case Study

Lastline Secures $10 Million in Funding

Posted by Jens Andreassen on August 21, 2014 at 10:04 AM

Today we announced that we’ve raised $10 million from new investors Dell Ventures and Presidio Ventures, as well as existing investors Redpoint Ventures and e.ventures. With the new round of funding, we will continue to focus on serving our rapidly growing, global enterprise customer base as well as new and existing partnerships to improve information security and threat intelligence worldwide.

This round of funding adds to the $13.7 million we raised in earlier rounds to bring total funding raised to nearly $24 million since our founding in 2011.

Read More

Christopher Kruegel to Present on Full-System Emulation at Black Hat 2014

Posted by Freddy Mangum on July 31, 2014 at 2:53 PM

Today, forensics experts and malware protection solutions face a myriad of challenges when attempting to extract information from malicious files. Sandboxing (Dynamic Analysis) is a popular method for identifying malicious behaviors associated with running or opening a given file, providing the ability to examine the actions which that file is responsible for. Sandboxing technology is gaining popularity for use in detecting targeted threats and zero-day attacks because this approach need not rely on detecting malicious code. Instead, it can leverage the ability to identify suspicious behavioral patterns to assess the risk inherent in running a given sample and provide intelligence about the protocols and infrastructure that attackers have at their disposal.

Read More

Topics: Full-system Emulation, Dynamic Malware Analysis

National Media Conglomerate Chooses Lastline for APT Protection — Case Study

Posted by Freddy Mangum on July 11, 2014 at 5:40 AM

The Challenge

Media organizations face a unique challenge when it comes to ensuring that their organization and users are protected. Security teams at this organization quickly began to realize that standard virus protection alone would not provide the coverage their customer base deserved.

“Our biggest security challenge is finding the right balance between freedom of access and total lock-down. As a large media and technology company our user base expects complete freedom, so providing them access to the Internet of Things safely is a big and evolving challenge.”

Read More

Topics: Case Study

What’s New in Lastline Enterprise Advanced Malware Detection and Management

Posted by Brian Laing on July 1, 2014 at 10:00 AM

At Lastline, we’re continuously strengthening and refining our advanced malware protection software and services that detect and block the advanced malware on the Web, in email and in mobile apps. As malware rapidly evolves, so do we.

In fact, using machine learning, we maintain an automated approach to advanced malware detection that flips the economics of malware on its head. Malware developers have to work much harder to catch up with our next-generation sandboxing technology, rather than the other way around.

Still, we’re working hard to stay ahead of advanced malware trends and techniques. Since 2011, we’ve analyzed billions of programs, documents, and URLs to identify and stop known and unknown threats. We’ve indexed billions of hashes, signatures and behavioral footprints of an exponentially growing class of advanced malware in our massive threat intelligence cloud.

When a Lastline virtual or bare-metal sensor detects suspicious or unrecognized code or network behavior, it cross-checks against these known threats. Then, if the threat status for a file is still unknown, it is sent to one of our next-generation sandboxes for high-resolution, dynamic analysis. Our scalable, elastic sandboxes emulate full computing systems, including CPU and memory, to remain invisible to evasive malware while having optimal visibility into malicious activity. And our dynamic analysis can literally speed up time to observe the behavior of malware that may loop or pause for hours or days to both evade and detect traditional sandboxing.

Given the rapid rise of advanced malware and adoption of first-generation sandboxing technology, our customers are drowning in security alerts -- both false positives and true threats -- so we offer prioritized event correlation with actionable intelligence to help besieged IT security teams separate the signals from the noise.

I’d like to highlight some key enhancements in Lastline Enterprise detection, analysis, notification and management since our last announcement:

  • Analysis engine enhancements: Includes an engine extension for extracting information from fake Android banking applications (APKs), support for extraction of full-process dumps in IDA-Pro compatible format for Windows PE analysis and now captures and analyzes files transferred by FTP.

  • In-depth malicious Java detection: Java applet analysis and reporting are new and improved.

  • Intelligent notifications: Users control which types of events trigger push notification, and whether they want emailed notification, CEF messages to SIEM systems and/or reputation information for network hosts to an HP Tipping Point SMS server. Event whitelisting is now available, so no alerts are triggered for IP ranges of open wireless networks or guest IPs, for example.

  • Incident response coordination: New workflow functionality has been added to our incident, event and analysis views that allows users to comment on individual detections on the network. This can be helpful for coordinating investigation and response to an incident, as well as providing feedback to Lastline about the accuracy of our detection.

  • Appliance status and metrics: Improved geolocation support for appliances using browsers’ geolocation APIs. New sensor status graphs include CPU and memory usage.

  • Improved analysis reports: Get greater visibility into keylogger behavior and representations of the relationships between analysis subjects as well as visited web pages. Reports load even faster.

  • Critical audit logging: A new audit log collects and displays security-relevant and other critical activities performed on the system.

  • Customization: Customers can add their own threat intelligence to our system, in case they know about threats that specifically target them.

Customers can get details about what’s new in each new version of Lastline Enterprise in the Release Notes pages at the top right of their management consoles.

Later this summer, we’ll be rolling out more improvements to our next-generation sandboxing technology, including dormant code analysis (inspecting suspicious code in memory that is not executed by the sandbox), a reputation system for Android APKs and new network anomaly detectors. We will also add enterprise features, such as active directory integration and improvements to our email solution.

For more on “What’s New in Lastline Enterprise” please register below to join me for a free webinar on July 8, 2014 at 9:00 a.m. PT with plenty of time for live Q&A.

Read More

Topics: Lastline Enterprise

Hottest IT Jobs of 2014? Malware Analyst Positions Up 60% YoY

Posted by Giovanni Vigna on June 7, 2014 at 1:26 PM

When my students ask me how their studies at UCSB might transfer into corporate IT positions, I point to the rapid rise in cyber-security -- and particularly malware analyst -- positions worldwide. In response to increasingly sophisticated, advanced malware that evades detection and the advanced persistent threats that are bombarding organizations, many IT teams are hiring malware researchers to make sense of the deluge.

malware-analyst-career

Read More

Topics: Security Careers, Malware Analyst

Video: Simplifying Event Management

Posted by Brian Laing on April 28, 2014 at 9:30 AM

A walkthrough of event management in the Lastline Enterprise portal. 

Dealing with individual malware attack events is difficult — you have to look across a sea of events for other hosts on the network. Lastline makes event management easier. You can deal with all the events from a single host while still seeing how these events are related to a higher level infection. The system rolls correlated events into "incidents". Correlated incidents are then rolled up into "network infections".

Read More

Topics: Malware Analysis, Event Management

Video: Analyze Web and E-mail Downloads

Posted by Brian Laing on April 25, 2014 at 8:00 AM

Walkthrough the analysis of downloaded files in the Lastline Enterprise portal.

The "download" and "mail" tabs allow you to look at files downloaded by users on your network as an alternative to searching through events. This can be useful in gaining a comprehensive view of behaviors surrounding an attack, thus providing more clarity on the path toward remediation.

For more clips from this series, check out our YouTube Channel YouTube.

Read More

Topics: Lastline Enterprise, Malware Analysis

Video: Viewing the Entire Attack Chain for Targeted Attacks

Posted by Brian Laing on April 23, 2014 at 2:50 PM

Quickly find compromised hosts without having to scour through individual events. 

Lastline Enterprise exposes the end-to-end attack chain for APTs. By rolling "events" into "incidents" and "incidents" into "network infections", we enable you to focus on the hosts that need immediate attention.

Read More

Topics: Lastline Enterprise

Lastline Enterprise Certified for Integration with HP ArcSight SIEM

Posted by Matthew Baker on April 22, 2014 at 4:28 PM

Lastline Enterprise integrates with HP ArcSight SIEM

Lastline Enterprise 5.0 has been certified as an HP ArcSight Common Event Format (CEF) solution. This means that ArcSight ESM customers can now seamlessly integrate events generated by Lastline Enterprise, such as suspicious file downloads and irregular netflow profiles, into their holistic security reporting capabilities. 
 

Read More

Topics: Lastline Enterprise, SIEM Integration

    

Subscribe to Email Updates