Blog

Gwinnett County Public Schools Defends Against Advanced Malware with Lastline Enterprise - Case Study

Posted by Freddy Mangum on 10/2/14 9:24 AM

"The challenge for all of us — CISOs, security managers, and security analysts alike — is to quickly detect and eradicate malicious files before they can be leveraged towards a full-scale security breach. Lastline Enterprise helps us satisfy this challenge.”

The Challenge

Cyber criminals have transitioned from casting a wide net with opportunistic attacks to targeting specific organizations with the intent of stealing high-value information and data. Because of this shift, Gwinnett County Public Schools, the largest public school system in Georgia, realized it was necessary to acquire technology that could adequately defend against new threats to protect their assets.

“Businesses large and small are under constant cyber-attack.  We have seen the threat landscape transform from traditional attacks centered on the network perimeter to sophisticated “phishing” and “drive-by-download” assaults directed at our end-users and endpoints systems.”

Read More

Topics: Evasive Malware, Advanced Malware Detection, Case Study, Education

Aerospace Organization Defends Against Advanced Cyber Threats with Lastline - Case Study

Posted by Freddy Mangum on 9/30/14 2:00 PM

The Challenge

This US aerospace research and development organization tackles one of the most ambitious (and arguably the most difficult) engineering projects in the world - the design and creation of space exploration vehicles capable of transporting people into orbit. Security teams at this organization take on the massive task of protecting property and data anywhere where assets are deployed. They realized that there was a gap in the security mosaic that needed to be addressed. They needed assistance gaining visibility into network activity, file downloads, and correlating URLs visited by network users to subsequently observed threats. 

“Our biggest security challenge is adapting and remaining vigilant to new threats while remaining cost effective as new technologies develop.”

Read More

Topics: Evasive Malware, Advanced Malware Detection, Case Study, Aerospace Industry

Financial Services Leader Chooses Lastline to Inspect Network, Email, and Web Traffic for Evasive Malware

Posted by Freddy Mangum on 9/23/14 8:00 AM

"I would recommend Lastline to others because they have a solid product that produces great detection, is easy to install and deploy, and has good support."

The Challenge

This Information technology service company provides an extensive array of products and services to help more than ten thousand financial institutions across the nation process transactions and automate business processes. The security teams here spent a significant amount of time analyzing malware and were still unable to efficiently correlate the data to provide a more meaningful picture of the total health of their network. After learning more about enterprise solutions for detecting malware, this company realized they had an opportunity to put a solution in place to cut down on some of the workload and save time for their analysts. 

“One of the biggest security challenges we face is detecting malware and malware infected machines, and correlating that data to determine what is random and what is a targeted attack against the organization.” 

Read More

Topics: Evasive Malware, Lastline Enterprise, Case Study, Financial Services

CKE Restaurants Chooses Lastline for APT Protection — Case Study

Posted by Freddy Mangum on 9/18/14 8:00 AM

The Challenge

CKE Restaurants owns, operates and franchises some of the most popular brands in the quick-service restaurant industry, including Carl’s Jr., Hardee’s, Green Burrito and Red Burrito, in more than 3,480 locations in 42 states and in 31 countries. As a restaurant chain of this caliber, CKE is expected to handle and protect customer data with the utmost diligence.

CKE Restaurants Retailer Selects Lastline for APT Protection

“Customers and employees entrust personally identifiable information with us under the assumption that CKE has the most advanced security measures in place and their information is safe,” said Tom Lindblom, Chief Technology Officer of CKE. “When data began to surface revealing advanced malware attacks targeting PoS systems, and the inability for traditional antivirus to defend against these sophisticated threats, we knew we had to act quickly to update our security toolset.”

Read More

Topics: Lastline Enterprise, Case Study

Juniper Adds Lastline Advanced Threat Intelligence to SRX Firewalls

Posted by Brian Laing on 9/9/14 10:00 AM

Lastline Knowledge Base of Advanced and Evasive Threats Immediately Accessible and Actionable through Juniper Spotlight Secure Platform

The network security innovation leader Juniper Networks will integrate Lastline Advanced Threat Intelligence subscription service with its Spotlight Secure open security intelligence platform. In teaming up with Lastline, Juniper can now provide continuous updates from Lastline’s Advanced Threat Intelligence to their SRX next-generation firewall customers for improved visibility into and immediate protection from advanced targeted attacks, dynamically and with no downtime.

Read More

Topics: Partners, Advanced Threat Intelligence

International MSSP Chooses Lastline for APT Protection — Case Study

Posted by Freddy Mangum on 8/26/14 10:14 AM

Cellopoint, an international managed security service provider based in Taiwan, is a leading manufacturer of information security and email lifecycle management products. They specialize in anti-spam, security defense, mail auditing and archiving solutions for email.

The Challenge

Cellopoint's Unified Threat Management (UTM) product provides four layers of protection, including anti-spam and distinguished anti-virus engines. However, the security company quickly came to realize that traditional, signature-based methods were not going to be sufficient in providing complete protection to their end-users. They needed a solution that could reliably defend against malware designed to bypass traditional, first-generation defenses.

"Although we provide our customers with a multi-layered defense system, we began to realize it was no longer a sufficient stand-alone tool to protect against all types of existing threats. We needed a product that could detect and stop emerging and evasive malware as well.”

Read More

Topics: MSSP, Case Study

Lastline Secures $10 Million in Funding

Posted by Jens Andreassen on 8/21/14 10:04 AM

Today we announced that we’ve raised $10 million from new investors Dell Ventures and Presidio Ventures, as well as existing investors Redpoint Ventures and e.ventures. With the new round of funding, we will continue to focus on serving our rapidly growing, global enterprise customer base as well as new and existing partnerships to improve information security and threat intelligence worldwide.

This round of funding adds to the $13.7 million we raised in earlier rounds to bring total funding raised to nearly $24 million since our founding in 2011.

Read More

Christopher Kruegel to Present on Full-System Emulation at Black Hat 2014

Posted by Freddy Mangum on 7/31/14 2:53 PM

Today, forensics experts and malware protection solutions face a myriad of challenges when attempting to extract information from malicious files. Sandboxing (Dynamic Analysis) is a popular method for identifying malicious behaviors associated with running or opening a given file, providing the ability to examine the actions which that file is responsible for. Sandboxing technology is gaining popularity for use in detecting targeted threats and zero-day attacks because this approach need not rely on detecting malicious code. Instead, it can leverage the ability to identify suspicious behavioral patterns to assess the risk inherent in running a given sample and provide intelligence about the protocols and infrastructure that attackers have at their disposal.

Read More

Topics: Full-system Emulation, Dynamic Malware Analysis

National Media Conglomerate Chooses Lastline for APT Protection — Case Study

Posted by Freddy Mangum on 7/11/14 5:40 AM

The Challenge

Media organizations face a unique challenge when it comes to ensuring that their organization and users are protected. Security teams at this organization quickly began to realize that standard virus protection alone would not provide the coverage their customer base deserved.

“Our biggest security challenge is finding the right balance between freedom of access and total lock-down. As a large media and technology company our user base expects complete freedom, so providing them access to the Internet of Things safely is a big and evolving challenge.”

Read More

Topics: Case Study

What’s New in Lastline Enterprise Advanced Malware Detection and Management

Posted by Brian Laing on 7/1/14 10:00 AM

At Lastline, we’re continuously strengthening and refining our advanced malware protection software and services that detect and block the advanced malware on the Web, in email and in mobile apps. As malware rapidly evolves, so do we.

In fact, using machine learning, we maintain an automated approach to advanced malware detection that flips the economics of malware on its head. Malware developers have to work much harder to catch up with our next-generation sandboxing technology, rather than the other way around.

Still, we’re working hard to stay ahead of advanced malware trends and techniques. Since 2011, we’ve analyzed billions of programs, documents, and URLs to identify and stop known and unknown threats. We’ve indexed billions of hashes, signatures and behavioral footprints of an exponentially growing class of advanced malware in our massive threat intelligence cloud.

When a Lastline virtual or bare-metal sensor detects suspicious or unrecognized code or network behavior, it cross-checks against these known threats. Then, if the threat status for a file is still unknown, it is sent to one of our next-generation sandboxes for high-resolution, dynamic analysis. Our scalable, elastic sandboxes emulate full computing systems, including CPU and memory, to remain invisible to evasive malware while having optimal visibility into malicious activity. And our dynamic analysis can literally speed up time to observe the behavior of malware that may loop or pause for hours or days to both evade and detect traditional sandboxing.

Given the rapid rise of advanced malware and adoption of first-generation sandboxing technology, our customers are drowning in security alerts -- both false positives and true threats -- so we offer prioritized event correlation with actionable intelligence to help besieged IT security teams separate the signals from the noise.

I’d like to highlight some key enhancements in Lastline Enterprise detection, analysis, notification and management since our last announcement:

  • Analysis engine enhancements: Includes an engine extension for extracting information from fake Android banking applications (APKs), support for extraction of full-process dumps in IDA-Pro compatible format for Windows PE analysis and now captures and analyzes files transferred by FTP.

  • In-depth malicious Java detection: Java applet analysis and reporting are new and improved.

  • Intelligent notifications: Users control which types of events trigger push notification, and whether they want emailed notification, CEF messages to SIEM systems and/or reputation information for network hosts to an HP Tipping Point SMS server. Event whitelisting is now available, so no alerts are triggered for IP ranges of open wireless networks or guest IPs, for example.

  • Incident response coordination: New workflow functionality has been added to our incident, event and analysis views that allows users to comment on individual detections on the network. This can be helpful for coordinating investigation and response to an incident, as well as providing feedback to Lastline about the accuracy of our detection.

  • Appliance status and metrics: Improved geolocation support for appliances using browsers’ geolocation APIs. New sensor status graphs include CPU and memory usage.

  • Improved analysis reports: Get greater visibility into keylogger behavior and representations of the relationships between analysis subjects as well as visited web pages. Reports load even faster.

  • Critical audit logging: A new audit log collects and displays security-relevant and other critical activities performed on the system.

  • Customization: Customers can add their own threat intelligence to our system, in case they know about threats that specifically target them.

Customers can get details about what’s new in each new version of Lastline Enterprise in the Release Notes pages at the top right of their management consoles.

Later this summer, we’ll be rolling out more improvements to our next-generation sandboxing technology, including dormant code analysis (inspecting suspicious code in memory that is not executed by the sandbox), a reputation system for Android APKs and new network anomaly detectors. We will also add enterprise features, such as active directory integration and improvements to our email solution.

For more on “What’s New in Lastline Enterprise” please register below to join me for a free webinar on July 8, 2014 at 9:00 a.m. PT with plenty of time for live Q&A.

Read More

Topics: Lastline Enterprise

    

Subscribe to Email Updates