2. Cyberattack (R)Evolution
$$ Damage
Targeted Attacks
and Cyberwarfare
Billions
Millions
Cybercrime
Hundreds of
Thousands
Thousands
!!!
Cybervandalism
$$$
#@!
Hundreds
Time
Company Confidential
3. Current Defenses Have Failed
January 10, 2014
Targeted attacks are mainstream news.
Every week, new breaches are reported.
Here are just a few examples.
Company Confidential
3
4. Malware is a Problem of Scale …
Company Confidential
5. Why Should You Care?
• If you have assets of value it is not a question of whether
you are being targeted, but where those blind spots exist
in your environment
• A compromise results in a backdoor into your network,
providing cybercriminals with interactive access
• With Lastline’s solutions you can obtain visibility and
identify active advanced malware targeting not only your
systems, but your key intellectual property and business
assets
Company Confidential
6. Targeted Attacks
Evasive and Advanced Threats
Security Gap
Current solutions fail to protect
organizations from sophisticated,
targeted attacks.
Evasive
Threats
Persistent
Threats
APT
Solutions
Opportunistic Attacks
Fluxing
Polymorphic
C&C
Packing
Plain
Virus
Simple Threats
Antivirus
Solutions
Sophisticated Threats
Company Confidential
7. Lastline, Inc.
Most advanced solution to detect, analyze, and mitigate
APTs, targeted attacks, and 0-day threats
Company Buzz
Company Overview
Founded in 2011, by top security professors and advanced
malware researchers to deliver the most proven and
advanced protection against evasive malware, zero day
and advanced persistent threats.
Founders published 100+ papers, recognized among top 30
Security Researchers in the world
Developers of Anubis / Wepawet, #1 portal for advanced
malware analysis and research, used by Fortune 500,
government agencies and security vendors
Experienced management team from Fortinet, ISS and
Trend Micro
“Top 10 coolest
security startup
of 2013”
Read More
Company Confidential
“Lastline Named
a finalist for five
Info Security
Products Guide
Global Excellence
Awards”
8. Lastline, Inc.
“Top 10 coolest security
startup of 2013”
Anubis & Wepawet
Research Backroung
Based on 10+ years research on APT
Founders published 100+ papers, recognized among
top 30 Security Researchers in the world
Most popular free tools for advanced malware
analysis, accessible through web portals
Used by tens of thousands of users (including Fortune
500 companies, government and financial institutions,
and security vendors)
Anubis: Advanced malware
analysishttp://anubis.cs.ucsb.edu
Wepawet: Drive-by exploit detector
http://wepawet.cs.ucsb.edu
Company Confidential
http://tinyurl.com/ms-top-authors
10. Highly Scalable
Lastline Products
Lastline Enterprise™
Detect Advanced Malware in Your Network
•
•
•
•
•
•
•
Lastline Analyst™
Upload Files for Analysis
Ideal for net and sec ops
Deploy on network passively
Multi-Protocol support (email, web, etc.)
Available on-premise or Hosted by Lastline
Software runs on hardware and VMWare
Complements NIPS and NGFW products
On-premise 30-day trial available
•
•
•
•
•
•
•
Ideal for forensic, audit, ICR ops
Cloud service hosted by Lastline
Analyzes objects for advanced malware
Inspects URLs for advanced malware
No hardware required by customer
Available as on-premise solution
Free Lastline Analyst accounts
Company Confidential
10
11. Highly Scalable
Lastline Solution
Lastline Enterprise™
Lastline
Components
Sensor
Engine
Manager
Threat
Intelligence
Description
On-Premise
✓
monitors
network
On-Premise
Hosted*
4.7 on VMWare
detonates
objects
Hosted*
Lastline Analyst™
n/a
n/a
n/a
✓
Private Cloud
✓
✓
Private Cloud
✓
correlates &
offers APIs
✓
Private Cloud
✓
✓
Private Cloud
✓
crawls the
internet to
find APTs
Internet-scale, active discovery of APT threats. Models
generated through machine-learning and large-scale
clustering algorithms. Intelligence is pushed to components.
* Hosted by Lastline
Company Confidential
11
12. Lastline Platform Capabilities
Lastline Enterprise™
Network and Object Analysis
Network Analysis
Sensor
Engine
Manager
– Detection and blocking
•
•
•
Command & Control traffic
Infection vectors, such as
drive-by-download attacks
Inbound malicious emails
– Automated collection of
potentially-malicious files for
analysis
– Analysis of pDNS and netflow
data
to identify anomalies
– Scalable, distributed architecture
Netflow
Passive DNS
Correlation
Lastline Analyst™
Object Analysis
Object Analysis
Executable files
Network
Fingerprints
Web URLs
Non-executable files
Android APK
Anomaly-Based
Command & Control Detection
Global Threat Intelligence
Engine
Manager
– Dynamic analysis in next
generation sandbox
•
•
Executes binaries, accesses web
pages, opens documents
Monitors and classifies observed
behaviors
– CPU emulation
•
•
Company Confidential
Provides visibility into every
instruction that malware
executes, not just the operating
system calls
Provides vastly increased ability
to detect malicious and evasive
behavior
13. Lastline Enterprise – In action
Lastline proactively
crawls the Internet
for threats and
updates the Sensor’s
knowledge base
Feedback for
global threat
intelligence
Analyzes
unknown
Engine
objects
(programs and
docs) with
high-resolution
analysis
Manager
Correlates alerts
and produces
actionable intelligence
Drive-by attack
Spearphishing
Command and
control
Sensor
Scans traffic for signs and
anomalies that reveal C&C
connections and infections
Company Confidential
14. Lastline Enterprise On-Premise
Lastline proactively
crawls the Internet
for threats and
updates the Sensor’s
knowledge base
Analyzes
unknown
Engine
objects
(programs and
docs) with
high-resolution
analysis
Manager
Correlates alerts
and produces
actionable intelligence
Drive-by attack
Spearphishing
Command and
control
Sensor
Scans traffic for signs and
anomalies that reveal C&C
connections and infections
Company Confidential
15. Lastline Enterprise Hosted
Lastline’s Datacenter
Lastline proactively
crawls the Internet
for threats and
updates the Sensor’s
knowledge base
Analyzes
unknown
objects
Engine
(programs and
docs) with
high-res analysis
Manager
Correlates alerts
and produces
actionable intelligence
Drive-by attack
Spearphishing
Command and
control
Sensor
Scans traffic for signs and
anomalies that reveal C&C
connections and infections
Company Confidential
16. Lastline Analyst
User accesses
object
information
via HTTPS
Upload
Objects and
URLs for
Analysis
Lastline proactively
crawls the Internet
for threats and
updates knowledge
base
Manager
Produces actionable
intelligence
Analyzes unknown objects Engine
(programs and docs) with
high-resolution analysis
Company Confidential
17. High-Resolution Security Analysis
Visibility without CPU emulation
(traditional sandboxing technology)
Visibility with CPU emulation
(Lastline technology)
Important behaviors and
evasion happens here
Company Confidential
18. Flexible & Cost Effective Deployment
•
•
•
•
•
Annual subscription, per-user pricing
Non-proprietary, low-cost hardware
Cost-effective, full network coverage
Your choice of on-premise or hosted deployment
Future-proofing via a platform approach which
provides API access for integration
• Scale engines in private cloud on-premise
• Deploy anywhere in the network
Company Confidential
18
19. Actionable Intelligence
• Lastline Enterprise identifies with
confidence the backdoors in your
network
• Detailed analysis supports the
remediation process defined
within the Enterprise
• Correlated APT information rolls
up to network incidents and
provides drill down to individual
malware events
• APT threat severity level is
available to identify high priority
infections
Company Confidential
19
22. Posed to stand out from the crowd
“Best New Security Start-Up Company of the Year (Software)”
Gold Winner
“Most Innovative Security Product (Software) of the Year”
Bronze Winner
“Innovation in Next Generation Security”
Bronze Winner
“Best Overall Security Company of the Year”
Bronze Winner
“Most Innovative Security Service of the Year”
Silver Winner
Company Confidential
23. Lastline Better By Design
Lastline Core
• Complete Protection
– Analysis of inbound software artifacts
– Analysis of outbound traffic using network
models
– Anomaly detection of suspicious behavior
– Actionable Threat Intelligence
• Most Advanced Malware Analysis
– High-resolution analysis engine (CPU emulation)
– Supports multiple operating systems and file
formats
– Producers detectors (fingerprints) that also
handle encrypted traffic
• Flexible & Scalable Deployments
– Three-Tiered Architecture on premise or hosted
– Efficient sensors on premise (for enforcement
and collection)
– Hosted Solution offers analysis in the cloud
– Pricing that is practical for your budget
Company Confidential
High-Resolution Analysis
Correlation
Automated
Data Collection
Netflow
DNS
Network
Fingerprints
Non-PE, PE,
Web URLs,
Android APK
Global Threat Intelligence
Reputation, …
Lastline Enterprise
Sensor Manager Engine
Lastline Analyst
Manager Engine