4
EVASIVE MALWARE CAUSES MOST DATA BREACHES Despite major financial investment and extensive deployment of enterprise security products, companies are still being victimized by malware-based attacks. The latest firewalls, intrusion prevention systems, and sandboxes are no match for today’s malware. Advanced malware has been engineered to easily identify and evade enterprise security tools. In addition to being easily bypassed, most enterprise security tools operate in isolation and have limited visibility into malicious behavior across your network. These stand-alone systems are rarely capable of sharing relevant threat data and collaborating intelligently. This lack of visibility and threat sharing limits your ability to respond quickly to emerging threats. DEFEATING ADVANCED MALWARE Lastline Enterprise has been proven to provide unmatched security effectiveness, delivering 100% malware detection accuracy with zero false positives when tested by NSS Labs. This means your incident response team can spend its scarce time responding to actual threats, not chasing down false positives and searching for indicators of compromise (IOCs). The Deep Content Inspection Difference Lastline Enterprise is designed to provide complete visibility into the malware behavior that other technologies miss. It uses Deep Content Inspection, a unique isolation and inspection environment that simulates an entire host (including the CPU, system memory, and all devices) to analyze malware. Deep Content Inspection interacts with the malware to observe all the actions a malicious object might take. Traditional sandboxes only have visibility down to the operating system level. They can inspect content and identify potentially malicious code, but they can’t interact with the malware like Lastline Enterprise can. As a result, they have significantly lower detection rates and higher false positives, in addition to being easily identified by evasive malware. Lastline Enterprise: Advanced Malware Protection DATASHEET DETECT EVASIVE MALWARE THAT OTHER TOOLS MISS Lastline Enterprise delivers unmatched detection of advanced malware that is engineered to defeat enterprise security tools and compromise your network. Unlike “advanced” or “next-generation” technologies, Lastline Enterprise delivers complete visibility into advanced malware, enabling you to respond rapidly to malicious activity before it results in a damaging data breach. Deep Content Inspection Delivers Unmatched Visibility

Lastline Enterprise: Advanced Malware Protection - … · The latest firewalls, ... Lastline Enterprise has been proven to provide unmatched security ... in over 20 years of testing

  • Upload
    dinhnhu

  • View
    219

  • Download
    0

Embed Size (px)

Citation preview

EVASIVE MALWARE CAUSES MOST DATA BREACHESDespite major financial investment and extensive deployment of enterprise security products, companies are still being victimized by malware-based attacks. The latest firewalls, intrusion prevention systems, and sandboxes are no match for today’s malware. Advanced malware has been engineered to easily identify and evade enterprise security tools.

In addition to being easily bypassed, most enterprise security tools operate in isolation and have limited visibility into malicious behavior across your network. These stand-alone systems are rarely capable of sharing relevant threat data and collaborating intelligently. This lack of visibility and threat sharing limits your ability to respond quickly to emerging threats.

DEFEATING ADVANCED MALWARELastline Enterprise has been proven to provide unmatched security effectiveness, delivering 100% malware detection accuracy with zero false positives when tested by NSS Labs. This means your incident response team can spend its scarce time responding to actual threats, not chasing down false positives and searching for indicators of compromise (IOCs).

The Deep Content Inspection DifferenceLastline Enterprise is designed to provide complete visibility into the malware behavior that other technologies miss. It uses Deep Content Inspection, a unique isolation and inspection environment that simulates an entire host (including the CPU, system memory, and all devices) to analyze malware. Deep Content Inspection interacts with the malware to observe all the actions a malicious object might take.

Traditional sandboxes only have visibility down to the operating system level. They can inspect content and identify potentially malicious code, but they can’t interact with the malware like Lastline Enterprise can. As a result, they have significantly lower detection rates and higher false positives, in addition to being easily identified by evasive malware.

Lastline Enterprise: Advanced Malware Protection

D A T A S H E E T

D E T E C T E V A S I V E M A L W A R E T H A T O T H E R T O O L S M I S S

Lastline Enterprise delivers unmatched detection of advanced malware that is engineered to defeat enterprise security tools and compromise your network.

Unlike “advanced” or “next-generation” technologies, Lastline Enterprise delivers complete visibility into advanced malware, enabling you to respond rapidly to malicious activity before it results in a damaging data breach.

Deep Content Inspection Delivers Unmatched Visibility

THE INDUSTRY’S MOST EFFECTIVE ADVANCED MALWARE DETECTIONLastline Enterprise’s unique architecture and threat intelligence network provide you with unmatched visibility and detection capabilities:

• Highest rated detection technology identifies threats others miss and eliminates the need for you to spend hours researching false alarms

• Threat intelligence network shares latest updates on malicious files and their associated behaviors to all customers automatically, accelerating your ability to respond to emerging threats

• Correlated incident information prioritizes the most significant threats in your network, eliminating the need to sift through massive log files

• Delivers full attack chain visibility to your incident response team so it can quickly understand the nature of the attack, making scarce security resources more efficient

Integrates with Your Existing Security Controls

Lastline Enterprise easily integrates with your existing network infrastructure and can collaborate bi-directionally with other security technologies to enable rapid detection and remediation of advanced threats. You can collect information from Lastline Sensors, or from products from our Technology Alliance partners with built-in integration with Lastline Enterprise. You can also use our APIs to collect data from your existing tools and integrate Lastline actionable intelligence into those security tools to update rulesets and create new workflows. Lastline Enterprise allows you to leverage all your security tools to maximize your ability to detect and defeat advanced threats.

NSS Labs, the leader in

independent security product

testing and research, tested Lastline

Enterprise and several other

advanced malware detection

tools. Lastline Enterprise scored a perfect detection rate

of 100% in all test categories with zero false positives.

No other vendor or product has achieved this level of

performance, in over 20 years of testing.

NSS Labs 2016 Breach Detection Systems Group Test

Global Threat Intelligence Network The Global Threat Intelligence Network automatically shares the malware characteristics, behaviors and associated IOCs of every malicious object curated and analyzed by Lastline with all Lastline customers and partners. You benefit by anonymously contributing threat information and receiving actionable, global intelligence in return.

We quickly analyze all new objects and share the results of the analysis across our entire network. This allows for faster detection and analysis of previously unseen threats as well as reducing the time for you to remediate malicious activity.

The shared threat intelligence includes:

• Active command and control (C&C) servers

• Objects with zero-day exploits

• Toxic web sites and malware distribution points

• IDS/IPS rules that you can push to security tools to block specific attacks

• YARA rules (popular tool used to identify and classify malware)

• Other malware information useful to defend against threats specific to your organization

EXTREMELY LOW TOTAL COST OF OWNERSHIPLastline Enterprise is designed specifically to deliver unmatched detection while keeping your costs low:

• Subscription model with low user-based pricing enables deployment of Sensors wherever you need visibility

• Faster response to advanced threats by optimizing current technologies, staff, and processes

• Maximum flexibility to deploy Sensors as physical or virtual appliances, and Managers and Engines on-premise or in the cloud

• Commodity hardware enables you to deploy Lastline Enterprise on your preferred platforms

• Simplify integration with your existing security products with well-defined APIs

SEE HOW LASTLINE ENTERPRISE CAN DETECT THREATS YOUR TOOLS MISS TODAYWe’re here to help you solve your organization’s security challenges. Are you curious to learn more about how evasive malware can bypass “advanced” malware detection tools like sandboxes, firewalls, and IPS? Do you want to see how Lastline Enterprise can work with your existing security controls to improve their effectiveness and detect the advanced threats they miss? Contact us to schedule your demo and answer any questions that you have.

For more information please visit www.lastline.com

L ASTLINE CORPOR ATE HEADQUARTERS203 Redwood Shores Parkway, Suite 620 | Redwood City, CA 94065 | www.lastline.comAmericas: +1 (877) 671 3239 | EMEA: +44 (0) 207 749 5156 | APAC: +65 6829 2207

© 2017 Lastline, Inc. All rights reserved. All other trademarks are the property of their respective owners. | v. 021217

CERTIFIED HARDWARE SPECIFICATIONS

1 G S E N S O R 10 G S E N S O R M A N AG E R E N G I N E

Virtual MachineVMWare ESXi 5.1 or higher

Not Available

Base Model Dell PowerEdge R430

Form Factor 1U Rack-Mount

Weight 43.87 lbs (19.9 Kg)

Dimensions (Width x Depth x Height)

17.1“ x 25.3“ x 1.7“ (43.4 x 64.2 x 4.3 cm)

Enclosure Fits 19-inch Rack

Monitoring Ports (4) 1 GbE Ports***(up to 4) 1 GbE (up to 2) 10 GbE (Intel) Ports***

- -

Management Port USB 2.0 compliant port

AC Input Voltage/Current 100~240 VAC / 6.5 A-3.5 A

Power Supply Dual Hot Plug Power 450 W

Operating Temp 10° C to 35° C (50° F to 95° F)

Network Performance Up to 1Gb Traffic Up to 5Gb Traffic - -

Email Performance Up to 750,000 per day* - -

Objects Per Day** Up to 100,000 per day* - -

Files Analyzed in Sandbox

- - -Up to 10,000 per day*

Scalability of Engines - -Up to 30 Engines per Manager

-

Scalability of Sensors - -Up to 200 Sensors per Manager

-

* Cluster N number of components to scale as needed. Performance varies by object type.** Apply pre-filter to quickly determine maliciousness and submit unknown files for detailed analysis by next-generation sandbox

*** Supported Intel NIC required for throughput over 200 Mbps

Note: Performance values are based on “standard” profile. Values may vary depending on your environment.