Lastline is revolutionizing the way companies protect their networks and email. Our advanced threat detection products uncover attacks and malicious network activity before suffering a costly data breach. And we enable you to do this with fewer resources and at lower cost than existing security tools.
In 2011, Drs. Engin Kirda, Christopher Kruegel, and Giovanni Vigna, three of the world’s most influential academic researchers in cybersecurity, founded Lastline. The company’s vision is informed by the founders’ world-renowned research on malware analysis and evasion techniques, academically-rooted rigor, innovative approaches to network breach protection, and a passion to improve enterprise cybersecurity.
Lastline’s unmatched level of visibility, accuracy and effectiveness, and our focus on IT managers’ ever-increasing pressure to secure company networks and assets, has resulted in the company providing specific, actionable, context-rich threat intelligence and decreased data loss to many of the largest and most successful companies around the world.
Understanding Advanced Malware
Advanced malware continues to play a significant role in many attacks targeting organizations today. Malware authors continue to new techniques that bypass both traditional and “next-generation” security tools, leaving your systems and data at risk. Evasive malware can easily escape detection by “advanced” security technologies by altering its behavior or adopting one or more evasion tactics.
- Evading sandbox-based technologies: Advanced malware is engineered specifically to detect when it is running in almost every sandbox on the market. The malware avoids taking any malicious actions to evade detection while in the sandbox, allowing it to enter your network and initiate its malicious behavior. The reason why advanced malware can bypass most sandboxes is that they typically utilize virtual machine (VM)environments like VMware, Xen, KVM, Parallels/Odin and VDI. VM technologies insert artifacts, which allow advanced malware to discover that it is running in a virtual environment. These artifacts include additional operating system files and processes, supplementary CPU features, and other components necessary for the virtualization to work.
- Evading signature-based detection: Malware authors easily alter the signature of their code to avoid detection. Because security tools examine the internal components of an object to generate a signature, modifying even a single bit in any of the malware’s components changes the object’s signature. Some of the malware tools on the dark web enable payload-changing capabilities with a simple check box to foil signature-based systems.
Lastline detect the advanced malware that other technologies miss. Our Deep Content Inspection™ environment catalogs every malicious action engineered into the code, providing you with complete visibility and eliminating the need to conduct additional analysis of the malware.