next generation advanced malware detection and defense
DESCRIPTION
Stop evasive malware, advanced persistent threats and zero-day exploits along web, mail, file, and mobile vectors.TRANSCRIPT
Company Confidential
Next Generation Advanced Malware Detection and Defense
Luca SimonelliVP & GM EMEA
Company Confidential
Targeted Attacksand Cyberwarfare
!!!
Cyberattack (R)Evolution
Time
$$ Damage
Millions
Hundreds of Thousands
Thousands
Hundreds
Billions
Cybercrime
$$$Cybervandalism
#@!
Company Confidential
Targeted attacks are mainstream news. Every week, new breaches are reported. Here are just a few examples.
Current Defenses Have Failed
3
January 10, 2014
Company Confidential
Malware is a Problem of Scale …
Company Confidential
Why Should You Care?
• If you have assets of value it is not a question of whether you are being targeted, but where those blind spots exist in your environment
• A compromise results in a backdoor into your network, providing cybercriminals with interactive access
• With Lastline’s solutions you can obtain visibility and identify active advanced malware targeting not only your systems, but your key intellectual property and business assets
Company Confidential
Evasive and Advanced Threats
Simple Threats
Opp
ortu
nist
ic
Att
acks
APT Solutions
AntivirusSolutions
Current solutions fail to protect organizations from sophisticated, targeted attacks.
Current solutions fail to protect organizations from sophisticated, targeted attacks.
Security Gap
Tar
gete
d A
ttac
ks
Packing
Sophisticated Threats
Plain Virus
Poly-morphic
C&C
Fluxing
PersistentThreats
EvasiveThreats
Company Confidential
Lastline, Inc.
Company Overview
Founded in 2011, by top security professors and advanced malware researchers to deliver the most proven and advanced protection against evasive malware, zero day and advanced persistent threats.
Founders published 100+ papers, recognized among top 30 Security Researchers in the world
Developers of Anubis / Wepawet, #1 portal for advanced malware analysis and research, used by Fortune 500, government agencies and security vendors
Experienced management team from Fortinet, ISS and Trend Micro
Most advanced solution to detect, analyze, and mitigate APTs, targeted attacks, and 0-day threats
Most advanced solution to detect, analyze, and mitigate APTs, targeted attacks, and 0-day threats
Read More
Company Buzz
“Top 10 coolest security startup of 2013”
“Lastline Named a finalist for five Info Security Products Guide Global Excellence Awards”
Company Confidential
Lastline, Inc.
Research Backroung
Based on 10+ years research on APT Founders published 100+ papers, recognized among
top 30 Security Researchers in the world Most popular free tools for advanced malware
analysis, accessible through web portals Used by tens of thousands of users (including Fortune
500 companies, government and financial institutions, and security vendors)
Anubis: Advanced malware analysishttp://anubis.cs.ucsb.edu
Wepawet: Drive-by exploit detector http://wepawet.cs.ucsb.edu
Anubis & Wepawet Anubis & Wepawet
“Top 10 coolest security startup of 2013”
http://tinyurl.com/ms-top-authors
Company Confidential
Anubis & Wepawet Users
Company Confidential
Lastline Products
• Ideal for net and sec ops• Deploy on network passively• Multi-Protocol support (email, web, etc.)• Available on-premise or Hosted by Lastline• Software runs on hardware and VMWare• Complements NIPS and NGFW products• On-premise 30-day trial available
• Ideal for forensic, audit, ICR ops• Cloud service hosted by Lastline• Analyzes objects for advanced malware• Inspects URLs for advanced malware• No hardware required by customer• Available as on-premise solution• Free Lastline Analyst accounts
10
Lastline Enterprise™Detect Advanced Malware in Your Network
Lastline Analyst™Upload Files for Analysis
Highly Scalable
Company Confidential
Lastline SolutionLastline Enterprise™ Lastline Analyst™
Lastline Components
Description On-Premise Hosted* On-Premise Hosted*
monitors network
✓4.7 on VMWare
n/a n/a n/a
detonates objects
✓Private Cloud
✓ ✓Private Cloud
✓
correlates & offers APIs
✓Private Cloud
✓ ✓Private Cloud
✓
crawls the internet to find APTs
Internet-scale, active discovery of APT threats. Models generated through machine-learning and large-scale
clustering algorithms. Intelligence is pushed to components.
Engine
Manager
Sensor
* Hosted by Lastline
Threat Intelligence
11
Highly Scalable
Company Confidential
Lastline Platform Capabilities
Lastline Analyst™Object Analysis
– Dynamic analysis in next generation sandbox
• Executes binaries, accesses web pages, opens documents
• Monitors and classifies observed behaviors
– CPU emulation• Provides visibility into every
instruction that malware executes, not just the operating system calls
• Provides vastly increased ability to detect malicious and evasive behavior
ManagerEngine
Lastline Enterprise™Network and Object Analysis
– Detection and blocking • Command & Control traffic• Infection vectors, such as
drive-by-download attacks• Inbound malicious emails
– Automated collection of potentially-malicious files for analysis
– Analysis of pDNS and netflow datato identify anomalies
– Scalable, distributed architecture
Sensor ManagerEngine
Passive DNS
CorrelationNetflow
NetworkFingerprints
Global Threat Intelligence
Network Analysis
Object Analysis
Android APK
Web URLs Non-executable files
Executable files
Anomaly-BasedCommand & Control Detection
Company Confidential
Lastline Enterprise – In action
Scans traffic for signs and anomalies that reveal C&C connections and infections
Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base
Feedback forglobal threatintelligence
Drive-by attack
Spear-phishing
Command and control
Sensor
Correlates alerts and produces
actionable intelligence
Manager
Analyzes unknown objects (programs and docs) with high-resolution analysis
Engine
Company Confidential
Lastline Enterprise On-Premise
Scans traffic for signs and anomalies that reveal C&C connections and infections
Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base
Drive-by attack
Spear-phishing
Command and control
Sensor
Correlates alerts and produces
actionable intelligence
Manager
Analyzes unknown objects (programs and docs) with high-resolution analysis
Engine
Company Confidential
Lastline Enterprise Hosted
Scans traffic for signs and anomalies that reveal C&C connections and infections
Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base
Drive-by attack
Spear-phishing
Command and control
Sensor
Correlates alerts and produces
actionable intelligence
Manager
Analyzes unknown objects (programs and docs) with high-res analysis
Engine
Lastline’s Datacenter
Company Confidential
Lastline Analyst
Lastline proactively crawls the Internet for threats and updates knowledge base
Upload Objects and URLs for Analysis
Produces actionable intelligence
Manager
Analyzes unknown objects (programs and docs) with high-resolution analysis
Engine
User accesses object information via HTTPS
Company Confidential
High-Resolution Security AnalysisVisibility without CPU emulation
(traditional sandboxing technology)
Important behaviors and evasion happens here
Visibility with CPU emulation(Lastline technology)
Company Confidential
Flexible & Cost Effective Deployment
• Annual subscription, per-user pricing• Non-proprietary, low-cost hardware• Cost-effective, full network coverage• Your choice of on-premise or hosted deployment• Future-proofing via a platform approach which
provides API access for integration• Scale engines in private cloud on-premise• Deploy anywhere in the network
18
Company Confidential
Actionable Intelligence• Lastline Enterprise identifies with
confidence the backdoors in your network
• Detailed analysis supports the remediation process defined within the Enterprise
• Correlated APT information rolls up to network incidents and provides drill down to individual malware events
• APT threat severity level is available to identify high priority infections
19
Company Confidential
Infection TrendInfection Trend
Malware Distribution
Malware Distribution
TrafficTraffic
Analyzed FilesAnalyzed Files
Actionable Intelligence
Company Confidential
MailMail
EventsEvents
Actionable Intelligence
Company Confidential
Posed to stand out from the crowd
“Most Innovative Security Product (Software) of the Year”Bronze Winner
“Innovation in Next Generation Security”Bronze Winner
“Best Overall Security Company of the Year”Bronze Winner
“Most Innovative Security Service of the Year”Silver Winner
“Best New Security Start-Up Company of the Year (Software)”Gold Winner
Company Confidential
Lastline Better By Design• Complete Protection
– Analysis of inbound software artifacts– Analysis of outbound traffic using network
models– Anomaly detection of suspicious behavior– Actionable Threat Intelligence
• Most Advanced Malware Analysis– High-resolution analysis engine (CPU emulation)– Supports multiple operating systems and file
formats– Producers detectors (fingerprints) that also
handle encrypted traffic• Flexible & Scalable Deployments
– Three-Tiered Architecture on premise or hosted– Efficient sensors on premise (for enforcement
and collection)– Hosted Solution offers analysis in the cloud– Pricing that is practical for your budget
DNS
Correlation
Netflow
NetworkFingerprints
Global Threat IntelligenceReputation, …
Non-PE, PE,Web URLs, Android APK
Automated Data Collection
Lastline CoreHigh-Resolution Analysis
Lastline Enterprise
Sensor Manager Engine Manager Engine
Lastline Analyst
Company Confidential
Lastline Demo
24
Company Confidential 25
Company Confidential 26
Company Confidential 27
Company Confidential 28
Company Confidential 29