Lastline Protection Against APTs and Zero-Day Exploits

Overview

Diagram

Why Lastline?

Traditional anti-malware/anti-virus solutions do not offer comprehensive protection.

Today, malware has reached a level of sophistication that not only circumvents traditional defenses (firewalls, AV software, IDS/IPS), but also hides and does the dirty work in silence.

Active event evaluation and malware research is needed to determine if something novel on your network is also a threat. However, not every company can afford a security team -- even if there were enough security experts to fill all of those teams.

Top of Page

How Do You Defend Against These Attack Vectors?

Lastline’s new layer of malware defense anticipates these challenges IT managers face:

警告を無視し、セキュリティを向こうにする一部ユーザーによる混乱/シグネチャベースでは、最新の脅威への対策が遅れる/感染したモバイル端末はネットワーク防御だけでは防げない

Given that reality, the next step -- the required additional layer of defense -- is to make sure malware cannot phone home.

So what to do? Need for new defense

Our research and development of broad-based malware identification and analysis tools which are used by over 10,000 security experts annually, has shown us that it is worthwhile to map out the malicious infrastructure -- the Malscape as we call it -- to identify the sites that download malware and the servers that control the botnet infrastructure and harvest personal information.

Lastline has developed a mapping of the Malscape -- far more comprehensive than others have and far more nimble and able to keep up to date -- especially for companies that do not have a security team in place.

Top of Page

Previct™ Anti-Malware Gateway

When malware gets in…It won't call out.

Previct is a network-based appliance that acts as a malware "reverse firewall." Previct monitors outgoing network traffic, and identifies suspicious activity (e.g., such as requests to download malware, access to drive-by exploit sites, communication with command & control servers, and uploading stolen information to drop zones).

Previct Features:
  • Alerts and Prevents communication between your computers and the malware infrastructure (the Malscape)
  • Identifies infected hosts within your network
  • Provides actionable intelligence about detected threats

Malware gets in...But it won't call out.

How Previct Works

Deployed behind your network firewall, Previct can be configured as a passive monitor to identify malicious activity that has bypassed traditional defenses or as an inline component to actively disrupt communication between malware and its command and control infrastructure. Previct is your last line of defense against targeted attacks, advanced persistent threats (APTs), web-based drive-by download attacks, and other malicious activity.

(1)モニタ→(2)脅威検知→(3)悪意あるサイト→(4)C&Cサイト→(5)ブロック→(6)報告→(7)脅威レポート

To protect an enterprise network, a simple sensor

  1. monitors the network traffic at the egress to the Internet. This sensor reviews the connections attempted by the enterprise’s internal hosts and compares them
  2. to Lastline’s proprietary threat repository of known command and control and exploit sites. When the sensor detects a connection attempt to an exploit site
  3. or a location known to be a command and control site (4), the connection is blocked
  4. by issuing a command to the host to close the connection (optional). An alert is issued
  5. to your team and also logged for review through a web interface.

Automated Reporting

Alerts are sent to support staff when malicious activity surpassing a selected threshold occurs. Also, management reports are automatically generated on a daily, weekly, or monthly frequency.

Top of Page

Contact Us
  • Contact Us
Lastline Protection Against APTs and Zero-Day Exploits
Tel:+81-3-3237-3291

Top of Page