Targeted Attack Prevention Service Lastline
Lastline is a sandbox-based (*1) targeted attack prevention service that detects unknown malware targeting customers' assets from web and email traffic with a high degree of accuracy. Unlike traditional sandbox-based malware analysis, our unique code emulation technology analyzes malware code itself in detail. This allows for detection of attacks that other products could not detect, and analysis of malware with sandbox evasion techniques.
- (*1): Technically, analysis is performed by full-system emulation, which enables accurate analysis even for malware using techniques such as virtual machine evasion, which is usually used as an anti-sandboxing technique. Full system emulation is a technology that virtually reproduces the entire system, including CPU and memory, using a software.
- Covers both entrance and exit countermeasures
- Countermeasures against targeted attacks are possible in both ways, i.e. "entrance countermeasures" to detect malware intrusion through Web downloads and e-mail attachments, and "exit countermeasures" to block communication with C&C servers (*2) using C&C server information revealed from malware analysis results, through its highly accurate malware analysis function and detection function using fingerprints generated from communication pattern behavior.
- Cloud-based analysis
- Sensors installed in the customer's network send suspicious files to the Lastline Cloud for analysis.
A private cloud version is also available, in which the whole analysis system is built at the customer's site without sending the files for analysis to the Lastline Cloud.
- Enables integration with other companies' products using APIs
- Since the service allows the use of APIs (Application Programming Interface), customization by integrating with a variety of third-party products is possible.
- Detection Results
- A scoring function using unique weighting enables immediate detection of threats that need to be addressed from a large amount of analyzed information, and recording of all malware behavior on a virtual machine. It is also possible to record packet captures of the relevant files and memory dumps during analysis.
- (*2) C&C server (Command & Control server): A server that serves as the center of control by sending commands to a group of computers infected with malware and turned into bots
Deployment image (for cloud-based service)
Web communication analysis is performed by packet capture via a mirror port; therefore, the service can be deployed in the customer's network with minimal changes. For email communication analysis, apart form packet capture via a mirror port, a relay mail server can also be installed. The appliances can also be built in a virtual environment, allowing for flexible design.
Operation image (List of detection results)
- Score display allows you to check the risk level
- When a suspicious file is detected on a monitored customer network, the service determines if a pre-defined threshold is exceeded and sends an alert. Even those without knowledge can check the level of risk by simply looking at the Lastline scores, making the service easy to operate. It is also possible to prevent damage by alerting e-mail recipients before they open attachments.
Operation image (File analysis)
- Detailed malware analysis information can be viewed
- Detailed analysis information on detected malware (Score 99: almost certainly malware) can be viewed.
Advantages of Our Services
We, at NTT DATA INTELLILINK Corporation, provide security services that can be combined with already provided services and knowhow, enabling strengthening of countermeasures against targeted attacks that use increasingly diverse malware.
- Incident response and investigation, analysis and elimination of malware from infected terminals through integration with our incident response service, "Security Incident Emergency Service"
- In the event of a targeted attack, one cannot rest assured just by getting rid of malware detected by Lastline. Through integration with our "Security Incident Emergency Service", for which we have extensive IR experience, such as with government agencies, we can identify the impact on the system and the extent of damage, and respond promptly.
- Operations design support
- Based on our knowledge of Lastline, which is operational at our company, we support the operations design for Lastline in the customer's environment.
- Responding to questions about the content of alerts reported on the management console
- Our experienced staff will support your operations by answering questions about reported alerts.
Lastline Deployment Flow
|Collect information about the customer's network environment and operations policy.||Support the construction using a deployment method that conforms to the operation policy.||Respond to questions about product maintenance and alerts.|
- "Lastline" and "Lastline" logo are registered trademarks or trademarks of Lastline.Inc.