TL; DR: Lastline’s cutting-edge network security products detect and defeat advanced network threats while eliminating false positives. The company’s innovative technology, built on a strong academic foundation, minimizes the risk of data breaches while using fewer resources at a lower cost. Now, with Lastline Defender, the research-based team is providing a combined approach to advanced network threat protection that leverages both AI and analytics.
It seems laughable that “The Boy Who Cried Wolf” could have anything to do with today’s online security scene, but if you look past the tale’s youthful attributes, Aesop’s narrative lends itself to profound lessons in terms of false positives.
“We’ve seen breaches in the past where security solutions detected attacks, but operators ignored the alerts because they’d seen similar false alarms in the past,” said Engin Kirda, Co-founder and Chief Architect at Lastline. “False positives are a huge problem because, after a while, security professionals won’t take them seriously anymore.”
As an innovative provider of AI-powered network security products, Lastline avoids this by delivering the full visibility and context that security professionals need to detect and respond to network breaches quickly. “AI and machine learning are not perfect on their own,” Engin said. “But when you start combining those technologies with behavioral analysis, you’ll have more evidence and context to reduce false positives.”
Headquartered in Redwood City, California, with offices spanning North America, Europe, and Asia, Lastline’s goal is to detect and defeat security threats through cutting-edge resources. The research-based company protects infrastructure by minimizing the risk of costly data breaches — and does so at affordable price points. Lastline’s award-winning security tool, Lastline Defender, employs a combined approach to advanced network threat protection that leverages both AI and analytics.
Detect and Defeat Threats with Cutting-Edge Resources and Low Costs
Lastline was founded in 2011 by a group of professors interested in online security. “We still have our university affiliations: I’m a professor of computer science at Northeastern University in Boston,” Engin said. “And Co-Founders Giovanni Vigna and Christopher Kruegel are professors at the University of California, Santa Barbara.”
The trio started the company after creating a suite of online malware analytics tools based on extensive security research. “The tools became pretty well-known, and people kept asking us if we could put them on the market,” Engin said. “Of course, we couldn’t because they were academic projects, so we decided to create a company that would help us improve the tools for the public.”
At the time, sandboxing, a dynamic method of separating running programs, was cutting-edge — and the Lastline team was among the first to master the technology. Since then, Engin said the company has also increased its focus on machine learning. “Machine learning is something we have always used, but we have started doing more of it because there is such an interest now,” he said. “That has not been a challenge for us.”
Ultimately, Lastline is interested in setting, not following, trends. “On the academic side, if you want to publish a paper and go to scientific conferences, you need to be able to explore new topics, identify problems, and come up with new solutions,” Engin said.
To that end, Lastline Co-Founder Giovanni Vigna recently took part in the Cyber Grand Challenge, a competition the Defence Advanced Research Projects Agency (DARPA) launched to create automatic defense systems capable of reasoning. “It’s very intuitive technology that’s not being deployed yet,” Engin said. “We are already working on things that are likely going to be trends in the future.”
Eliminate False Positives with the Help of Machine Learning
Engin said that the technology frequently referred to as AI is actually machine learning — and that it’s often overhyped. “Technically and scientifically speaking, this idea around AI that you have some algorithms that magically solve everything is not true,” he said. “In reality, we are making clever use of automation and machine learning.”
Machine learning is a useful tool for processing massive quantities of data to model normal network behavior. These models make it easy to spot abnormal behaviors. But while machine learning is a vital component in detecting sophisticated malware, Engin said it must occur in sync with threat intelligence on known malicious entities and capabilities. These include compromised hosts, known malicious IP addresses or locations, unusual encryption capabilities, known command and control systems, and unauthorized services, among other processes.
“We’re skilled at analyzing malware-extracting behaviors, but we’ve also developed a bunch of technologies that examine what’s happening inside the network,” Engin said. “We then use machine-learning algorithms to identify patterns of suspicious behavior, and combine all three techniques.”
This approach begins with the company’s Global Threat Intelligence Network, which is used to scan networks for known threats. The company then applies unsupervised machine learning technologies to network traffic to detect anomalies. Finally, Lastline uses supervised machine learning — which maps input and output variables based on example input-output pairs — to create classifiers that recognize malicious behavior and previously undetected malware.
The combination, which Lastline refers to as AI Done Right™, both detects malicious behaviors and eliminates false positives.
A Company Culture Built on Strong Academic Roots
Lastline takes pride in its academic roots. Experts at Lastline Labs, the company’s research and development arm, thoroughly monitor the threat environment while collaborating on the latest online security solutions. The lab continually produces blogs and research papers dedicated to the evolution and mitigation of elaborate malware threats.
“Our company philosophy is that security technology is not black magic — we want to help users understand what we’re doing,” Engin said. “If you ask us how our analysis engine works, we point you to papers that describe exactly how we attack problems, rather than saying, ‘Don’t worry about it. We’ll solve everything for you.’ We tell you how we do things because that’s the only way security can move forward.”
In February, Lastline was named a winner in the Info Security Products Guide’s 15th annual Global Excellence Awards, which recognize security and information technology providers who create innovative products, solutions, and services.
“This recognition from ISPG reflects our innovation and the effectiveness of our products, and we are honored to receive this industry award,” said Bert Rankin, Chief Marketing Officer at Lastline, in a recent press release.
Indeed, the prestigious award is a product of the company’s overarching mission: to create an intersection between the scientific and industrial worlds that serves as a source of groundbreaking, yet affordable, tools.
“We aim to provide a solution that is less expensive than our competitors while offering powerful automation, a low number of false positives, and happy customers,” Engin said.
Lastline Defender: Analyzing Network Traffic and Behavior
In April 2018, Lastline also received recognition for its Lastline Defender product, which provides a dynamic outline of breaches as they progress across networks. The honor, Cyber Defense Magazine’s InfoSec Award for Enterprise Security products, placed Lastline Defender in the “Cutting Edge” category.
By displaying information on compromised systems, communication across local and external systems, and data sets accessed, the groundbreaking network security tool allows users to discern the extent of threats as soon as possible.
Engin said the product is a company favorite. “We think it’s a clever use of AI combined with what we’ve always done, which is strong analysis,” he said. “It gives AI this extra advantage through more context — using algorithms wisely to reduce false positives.”