VMware announced its intent to acquire Lastline. With Lastline, VMware will further advance its threat research capabilities and accelerate the customer journey towards Intrinsic Security. Upon close, Lastline will augment VMware’s world-class threat research delivered today by the VMware Carbon Black Threat Analysis Unit with a renowned group of network-centric cybersecurity researchers and advanced AI/ML threat detection capabilities that deliver some of the highest levels of efficacy in the security industry.
Lastline’s core product is a malware sandbox. Most sandboxes treat malware as a black box and inspect how that black box interacts with the operating system (syscall inspection). Lastline goes deeper, using full-system emulation to look at every instruction the malware executes, effectively peering into the black box. This yields a deeper understanding of how the malware works, which allows the Lastline team to also detect and block the many derivates of malware families. As a result, Lastline’s system detects twice the number of malicious files as a signature-based system.
This same philosophy of analyzing core malicious intent is applied across the entire network. The Lastline system uses machine learning that recognizes essential elements of an attack, unlike the narrow signature-based systems that miss the many variants an attacker may use. The Lastline approach is not just anomaly detection – anomaly detection treats every outlier as bad and results in many false positives. Lastline leverages the deep understanding of malicious behavior to flag clearly bad activities such as East-West movement, command and control activity, and data exfiltration.
VMware NSX has deep visibility into network traffic, touching every packet. The NSX architecture will allow Lastline to perform network analytics at massive scale, without the burden of tapping network traffic.