Security against the unknown now comes as a service

Lastine, a three year old security specialist with a longer history in identifying the dangerous unknown binary files and malicious websites, comes to the UK

  • 11 years ago Posted in

Getting security as an automated cloud service has a good deal going for it as an idea, as it should be able to provide the same level of service to the smallest of small businesses and, if it can scale properly, the largest of enterprises.

That is certainly the goal of three year-old US security specialists, LastLine, which has just recently opened a UK office in London. And the company has a history which points to a good deal of expertise in this area. Its founders, Engin Kirda, Christopher Kruegel and Giovanni Vigna, were core members of a diverse group of academics which came up with Anubis, the well-known tool for analysing unknown binary files, and Wepawet, the equally well-known web-page analyser.

These open source tools are available on the web and can be used for free by anybody. The founders, however, realised that there was a commercial model that could be built to monetise their use by businesses. That model was based around the notion of automating the use of the tools so that business users no longer had to think about the process. Instead of remembering to manually upload an unknown file or web page for analysis, the system does this automatically.

The key here are an additional couple of tools added to create the service capability. One installs a sensor on the customer’s network which detects all binary files and sends them to service for analysis. The second, and perhaps more important component, is a tracking sensor which monitors the network for unusual network behaviour and traffic patterns.

This is something of a `secret sauce’ for the service, as it is the unusual traffic and behaviour is the first indication that a malicious attack has taken place. Once spotted the actions are immediately trapped so they can cause actual damage. The cause can then be identified and removed. In cloud-delivered service in particular, this is an important method of stopping and containing any actual damage that might be done by such a malicious attack.

The analysis process can take time. According to Lastline’s Vice President for Sales in the EMEA region, Luca Simonelli, a large unknown binary file can take as long as two or three days to analyse fully, so trapping unusual traffic or behaviour is a vital capability. But once analysed and found to be malicious, the information about it is stored in a central repository within the service itself.

This means that the next time that type of binary appears at any user of the service it can be immediately identified and blocked or removed. This is one of the core advantages of a cloud-based service, in that all users are automatically protected from any new and unknown malicious attack that any one customer of the service suffers.

In addition to working with the files and web pages submitted by customers, Lastline also uses a Web Crawler which is active 24/7 searching through social media services and forums for what Simonelli called the `hot keywords’ often used by hackers.

“Its role is to then be a target for the hackers’ systems and make itself as attractive as possible. It pretends to look totally undefended,” he said.

Using this the company can collect binaries and links to suspicious websites so that the contents can be analysed and the malicious added to the service repository.

Unlike some other analysis tools available, Simonelli said that the Lastline service is unusual because it can work in both online and offline modes. In online mode, every possible source of attack is identified and analysed as it happens, which can lead to resources being committed to managing several thousand attacks a day. Working offline, however, this is reduced to around 30.

The growing advent of Bring Your Own Device working methods in businesses can also be defended using the Lastline service, as can infrastructures that utilise server-based virtual desktop operations.

Because the service is cloud-based, and its three main components of Manager, Sensor and Analysis Engine are separate entities that can be run separately, the Lastline service is said to be both fast and very scalable, capable of covering from the self-employed professional through to major organisations.

“Some of our competitors have these three elements integrated into a single, expensive box, and that can only scale by adding more expensive boxes,” he said.

It is already providing the service to a major Telco for two roles – defending its own corporate network, and as tool to be resold as a service for its SMB customers. It can be expected to appear in similar business models as part of the added value services provided by Cloud Service Providers. According to Simonelli the company is also talking to some of the major global systems integrators, which are increasingly providing cloud-delivered services for their client.

“Some of these, as well as other large enterprise customers, can still be concerned about moving data across boundaries, and where that happens we can, and do, simply set up a private cloud for them wherever they want it to be,” he said.   

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...