Automated malware detection provides effective early warning of threats

Technology developed by academics quickly finds, evaluates intrusions before major damage occurs

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Cyber­se­cu­ri­ty star­tups typ­i­cal­ly get launched when entre­pre­neur­ial folks at estab­lished ven­dors get impa­tient. Some­one will get an idea for a bet­ter mouse­trap, then go out and find ven­ture cap­i­tal back­ing to launch a sep­a­rate company.

But one secu­ri­ty start­up gain­ing trac­tion, Last­line, comes from a dif­fer­ent pedi­gree: academia.

Bank­ing on years of aca­d­e­m­ic research, a trio of col­lege pro­fes­sors joined forces in 2011 to cre­ate Last­line, a rapid­ly grow­ing Cal­i­for­nia-based mal­ware detec­tion company.

Relat­ed video: Iso­lat­ing mal­ware in web browsers

Chris Kruegel, Lastline co-founder
Chris Kruegel, Last­line co-founder

Two of the company’s founders, Chris Kruegel and Gio­van­ni Vigna, are com­put­er sci­ence pro­fes­sors at the Uni­ver­si­ty of Cal­i­for­nia at San­ta Bar­bara, and a third founder, Engin Kir­da, is a pro­fes­sor at North­east­ern Uni­ver­si­ty in Boston.

As three aca­d­e­mics involved with the found­ing of the com­pa­ny, we were dri­ven by an intense curios­i­ty and dri­ve to mean­ing­ful­ly push back against the mal­ware plague,” Kruegel says. “We only half joked in the office that only aca­d­e­mics aim for per­fec­tion for perfection’s sake. But this is an advantage.

Aca­d­e­mics bring spe­cial skills

As aca­d­e­mics, the company’s founders have had some­what of an eas­i­er time approach­ing cyber­se­cu­ri­ty tal­ent in an indus­try sec­tor that is ultra-com­pet­i­tive. Kruegel also makes the point that “we have inno­va­tion in our DNA and are also very data-dri­ven. That is, we are will­ing to let data and exper­i­ments guide us to find solu­tions that work.”

Ed note_LastlineLast­line has come up with a new twist on “sand­box­ing” tech­nol­o­gy that iso­lates sus­pi­cious cod­ing in a sep­a­rate envi­ron­ment to deter­mine whether it is mal­ware. It does not sell direct­ly to com­pa­nies. It deliv­ers its prod­uct through secu­ri­ty sys­tem ven­dors like Bar­racu­da, Dell Son­icWALL, Dell Secure­Works and oth­er part­ners. This includes oth­er Man­aged Secu­ri­ty Ser­vices Providers (MSSPs), Uni­fied Threat Man­age­ment (UTM) and Secure Email Gate­way (SEG) vendors.

Last­line lauded

In April, the For­rester Wave report for this year’s sec­ond quar­ter point­ed out Lastline’s deploy­ment ease and ver­sa­til­i­ty and said the com­pa­ny pro­vid­ed the strongest auto­mat­ed mal­ware analy­sis solution.

The report eval­u­at­ed Last­line and 10 oth­er major mal­ware analy­sis providers: Blue Coat, Check Point, Cis­co, Cyphort, Fidelis Cyber­se­cu­ri­ty, Fire­Eye, Fortinet, Intel Secu­ri­ty, Palo Alto Net­works and Trend Micro. The eval­u­a­tion was based on 36 cri­te­ria includ­ing detec­tion, analy­sis tech­niques, archi­tec­ture, threat intel­li­gence, inte­gra­tions, report­ing and cus­tomer sat­is­fac­tion references.

Bri­an Laing, Lastline’s vice pres­i­dent of prod­ucts and busi­ness devel­op­ment, says the com­pa­ny was pleased that its prod­uct was eval­u­at­ed as a stand­alone prod­uct, while many oth­er solu­tions reviewed were eval­u­at­ed as a suite of mul­ti­ple products.

Kruegel and ByronWe and our inte­gra­tion and ser­vice part­ners, such as Car­bon Black and Dell Secure­Works, are ded­i­cat­ed to redefin­ing and sub­stan­tial­ly improv­ing the defens­es of today’s enter­pris­es against tar­get­ed, eva­sive and zero-day attacks,” Laing says.

Per­fect record

In August, the secu­ri­ty prod­uct test­ing lab­o­ra­to­ry NSS Labs deter­mined that Last­line was the only prod­uct they have test­ed that achieved 100 per­cent detec­tion of HTML, email and SMB mal­ware with zero false positives.

Last­line report­ed sales growth increased more than 200 per­cent in the past year, and users pro­tect­ed by Last­line increased by more than 5 million.

There are many rea­sons that we are get­ting con­sis­tent, indus­try lead­ing results out of our plat­form,” Kruegel tells Third­Cer­tain­ty. “One key advan­tage is that we have built a plat­form that can look deep­er into mali­cious code. This extra vis­i­bil­i­ty pro­vides us with a van­tage point that our com­peti­tors sim­ply don’t have.”

ThirdCertainty’s Gary Stoller con­tributed to this story.

More sto­ries on mal­ware detection:
Anato­my of an attack: Flush­ing out detec­tion-evad­ing malware
Cyber crim­i­nals hide mal­ware in encrypt­ed traf­fic to do their dirty deeds
Secu­ri­ty com­pa­ny iso­lates, neu­tral­izes brows­er-borne malware