Automated malware detection provides effective early warning of threats
Technology developed by academics quickly finds, evaluates intrusions before major damage occurs
By Byron Acohido, ThirdCertainty
Cybersecurity startups typically get launched when entrepreneurial folks at established vendors get impatient. Someone will get an idea for a better mousetrap, then go out and find venture capital backing to launch a separate company.
But one security startup gaining traction, Lastline, comes from a different pedigree: academia.
Banking on years of academic research, a trio of college professors joined forces in 2011 to create Lastline, a rapidly growing California-based malware detection company.
Related video: Isolating malware in web browsers
Two of the company’s founders, Chris Kruegel and Giovanni Vigna, are computer science professors at the University of California at Santa Barbara, and a third founder, Engin Kirda, is a professor at Northeastern University in Boston.
“As three academics involved with the founding of the company, we were driven by an intense curiosity and drive to meaningfully push back against the malware plague,” Kruegel says. “We only half joked in the office that only academics aim for perfection for perfection’s sake. But this is an advantage.
Academics bring special skills
As academics, the company’s founders have had somewhat of an easier time approaching cybersecurity talent in an industry sector that is ultra-competitive. Kruegel also makes the point that “we have innovation in our DNA and are also very data-driven. That is, we are willing to let data and experiments guide us to find solutions that work.”
Lastline has come up with a new twist on “sandboxing” technology that isolates suspicious coding in a separate environment to determine whether it is malware. It does not sell directly to companies. It delivers its product through security system vendors like Barracuda, Dell SonicWALL, Dell SecureWorks and other partners. This includes other Managed Security Services Providers (MSSPs), Unified Threat Management (UTM) and Secure Email Gateway (SEG) vendors.
In April, the Forrester Wave report for this year’s second quarter pointed out Lastline’s deployment ease and versatility and said the company provided the strongest automated malware analysis solution.
The report evaluated Lastline and 10 other major malware analysis providers: Blue Coat, Check Point, Cisco, Cyphort, Fidelis Cybersecurity, FireEye, Fortinet, Intel Security, Palo Alto Networks and Trend Micro. The evaluation was based on 36 criteria including detection, analysis techniques, architecture, threat intelligence, integrations, reporting and customer satisfaction references.
Brian Laing, Lastline’s vice president of products and business development, says the company was pleased that its product was evaluated as a standalone product, while many other solutions reviewed were evaluated as a suite of multiple products.
“We and our integration and service partners, such as Carbon Black and Dell SecureWorks, are dedicated to redefining and substantially improving the defenses of today’s enterprises against targeted, evasive and zero-day attacks,” Laing says.
In August, the security product testing laboratory NSS Labs determined that Lastline was the only product they have tested that achieved 100 percent detection of HTML, email and SMB malware with zero false positives.
Lastline reported sales growth increased more than 200 percent in the past year, and users protected by Lastline increased by more than 5 million.
“There are many reasons that we are getting consistent, industry leading results out of our platform,” Kruegel tells ThirdCertainty. “One key advantage is that we have built a platform that can look deeper into malicious code. This extra visibility provides us with a vantage point that our competitors simply don’t have.”
ThirdCertainty’s Gary Stoller contributed to this story.
More stories on malware detection:
Anatomy of an attack: Flushing out detection-evading malware
Cyber criminals hide malware in encrypted traffic to do their dirty deeds
Security company isolates, neutralizes browser-borne malware