Lastline Malscape Monitor report says most threat intelligence information is nearly useless

In addition to the report, Lastline also announced a new Lastline Behavioral Intelligence Program, which provides actionable information about cybersecurity that any security teams can use, to benchmark their own capabilities.

Ninety per cent of files that cybersecurity vendor Lastline determined to be malicious were given generic labels by AV tools, making them unhelpful for successful remediation by security teams, and leaving organizations vulnerable to subsequent attacks. That was the most notable finding in Redwood City CA-based Lastline’s Q4 2017 Malscape Monitor Report, their first such report, and what they intend to be the first of a regular series.

The report concludes that current threat Intelligence models are seriously deficient in two ways. They bury already overloaded security teams with poor quality detection alerts, such as the trojan.generic labelling that was on ninety per cent of the tens of millions of samples that Lastline analyzed that had been scanned and released by other security solutions. That, in turn, prolongs the time it takes to investigate and correctly remediate a threat.

“This kind of information is unactionable,” said John Love, Lastline’s Director of Corporate Communications. “You can’t do anything with it. These malware samples are all ones that have been through other security tools, that we only see once, as we are literally the last line of defense. They are a waste of time for security analysts.”

“One reason we decided to release this report was to build our brand – the Intel Inside strategy,” said Steve Sharbach, Lastline’s VP of Global Channel Sales. “It demonstrates our own expertise in malware, and the value that we add to a solution.”

Lastline was founded in 2011 by three academic security researchers, two of them at UC Santa Barbara and one at Northeastern.

“The company’s roots are in academic research on the behaviour that malware was engineered to execute,” Love said. “To that, we added a second piece, network sensors, which provide the ability to monitor activity going on in the network. Our Lastline Breach Defender network security solution, which we showcased at RSA, looks for anomalies and correlates with known malware behaviors, and can provide security analysts with the complete information that they need to remediate attacks.” It’s a behavioural Intelligence-led approach to security.

Steve Sharbach, Lastline’s VP of Global Channel Sales

“Our technology provides a very high level of detail, to understand what other systems don’t get,” Sharbach stated. “Malware’s ability to evade sandbox detection is increasing. We saw one piece of malware that had 16 different evasive capabilities. That’s good enough to evade most systems, but it didn’t work against us.”

“When we started,  we licensed our malware analysis capabilities to OEMs, which also gives us more data to feed into our own threat intelligence system,” Love said. “We sell our own branded solution  directly, and also though partners.”

Their market is organizations that are large enough to have a security group.

“We find that this translates into about 1000 employees being the floor,” Love said. “Smaller companies are better served through MSSPs.” Their customer base is divided between Europe and North America in about equal measure, with a solid foundation of customers in Japan as well.”

The majority of revenue comes in through partners, particularly in Europe, where channel is the norm. North America has more direct sales, but Lastline has also been building out a channel there.

“We have always had a channel focus,” Sharbach said. “However, within the last 18 months, there has been more focus on engaging the channel and not just using it for fulfillment. We have put together a partner portal and a training program, and added tools for handling Proof of Concepts to get our technology in front of customers.”

Lastline’s approach is very much a value channel over a volume one.

“Our partners have a deep knowledge of security and sell complementary products like SIEMs and firewalls,” Sharbach said. They don’t use Large Account Resellers like CDW. While they use distribution in Europe, they don’t in North America, because they want a direct touch with partners there. Their presence in Canada is relatively light, with The Herjavec Group being their go-to partner in this market.

In addition to the report, Lastline also announced the Lastline Behavioral Intelligence Program,  designed to leverage Lastline’s behaviour-based approach and provide unique actionable information about cybersecurity to security teams.

“This isn’t a standalone offering, and no one needs to buy this,” Sharbach said. “It makes our threat intelligence information for security people so they can benchmark their capabilities. They can use our information to assess how you are reacting to threats.”

While the Program is not itself something that partners can sell, Sharbach said that they are likely to be able to make good use of it with their customers.

“I really see this as a tool they can use to serve their customers better,” he said. “It provides actionable information that they can review with their customers, and it shows what needs to be improved.”