VMware today announced its intent to acquire Lastline. It is an important step forward for VMware’s vision of Intrinsic Security, as it will allow VMware to further take advantage of the intrinsic attributes of its virtualization platform to yield innovative security capabilities. VMware aims not to just replicate that which exists today, but rather to build security solutions that can uniquely deliver, spanning from the heart of the data center to users in a branch office and all the way to mobile users at home or on the road.
Lastline’s core product is a malware sandbox. Lastline goes deeper, using full-system emulation to look at every instruction the malware executes, effectively peering into the black box. As a result, Lastline’s system detects twice the number of malicious files as a signature-based system. Lastline detonates more than 5 million file samples daily, and the Lastline technology protects more than 20 million users across 1000’s of organizations around the world, including 5 of the 10 largest financial institutions.
This same philosophy of analyzing core malicious intent is applied across the entire network. The Lastline system uses machine learning that recognizes essential elements of an attack, unlike the narrow signature-based systems that an attacker may use. The Lastline approach is not just anomaly detection – anomaly detection treats every outlier as bad and results in many false positives. Lastline leverages the deep understanding of malicious behaviour to flag clearly bad activities such as East-West movement, command and control activity, and data exfiltration.
This is where VMware and Lastline combination can make a huge difference. VMware NSX has deep visibility into network traffic, touching every packet. The NSX architecture will allow Lastline to perform network analytics at massive scale, without the burden of tapping network traffic. Furthermore, NSX has an intrinsic understanding of application topology and it knows the difference between a web server and a database and understands what an application is doing. Lastline malware analysis will become a critical feed for VMware’s Carbon Black EDR and NGAV platform. And the combination of NSX plus Carbon Black will also allow the Lastline algorithms to analyze a particular interaction with greater workload context.
This broad context will enable very high-fidelity security decisions, and be operationally simple to deploy, enabling to bring Intrinsic Security to the enterprise at scale. There are few security companies that have the footprint of endpoint AND network sensors to deliver this broad security context. Together, Lastline, NSX and Carbon Black will be able to deliver on VMware’s vision of Intrinsic Security.
