There are multiple threat vectors facing companies of all
sizes in the modern cybersecurity landscape. Readers of all reviews are
commonly facing problems within their email communications such as Phishing. But,
beyond this issue, companies are facing threats to their corporate networks and
their cloud data.
One vendor offering a compelling solution to these threats is Lastline. They offer Defender, a platform which uses AI based systems to counter intrusions at scale.We sat down with the Director of Threat Intelligence at Lastline, to talk about how the platform works and what the key issues are in these areas.
Can you introduce yourself, and your role at Lastline?
I’m Andy Norton, I look after threat intelligence at Lastline. We have somewhat of a contrarian view on threat intelligence.
consume multiples of 10 of threat intelligence feeds, pull it into one system
and then apply all of that to what they see internally. This is essentially
intel from an external IOC perspective, which is pretty much disposable. So, if
I get a file hash, you won’t get it.
We’re trying to
encourage the next- generation of internal threat intelligence. So actually,
looking at what we can extract from the internal environments to make
intelligence more accurate.
A key aspect of cyber
resilience is being able to detect irregular and anomalous behaviour with
sufficient context to determine the risk. We see our threat intel helping in
two areas there.
The first is that we
use external information to help you assess when controls fail. So, we can
see for example, that
one in every 500 emails that arrive within an organisation is malicious.
This is important for
board metrics and measurement of existing security controls
The second is getting
sufficient context for businesses. AI is mentioned by every vendor, it’s
solving the world’s problem, right? One of the by-products of AI usage is the
generic labelling of threats. That’s because AI is trained on specific data
sets, but they don’t explain the capacity of the different malware. So, organisations find an infected device, and the response strategy
used by nearly all businesses is to just re-image the system. But the problem
is, that one-in-twelve of those generically labelled threats will actually have
credential theft capabilities. That’s not addressed in a reimage response
This is why Business
Email Compromise is such a big issue.
We are also trying to
raise awareness around how companies can improve companies’ level of risk
There are three different Lastline Products, Defender, Analyst and Detonator.
Yes, we are working to
bring everything together under the defender name. That resonates with end
Who is the typical customer of this platform, are you selling to email security vendors or end customers?
We have a model that addresses both. We are known for our behavioural
insights. Email providers use us as a premium advanced threat protection
Our readers are often very focussed on protection from phishing threats. What are Lastline’s capabilities around phishing protection?
Yes, customers come to
use for help for phishing, attachments, URLs. We typically sit as the last line
But Email really is
the vector. Web has died, it really is too hard to exploit a browser currently.
How does Lastline work to stop phishing attacks?
It goes through a
whole suite of processes. We go from the least computationally extensive to the
most and catch the attack along the way. First of all, with phishing, there’s a
number of lists available so we consume though. Then there are things we check
like how old is the domain?
We’ve also been
training our AI engine to spot phishing for the last 12 months. This means we
can spot outliers and identify what classifiers define a phishing page. These
classifiers are really interesting, so we’ve found that phishing emails are one
screen height only, there’s no way to scroll. When you combine these kinds of
classifiers you get a really strong probability of being able to stop phishing
emails getting into inboxes.
It could be of course,
that you receive an attachment, or PDF with a URL in it. This URL leads to a
phishing page. So, ultimately, it’s about the credentials. There’s always a
one-to-one relationship between the phishing message and the credentials, it’s
Outlook or Office 365 or Amazon. We’re seeing an increase in key-logger
attacks, and if they get in the exploit on average 28 sets of credentials from
infected devices. That’ll be all the browser passwords, local user passwords
and email passwords.
Is that the most common issue customers are coming to Lastline for help with?
It’s certainly one of
them. I think overall, our customers are looking to stop unauthorized access
into their environment, which they would call ‘intrusion.’ If we go into an
organization yes, we sit behind their email and give them encounter rates and
look at the capacities, but we also see legacy infections as well. The amount
of organizations that are pinging sinkholes with previously infected devices is
like 100%. So cleaning up those legacy attacks is something as well that
organisations come to us for.
Essentially, we are a
dashboard for operational certainty. Within 30 days we will have seen
everything, we will have the baseline to get the organization back to good
levels of security and stability. Then we defend against new threats.
We have some big
customers who use us for the behavioural intelligence and want to ensure that
their remediation is appropriate.
What kind of threats do you see Lastline having to adapt to looking towards the future?
There’s going to more
diversity in threats. Going back to the use of AI, it’s very difficult to get a
‘.exe’ file into an organisation. AI has done a good job of stopping that. But
unfortunately, they have changed the nature of the threat. So, we see new file
types, new methods and different levels of obfuscation. What they want hasn’t
changed though, aside from cyrptojacking.
Ultimately, the three
major threats that organizations face are loss of intellectual property, loss
of controlled data and loss of operational capacity.
Lastline’s CEO joined the company quite recently. Are there changes happening at Lastline?
Absolutely yes. John
has come in to spearhead our enterprise, end user strategy. We also have a new
We are trying to write
and research things that are more influential at a policy and guidance
perspective. We are trying to write new standards for malicious code detection
and intrusion detection.
We worked on
Asynchronous Warfare or Asymmetric War-fare. This is the idea that there’s a
time issue between effective defences and the in threats coming into the
network. We’re trying to build awareness of this in cyber resilience.
We’re trying to say,
risk assessment is really important, and If you’ve got it wrong, you’re in
Is Lastline an important part of a multi-layered security approach?
We deal with the
aspect of cyber defence. So if it’s an attack or a threat on the way into your
organization that is our sweet spot. But, in taking an action we would need to
integrate with other platforms like endpoint, SOAR or SIEM platforms.
We are very much part of the picture, but intrusion and the way that can manifest is what we go after.
To find out more about the Lastline Platform you can read our full review here:
To find out more about Post-Delivery Phishing Protection you
can read reviews of all the top platforms here:
Post-Delivery Protection Reviews
Visit the Lastline website here: