Open APIs allow seamless integration with other products. Eventhough Lastline does not provide an end-to-end solution like their rivals, namely McAfee, TrendMicro and Symantec, Lastline excels by providing their APIs so that they could be integrated with other security products.
With Lastline, the effort to put in into the protecting the users against zero-day threats and malware can be subsequently reduced. It's accuracy and analysis reports on the objects are what all the other vendors should make an example of.
Lastline's reports can sometimes be very complicated and somehow leaves users with lots of technical information that cannot be easily digested. A more presentable reporting should be provided. However, this is not a weakness and their reporting is only suitable for people with certain technical knowledge.
Lastline itself is a complicated product to navigate through, although it provides a lot of details to the users. This was a feedback from one of our customer here during the POC stage. Users may be required to be technically sound to understand what Lastline has provided to them. What I mean by "a more presentable reporting" is that Lastline should provide a more user readable format of the report; perhaps more visual storyline of their process?
I have been using and performing POC on Lastline for my customers for around 1 year.
No issues.
No stability issues.
Lastline has no issue with scalability as it is by far the more scalable amongst APT solutions.
Lastline support has yet to fully penetrate into the SEA market. Their responses may come from their Sales and System engineers instead of their support team.
Technical Support:As mentioned, their system engineers are very well trained and experience enough to answer most of the technical and product inquiries thrown at them.
No.
Initial setup is very straightforward for cloud-based deployment. For on-premise deployment, it will require some UNIX-based commands knowledge.
Lastline is not a cheap product if compared with their competitors. I wish they could do something about the pricing as it is very hard to convince the customers on such a model.
Originally posted at vcdx133.com.
This post provides a Tech101 breakdown of VMware NSX. If you have heard the buzz-word “NSX” or “Network Virtualisation” and want to learn more about it, this post is for you.
VMware NSX has two distinct variants – NSX for vSphere (NSX-v) and NSX Multi-Hypervisor (NSX-MH). The most feature rich version is NSX-v (as you would expect) and the most flexible and vendor agnostic is NSX-MH (albeit with less features). Currently these are separate binaries that you download and deploy, however there is talk that in the future it will be a single binary set with a V/MH software setting during deployment.
A little bit of history will also clarify things. VMware acquired Nicira in 2012 and integrated/developed the NSX product suite by combining VMware’s vCNS (aka vShield Edge and App) with Nicira’s NVP. So if you understand vShield, it will give you a good start to mastering NSX.
The diagram below illustrates the NSX architecture, complete with physical infrastructure. Note, storage virtualisation has been deliberately left out of the diagram since it is not in-scope. The “P2V” lines denote the possible NSX overlay to physical network integrations.
NSX for vSphere (NSX-v)
NSX-v has the following components:
What are L2 to L7 services? VLAN, VXLAN tunnels, Network Firewall, IPS, Application Firewall, NAT, Routing (OSPF, BGP, IS-IS), Load Balancing, SSL VPN, IPSec VPN, Route redistribution, etc.
NSX for Multi-Hypervisor (NSX-MH)
The NSX-MH has the same functional components, except it uses Open vSwitch (instead of vDS) with KVM, Hyper-V or XenServer and does not have a Distributed Firewall (no micro-segmentation).
Why do it this way?
You may have heard about the “Goldilocks zone” (not too hot, not too cold, just right – used to describe Earth’s placement in the solar system for sustaining life). The hypervisor is the “Goldilocks zone” of the Data Center, it is the natural meeting place for the Software Defined Data Center (SDDC) – Compute, Network and Storage.
If you understand the benefits of server virtualisation with vSphere (abstraction of the Operating System from the hardware, etc.), you can apply the same logic to network virtualisation. There is also the driving force of creating blueprints within the Service Catalogue of the Cloud Management Platform and linking polices (compute, network, storage and security) to the blueprint.
Weaknesses
The Internet is a nasty place, and getting nastier. Current breach detection products using traditional anti-malware sandbox technologies can’t keep up with advanced persistent and hyper-evasive threats that pummel enterprise networks on an hourly basis. Malware authors encode their exploits with a number of operational vectors, so in case one entry point doesn’t work they can still find a way into your network to do their dirty work. And as more businesses hire more outsourced consultants, part-time workers, and employ mobile devices, they open up additional mechanisms for malware to enter their corporate networks.
Some traditional AV and endpoint protection vendors have responded to these threats by adding features to their security products to do a better job of anticipating badly behaving packets coming through their detectors. They make use of limited virtual machines or operating system emulators to view how a piece of malware operates. That is great, but it isn’t enough. Many malware authors can detect when these simulated environments are active and can evade detection accordingly. For example, some exploits such as W32.DelfInj can literally go to sleep for several days to avoid any detector that will just scan an infected system for the first several minutes.
What is needed is a next-generation sandbox that can correlate a series of particular breach events add IP and object based reputation analysis and do this in near real-time. This is what the Lastline Breach Detection Platform does. What makes them unique is their range of discovery, the way they can effectively mimic actual PC or smartphone endpoints to examine malware behavior.
Lastline has four major components:
They just announced added Mac OS X support, which I didn't get to test.
It is a bit tricky to install the various components and to get it set up properly. But once you do, you can take full advantage of its features.
No.
No, indeed this is one of its main benefits. You can scale it up to handle very large networks with their modular and SaaS-based tools.
To add flexibility to its system, both the next-generation sandbox and reporting tool can be either hosted or installed on-premises.
Their core idea is to run a piece of suspected malware in such a way as to provide the ultimate examination of its operations. Suspected code is extracted from the network traffic flow, analyzed andcorrelated with other network-level events to provide a full picture of what happened. It has one of the most throughout analysis sandbox engines. But what is more important is how they are able to provide actionable intelligence to a wide variety of leading security vendors’ intrusion prevention and unified threat management platforms from WatchGuard, Barracuda, TippingPoint, Juniper, Tripwire and others. Through a combination of application programming interfaces, Lastline can send and receive firewall blocking rules and breach event data to/from the appropriate systems that you have already purchased, so that these threats can be quickly stopped.
Yes, there are other sandboxing securing tools out there, but they aren't as thorough as what Lastline does.
Vendor team was first rate.
