VMware Announces Intent to Acquire Lastline

By Tom Gillis, SVP and GM, Networking and Security Business Unit, VMware

June 8, 2020

Today we announced our intent to acquire Lastline, a pioneer in anti-malware research and AI-powered network detection and response. This is an important step forward for VMware’s vision of Intrinsic Security, as it will allow us to further take advantage of the intrinsic attributes of our virtualization platform to yield innovative security capabilities. Our aim is not to replicate that which exists today, but rather to build security solutions that we can uniquely deliver, spanning from the heart of the data center to users in a branch office and all the way to mobile users at home or on the road.

In the security industry, the nature of threats changes so rapidly that security technology is constantly being re-invented. In this context, it is not the algorithms per se that matter; it is the people that make the algorithms. Great people build great products, and great products build great companies. And that’s why we are so excited about the combination of Lastline and VMware. Upon close of the deal, we will bring a world class team of network-focused anti-malware researchers and developers, and go-to-market security experts, into the NSX team. Lastline boasts several of the top 10 most published security threat researchers globally, and the Lastline team has been credited with bringing structure and rigor to the world of malware research. This is reflected in the fact that the Lastline team has 15 PhDs and academics on staff. At VMware, we will amplify the academic focus of the Lastline team, and by joining forces with the Carbon Black Threat Analysis Unit (TAU), continue to foster their deep understanding not just of the threat, but of the motivation and tactics behind the threat.

This rigorous analytical approach can be seen in Lastline’s products. Lastline’s core product is a malware sandbox. Most sandboxes treat malware as a black box and inspect how that black box interacts with the operating system (syscall inspection). Lastline goes deeper, using full-system emulation to look at every instruction the malware executes, effectively peering into the black box. This yields a deeper understanding of how the malware works, which allows the Lastline team to also detect and block the many derivates of malware families. As a result, Lastline’s system detects twice the number of malicious files as a signature-based system. Lastline detonates more than 5 million file samples daily, and the Lastline technology protects more than 20 million users across 1000’s of organizations around the world, including 5 of the 10 largest financial institutions. Many of the most recognized online applications including online payments, financial management, tickets, retail, and streaming media are protected by the Lastline platform.

This same philosophy of analyzing core malicious intent is applied across the entire network. The Lastline system uses machine learning that recognizes essential elements of an attack, unlike the narrow signature-based systems that miss the many variants an attacker may use. The Lastline approach is not just anomaly detection – anomaly detection treats every outlier as bad and results in many false positives. Lastline leverages the deep understanding of malicious behavior to flag clearly bad activities such as East-West movement, command and control activity, and data exfiltration.

This brings us to the powerful combination of VMware and Lastline. VMware NSX has deep visibility into network traffic, touching every packet. The NSX architecture will allow Lastline to perform network analytics at massive scale, across tens of thousands of cores, without the burden of tapping network traffic. Furthermore, NSX has an intrinsic understanding of application topology and speaks Layer 7. So it knows the difference between a web server and a database and understands what an application is doing. We will combine this context with the deep understanding of the host provided by Carbon Black. Lastline malware analysis will become a critical feed for our Carbon Black EDR and NGAV platform, which currently helps secure more than 10 million endpoints and workloads around the globe. And the combination of NSX plus Carbon Black will also allow the Lastline algorithms to analyze a particular interaction with greater workload context, effectively saying: “this web server has a new process that looks suspicious and that process is connecting to this database and asking for data in a manner that looks similar to a tactic other attacks have used.” This broad context will enable very high-fidelity security decisions, and be operationally simple to deploy, allowing us to bring Intrinsic Security to the enterprise at scale. There are few security companies that have the footprint of end point AND network sensors to deliver this broad security context. Together, Lastline, NSX and Carbon Black will be able to deliver on VMware’s vision of Intrinsic Security.

We are looking forward to welcoming the Lastline team into the NSX family upon close!

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement