The Lastline platform provides a full-system emulation approach to detecting malware and potential breach risks. At the core of the platform, Lastline leverages the open-source QEMU (Quick EMUlator) emulator, which, according to Kirda, Lastline has heavily modified and extended.
“Malware has become very evasive, so when you attempt to analyze it, the behavior can change,” Engin Kirda, Lastline’s co-founder and chief architect said. “So our technology has full-system emulation that allows us to look deeper into malware execution and extract behaviors.”
Lastline’s system also has a correlation engine that can provide context, pulling different security events together to provide a complete picture. For example, the system would understand that something was downloaded, which in turn led to an infection and then some kind of connection out to a botnet for command and control.
Lastline’s “secret sauce” isn’t just the emulation technology, but rather the detection mechanisms that are used, according to Kirda.