Version 2019.3
New Features
- Lastline Defender for Cloud
- Expanded threat detection for servers
- Support analyzing Amazon VPC Flow Logs
LASTLINE DEFENDER FOR CLOUD
Lastline Defender offering now includes protection for Cloud. Public cloud workloads are at risk from bad actors targeting unsecured and vulnerable internet facing applications, as well as stealing credentials to gain access to organization's cloud environment. Once they have access, attackers can laterally move to launch attacks on other non-internet facing workloads, ultimately harvesting and exporting data. Lastline Defender for Cloud delivers comprehensive visibility and protection for both your existing on-premise network and your network in the cloud through Virtual Private Cloud (VPC). Lastline Defender for Cloud is an extension to your existing Defender deployment. You will need to deploy sensors in AWS protecting your VPC. These sensors will examine network traffic to your cloud assets and interface with your existing Lastline Deployment to provide a single view into threats across on-premise and cloud environment. For more details on licensing and deployments for Lastline Defender for Cloud, please contact your Lastline Sales Manager.
This new feature was tracked internally as FEAT-4000
EXPANDED THREAT DETECTION FOR SERVERS
With this release, Lastline is providing a number of improvements to detection of threats against servers in the protected network.
The improvements include the ability to detect known exploits against a number of web application frameworks (such as, XSS, SQL injection, and LFI), and to detect anomalous connections to servers.
Additionally, the Lastline Portal now provides a clearer distinction between client and server when displaying the event details of detected network events.
This new feature was tracked internally as FEAT-3997
SUPPORT ANALYZING AMAZON VPC FLOW LOGS
Lastline Defender now supports ingesting, indexing, and analyzing flow log data from Amazon Virtual Private Clouds (VPCs). VPC Flow Logs give the product visibility into the IP traffic going to and from network interfaces in a VPC, and, in particular, they are used to alert about anomalous network activity occurring inside a VPC.
Lastline Defender supports importing Flow Logs from both Amazon S3 and CloudWatch.
This new feature was tracked internally as FEAT-3532
Bug Fixes and Improvements
- FEAT-3817: Improved extraction of document content from Microsoft Office CDF file types.
Deprecation of API methods
The Lastline API documentation includes a deprecation schedule for deprecated Lastline API methods, as well as information on how to replace usage of these deprecated methods with supported methods.
Since release 7.24, all methods of the legacy API (/ll_api/ll_api) are deprecated. The deprecation schedule also includes methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
- Lastline Sensor version 1051.4
Deprecation of appliance versions
Since release 7.28, sensor versions before 720 are no longer compatible with Lastline backend.
Distribution Upgrade
Sensor 1051.4, which is being made available as part of this release, will be the last sensor version to support Ubuntu Trusty as the underlying operating system distribution. Before upgrading to the following Sensor release, sensors that are still on Ubuntu Trusty will need to be upgraded to Ubuntu Xenial.
Users can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "xenial". If it is "trusty", the appliance distribution needs to be upgraded. A distribution upgrade can be performed by ensuring the sensor is on version 1051.4 and following these instructions for help with the upgrade process. This update is not done automatically to prevent unexpected downtime.