ReversingLabs Ups Ante in the Fight to Detect Advanced Malware

New Releases Improve Malware Detection Accuracy for Threat Hunters and Incident Responders While Optimizing Workflows for Security Analysts

ReversingLabs, a leading provider of enterprise-scale file analysis, threat hunting, and malware intelligence solutions, announced a series of platform enhancements that deliver improved identification, searching and contextual understanding of advanced malware attacks that have bypassed defenses and entered enterprise networks. Supported by the latest release of the company’s A1000 Malware Analysis and Hunting Platform, and evolution of ReversingLabs industry-leading file reputation service, TitaniumCloud, and enterprise scale file and malware classification solution, Titanium Scale, threat hunters, incident responders, and security analysts can now quickly develop actionable threat intelligence on even the most advanced attacks bolstering security operations efficiency and unknown malware detection.

Read More: AiThority Interview Series with Jeff Epstein, VP of Product at Comm100

Turbocharging Network, Email, and SOC Security

Today, malware traverses multiple attack vectors through advanced evasion techniques regularly bypassing existing security investments.  “Defense in Depth” security layers cover threat surfaces, but often lack event context and sufficient file-level analysis. ReversingLabs alleviates these gaps through the automated identification and integration of malware classification and context with the consoles of core security tools such as Tanium, Recorded Future, Menlo, Splunk, Resilient, and more. ReversingLabs enhances security workflows through the enrichment of event context with deep file and malware visibility to maximize the effectiveness of security infrastructures including SIEM, Endpoint, Network, Email, Sandbox, and SOAR solutions. By adding ReversingLabs deep file and malware visibility to the event context of a security infrastructure, even obfuscated, evasive malware is identified and contained closing the malware visibility gap.

What is New & Enhanced:

• Next Generation YARA Rules Engine – An enhanced YARA rules engine speeds the malware detection efficacy by matching ALL EXTRACTED FILES AND OBJECTS and simplifies rule export to endpoint, firewall, and network security controls.
• Enhanced Splunk Integration – The ReversingLabs Splunk App delivers file analysis and binary searches enabling enterprises to seek out malware at scale via the Splunk dashboard. As Splunk ingests and correlates ReversingLabs file analysis metadata, alerts may be generated on any “files of interest.” With a single click, security analysts can now pivot to the ReversingLabs A1000 Malware Analysis Console to investigate and identify malware.
• Enhanced Tanium Integration –Continued enhancements to ReversingLabs File Reputation Service delivers greater contextual enrichment of Tanium Detects’ endpoint visibility and remediation capabilities. Plug-and-play integration automatically submits file hashes from an endpoint to ReversingLabs to instantly determine reputation and obtain metadata about the files for further action by Tanium.  YARA rules created in the ReversingLabs environment can be imported into Tanium Detect to find malware for which no AV signature exists.

Read More: Brands that Realize the Potential of Augmented Reality

Energizing Malware Hunting

Threat hunters must find ways to proactively and continuously search across their enterprise environment to detect and isolate advanced threats that have evaded their defenses. Proactive threat hunting addresses the long dwell times wherein malware operates. Successful threat hunters require solid intelligence to decide what they are going to hunt for, and tools that help them hunt across multiple locations, and identify targets both historically and in real-time.

ReversingLabs has reenergized the threat hunting process delivering a file reputation repository to help develop intelligence and determine attacks in the wild that are likely to target the organization. To support the search across multiple locations historically and in real-time, ReversingLabs delivers multi-conditional queries using logical expressions and YARA rules to search through data stores and uncover hidden malware greatly enhancing detection and reducing impact from breaches and newly identified targeted attacks.

What is New & Enhanced:

• New Retro-Search – The newly released Retro-Search capability unleashes innovative hunting strategies by speeding up search performance and removing limitations on search volumes to deliver unlimited on-demand advance searches and retro-YARA hunts.
• Enhanced Search – Sophisticated and rapid malware hunting is facilitated with new built-in search capabilities. Multi-conditional queries, logical expressions, and search assist with automated completion of 500+ logical expressions for efficient and effective searches across local and cloud environments.  Search assist and automated expression completion mean that even novice hunters can effectively search for advanced malware.

Read More: Cyxtera Reveals Research Finding IoT Devices Under Constant Attack

Arming Security Teams of All Levels

Security teams face overwhelming noise and complexity from the sheer volume of events to review and files to analyze. ReversingLabs rapid, automated file analysis delivers threat identification, classification and rich context (file level threat indicators) so that even level 1 security analysts can quickly and accurately understand and respond to an incident.  SOC efficiency is greatly enhanced while detection and containment times are reduced.

What is New and Enhanced:

• Enhanced Role-Based Dashboards – New dashboard views specific to the roles and processes of security analysts and incident responders put critical threat data and malware context at the fingertips of analysts who need it when they need it to make accurate and timely decisions making.

“ReversingLabs solutions focus on improving the efficiency and effectiveness of hunting, analysis and response teams,” Said Ed Amoroso, CEO of TAG Cyber. “This updated platform release extends this focus by adding capabilities that empower analysts of all experience levels to search out and identify hidden malware.  It also adds extensive integrations that ease the burdens on security architects and improve overall SOC operations.”

Read More: Accenture Wins GLOMO Award for Virtual Reality Mobile Application