Enhanced Features Extend ReversingLabs Explainable Threat Intelligence Capabilities for Threat Hunters
MITRE ATT&CK Mapping, Indicator Transparency and Interactive Storytelling Provide Added Context, Transparency and Prescriptive Recommendations
ReversingLabs, the leading provider of explainable threat intelligence solutions, announced new capabilities for its Titanium Platform, continuing to support its novel approach to machine learning malware detection. The platform remains the first machine learning-powered classification system designed to provide explainable insights and verification that better support humans in the incident response decision making process. ReversingLabs new capabilities are accessible for demonstration in the Virtual Business Hall at Black Hat August 5-6. Registered attendees of Black Hat may visit ReversingLabs booth beginning August 5.
ReversingLabs Explainable Threat Intelligence approach to threat intelligence and detection automates time-intensive threat research efforts with the level of detail practitioners need to better understand events, improve productivity and refine their skills. Features announced optimize analysts’ ability to quickly understand and take action, reducing the time to detect and respond to threats and minimize organizational impact. Direct integration with and better visibility into MITRE ATT&CK tactics, techniques and procedures; unique full indicator transparency for confident classification and understanding; and interactive storytelling linking malware sample behaviors all combine to deliver actionable intelligence and upskill threat hunting and security operations teams.
Recommended AI News: Careline Health Group Adopts Muse Healthcare’s Powerful AI Technology
“Inundated by volumes of threat data and lacking the skills or tools necessary to analyze and understand it, security operations and threat hunting teams struggle to adequately assess and respond to malware risks effectively,” said Mario Vuksan, CEO and Co-Founder, ReversingLabs. “ReversingLabs Explainable Threat Intelligence approach and enhanced platform capabilities combined with the depth and scale of objects and file formats in our repository and split-second analysis ensures that security teams gain human-readable, actionable insights that enable them to quickly and accurately detect, classify and remediate malware threats.”
Modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. Moreover, because signature, AI and machine learning-based threat classifications from “black box” detection engines come with little to no context, security analysts are left in the dark as to why a verdict was determined, negatively impacting their ability to verify threats, take informed action and extend critical job skills. ReversingLabs Explainable Threat Intelligence approach leverages threat data from both internal and external sources to systematically analyze each layer of these complex objects, generating transparent “glass box” actionable intelligence and human interpretable data to detect, classify and respond to malware threats. Combining static, dynamic, and machine learning analysis, ReversingLabs Titanium Platform automates the vast majority of repeatable, time-consuming, and error-prone analysis tasks using a breadth of modern techniques, including object reputation, similarity analysis, and metadata correlation to discern, define and describe good from bad.
Recommended AI News: BlueParrott Announces Integration with Zebra’s Workforce Connect
Available immediately, ReversingLabs updated Titanium Platform delivers:
- Increased ATT&CK visibility:
When surfacing malware sample details, ReversingLabs results now give prominence to ATT&CK data, making it easier to address threat analysis gaps and accelerating triage investigation and response activities. ReversingLabs visualizes file indicators across the ATT&CK framework, mapping to unify attack techniques and support better planning for defense and mitigation strategies. Analysis summary reports highlight the top three techniques by count with a full, expandable list of ATT&CK data easily accessible.
- One of a kind indicator transparency:
Human-readable explanations for why an indicator appears in a sample analysis report have been expanded to show relevance (high or low) for indicators detected by ReversingLabs Explainable Machine Learning models. ReversingLabs platform is the only threat intelligence solution that gives practitioners the context and transparency needed to more quickly identify, verify and classify results. Additional icons and explanations are also displayed for supported malware types, including ransomware, keyloggers, worms, and backdoors, when a machine learning model has been used to detect them and classify the sample. Brand new Explainable Machine learning classification model that detects Windows malware regardless of its threat type has also been added to the platform.
- Interactive storytelling:
Results for malware sample summaries describing sample behavior now contain links to enrich the malware hunting experience. Each link leads to an advanced search, automatically performing a search query for samples based on the selected indicator of compromise (IoC). Including this level of detail provides the threat analysts and researchers the ability to quickly pivot through ReversingLabs 10B+ sample repository. With this functionally, teams will spend less time triaging information importance and will have more time to focus on incident response.
Open Source YARA Rules
Also available, ReversingLabs released a new open source YARA rule, aimed at detecting certificates commonly misused by malware. Since first launching open source YARA rules last month, ReversingLabs has continued to add new rules to ReversingLabs GitHub sourceweekly. Unveiled at ReversingLabs inaugural threat hunter summit REVERSING 2020, these now publicly available rules enable threat defenders to detect a multitude of prominent and prevalent malware downloaders, viruses, trojans, exploits, and ransomware, including WannaCry, Ryuk, GandCrab, TrickBot and others. With free access to rules that generate precise and accurate results and attribution, threat defenders can improve threat hunting and response rates and more quickly pivot from malware detection to threat response.