Announcing RL Spectra Analyze Version 9.5

Spectra Analyze v9.5 Release Highlights

RL Spectra Analyze empowers all levels of the SOC with a private, in-depth, malware analysis workbench. Analysts, incident responders, and threat hunters are enabled with distinct threat classifications, context-rich intelligence, and decisive threat verdicts to speed alert triage, streamline investigations, and accelerate response. Spectra Analyze v9.5 delivers the following enhancements:

Interactive URL Analysis

We’ve added new capabilities to our Cloud Sandbox. In addition to interactive file analysis, we now provide interactive analysis on URLs as well. Analysts can launch secure, isolated browsing sessions to interact with suspicious or malicious websites directly from within the Spectra Analyze platform. Unlike passive or automated scans, interactive URL analysis allows analysts to:

• Click through links, explore content behind CAPTCHA, fill forms, and trigger dynamic content as a real user would without exposing their systems to risk.
• Observe and record changes in web page behavior, network traffic, file downloads, redirects, and exploit attempts in real-time.

Spectra Analyze: Interactive URL Analysis

Enhancements to URL Summary Page

We’re always striving to improve analysts’ workflows and user experience. To that end, we’ve made some key enhancements to the URL Summary Page in Spectra Analyze.

• Enhanced Header and Subheaders: Redesigned to clearly communicate URL classification, maliciousness level via risk score, threat type, and the classification rationale based on analysis components.
• New ‘URL General Information’ Summary Box: Provides a concise, human-readable overview of key indicators and insights gathered during URL analysis.
• RL Cloud Sandbox Real-Time Analysis Status: Keeps users informed about the progress of the analysis.
• URL Redirect Journey: Reveals the full redirect path, exposing hidden threats and evasion tactics for better threat detection.
• SSL Certificate Data: Certificate details help identify fraudulent, expired, or self-signed certificates, indicating potentially malicious URLs.

Spectra Analyze: URL Summary Page

Flexible Intel Feeds

Flexible Intel Feed (FIF) is a new capability within Spectra Analyze that provides a continuous feed of personalized, private, and curated IOCs extracted from samples submitted by an organization. This new capability takes the manual effort out of the crucial task of creating curated and contextualized threat intelligence from both internal security events and unstructured IOCs.

Security teams get a customized context-rich indicator feed, delivered in an easy to consume STIX/TAXII format, to effectively operationalize high-priority IOCs and maximize threat hunting and detection engineering efforts. 

Flexible Intel Feed: Analysis Workflow

ICAP Server

Spectra Analyze is now equipped with an ICAP server, enabling seamless integration with network devices like proxies and load balancers to offload HTTP/HTTPS traffic scanning. It supports real-time malware detection by intercepting and analyzing web content before it reaches users or applications. 

This means reduced risk since malicious files and advanced threats are identified and blocked at the perimeter, protecting sensitive applications and data. It also helps with compliance as it enables organizations to enforce security policies and regulatory requirements by ensuring only clean traffic enters the protected environment.

ICAP Connector: HTTP/HTTPS Traffic Scanning

The Work Doesn’t Stop Here

At ReversingLabs, we continually strive to meet and exceed our customers' needs and expectations, which means we’re always working to improve and enhance our solutions. Stay tuned for more exciting product updates!