RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top
Products & TechnologyApril 3, 2023

Integrate threat hunting into SOC triage to mitigate software supply chain risk

Here's how robust threat hunting and malware analysis can enhance your triage process — and help you get a handle on software supply chain security.

david neuman black white headshot
David NeumanDavid Neuman
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us

With the continual evolution of malware, it is often too late to prevent the initial infection by the time a security alert is generated. Additionally, malware files are frequently changing, rendering file name or hash-based alerts fundamentally useless.

The ability to triage an alert retroactively, evaluating functionality over a signature, is a critical capability to quickly mitigate the spreading of malware.

Here are key insights into second- and third-tier Security Operations Center (SOC) investigations — and how a robust threat-hunting and malware analysis platform can significantly enhance the triage process.

Key takeaways: Supply chain security risks addressed in new Gartner reportGet the Gartner report: Mitigate Enterprise Software Supply Chain Security Risks

What is threat hunting?

Threat hunting is traditionally a human-driven activity on networks and computers that enables them to proactively look for cyber threats to an enterprise. It is a practice usually employed by mature security teams yielding results that can preempt material damage from cyber exploitation.

Hunting is typically a pre-activity of incident response; if done correctly, it should reduce the level of response. In many instances, hunting also involves a historical analysis of previous incidents, including the environments where those incidents occurred.

Hunting has not been used extensively in software environments but could play an important role in ensuring that the code used by organizations or shared between them is protected.

The evolution of threat analysis and hunting

Whether it’s an enterprise using technology or a product organization selling technology and services, we are moving to everything as code. This pivot represents an enormous opportunity to evolve the use and scalability of technology products and services for business outcomes.

It also means a shift in the attack surface. This means our methods and tools must also shift. The code landscape is made up is billions of lines of programming and millions of executable files. This is highly dynamic and changes at a pace much faster than computer and network components. It is an environment where cyber threats have already started to exploit and represent a serious risk to any organization using technology.

This is an opportunity to converge and optimize activities from SOC analysis, threat hunting, and incident response. Because of the prevalence of code in our enterprises, we must move faster with greater precision.

Tags:Products & Technology

More Blog Posts

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabs
ReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Here's how ReversingLabs Threat Intelligence delivers a comprehensive approach to threat hunting:

  • File reputation and intelligence. It starts with a file reputation service that contains tens of billions of files and classifies them to provide in-depth, rich context, threat classification and intelligence. This classification increases by millions daily and cannot be scaled by traditional intelligence functions. Security teams can correlate a single sample with billions of goodware and malware samples to understand the intent of a file. This context allows analysts to defend against global and targeted attacks effectively, accelerating investigations and response activities.
  • Explainable machine learning. Combining static, dynamic, and machine learning for code analysis provides a full understanding of malware behavior and identifies malicious files masquerading as benign. Machine learning detection based on human-readable indicators provides explain ability, transparency and relevance to making learning-based threat detection.
  • Automated static and dynamic analysis. Similar to the value developers place on the effectiveness of tools and integration, automated analysis workflows and orchestration via API allow closer inspection of suspicious code samples or forwards to other tools.
  • High volume processing and integration. The magnitude of data that needs to be collected, analyzed, and integrated must be done at scale and very accurately. This capability must use file decomposition to extract detailed metadata, add global reputation context and classify threats. It automatically acquires files by integrating with email gateways, intrusion detection systems, firewalls, and other devices. Results feed into SIEM, SOAR, and analytics platforms to provide visibility and enriched data for remediation and advanced hunting.

Modern SOCs should focus on supply chain security

It is likely that advances in these areas, especially ingesting, analyzing, and orchestrating large volumes of data pertaining to code and the software supply chain, will be essential to address threats today and into the future.

There are no easy ways to evolve these operations, but whenever you can effectively use technology to set conditions for more effective operations and greater resiliency, you drive up the cost and level of effort for advanced threats.

It’s a continuous cycle of innovation and creativity that requires human insights. When selecting platforms that deliver these results, be sure you consider challenges and opportunities over the horizon.

TAG CYBER SERIES

  • Chris Wilder: Modernize your SOC with advanced malware analysis, real supply chain security — and best practices
  • John Masserini: Software supply chain security and SBOM automation: The next big step in risk management
  • Edward Amoroso: Leverage third-party software validation to bolster your supply chain security
  • Chris Wilder: Shift the SOC left: Why your organization should integrate DevOps with Security Operations
man looking through binoculars

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

QR Code Phishing Is Evolving: Here’s How Your Detection Can Keep Up

QR Code Phishing Evolves: How to Keep Up

Here's what you need to know about the rise of quishing — and how your threat hunting team can get out in front of it.

Learn More about QR Code Phishing Evolves: How to Keep Up
QR Code Phishing Evolves: How to Keep Up
Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Learn More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community
How a Simple YARA Rule Catches What AV Misses

ClickFix: YARA Rules Catch What AV Misses

Learn about the antivirus detection gap — and how to develop a simple YARA rule using Spectra Analyze.

Learn More about ClickFix: YARA Rules Catch What AV Misses
ClickFix: YARA Rules Catch What AV Misses

How to Examine Polyglot Files with Spectra Analyze

Here's how to assess a sample using Spectra Analyze in your environment — and create a YARA rule.

Learn More about How to Examine Polyglot Files with Spectra Analyze
How to Examine Polyglot Files with Spectra Analyze
Polyglot File Examination with Spectra Analyze