RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Read More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
Threat ResearchOctober 26, 2018

Integrating Isolation with Analytics

Guest blog by Edvard Amoroso, Founder and CEO of TAG Cyber

FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
integrating isolation with analytics graphic

One of my PhD thesis advisors at the Stevens Institute of Technology was a mathematician named Steve Bloom. Among the late, great Dr. Bloom’s amazing research accomplishments include mathematical analysis of computational structures and equational properties of fixed point operations. I consider him one of the most amazing scientists I’ve ever met, and will admit to having been somewhat intimidated by him at times. And one day, he asked me about computer security:

“What are the foundational issues?” he asked. Now, when someone whose normal conversation wanders comfortably into Friedberg splitting in ß-recursion theory asks you about the foundational aspects of your discipline, then you’d better give an answer that makes technical and logical sense. After giving his question some thought – and I remember that he asked me while we were driving in the car near Bell Labs in Murray Hill, New Jersey – I responded by talking about isolation.

“Computer security, I said, back in a time before it was fashionable to say cyber, “is about finding ways to isolate active entities and passive repositories like files into groups based on their properties and on stated policies.” I remember him nodding and responding that this seemed a sensible way to describe the security challenge. That moment was meaningful to me, and every time I hear of isolation techniques in cyber, I think of Professor Bloom.

Now, an interesting thing happened in our industry recently – and it might seem minor, but I got excited when I heard about it. The team at Menlo Security, which provides isolation for web surfing and email links, realized that it needed to make allow or block decisions based on the properties of email attachments being isolated. All too often, I see this type of product challenge result in a cobbled-together capability that wanes in comparison to similar commercial offerings.

But in this case, the Menlo team made the wise decision instead to partner with the capable security team at ReversingLabs. Now, you probably already know that ReversingLabs provides best-in-class methods for differentiating between safe and infected files. By combining the power of isolation from Menlo Security with the analytic forensic strength of ReversingLabs, the two teams have created and demonstrated the poster child case for a clean, useful security integration.

“The power of what we provide at ReversingLabs,” explained Brian Soldato from ReversingLabs, “involves reverse engineering files of interest to produce useful cyber security results in a way that is not prone to evasion techniques such as with most dynamic analysis methods. This capability provides Menlo and our other customers and partners with forensic advantages. And we can scan efficiently, within in a couple of seconds, to produce a verdict on the data being analyzed.”

“Our customers benefit from the power of isolation,” explained my longtime friend Howard Garfield from Menlo Security, “with dangerous attachments being efficiently blocked, when warranted, based on ReversingLabs technology.” I will second Howard’s motion here: I like this integration and appreciate its sensible approach to solving a common problem. If Dr. Bloom were alive today, I might have used this as an example to illustrate the power of isolation in my answer to him.

Give the fine folks at Menlo Security and ReversingLabs a call – and ask them how you can take advantage of this isolation and file analysis case for your own security architecture. And let me know what you learn.

https://www.linkedin.com/pulse/integrating-isolation-analytics-edward-amoroso/

Learn more about ReversingLabs automated static analysis engine.
Learn more about Menlo Security’s email security products.

Keep learning

  • Learn how Gartner® named RL a supply chain security 'visionary.' Download: Gartner® Magic Quadrant™ for Software Supply Chain Security.
  • Get key insights into why Gartner® identified binary analysis as a must-have control in its recent CISO Playbook for Commercial Software Supply Chain Security.
  • Get up to speed on the Agentic Development Security tools landscape in this webinar with Forrester Sr. Analyst Janet Worthington.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Plus: Join the free Spectra Assure Community today to get hands-on with RL's binary analysis-based software supply chain security platform.

Tags:Threat ResearchResearch

More Blog Posts

Device code phishing

Device code phishing bypasses password stealing

The Microsoft 365 phishing campaign persuades victims to complete a real authentication process that authorizes an attacker-controlled device.

Learn More about Device code phishing bypasses password stealing
Device code phishing bypasses password stealing
Cloud security ITScape

How to defend ARM64 cloud infrastructure from ITScape

RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.

Learn More about How to defend ARM64 cloud infrastructure from ITScape
How to defend ARM64 cloud infrastructure from ITScape
Social Engineering Attacks Target One Tutorial at a Time

Phishing attacks leverage TikTok, Instagram Reels

RL has discovered two social engineering attack techniques targeting users via short-form videos. Here’s how they work.

Learn More about Phishing attacks leverage TikTok, Instagram Reels
Phishing attacks leverage TikTok, Instagram Reels
Thousands of developer projects compromised in npm hack

How 56 npm packages used binding.gyp to steal secrets

The attack is notable for its breadth, flooding npm with malicious package versions.

Learn More about How 56 npm packages used binding.gyp to steal secrets
How 56 npm packages used binding.gyp to steal secrets

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top