ReversingLabs Product Release Highlights: October 2024

ReversingLabs is proud to announce new features for Spectra Analyze (formerly A1000) and Spectra Detect (formerly Titanium Scale), as well as the Spectra Core engine.

Updated Spectra Core Engine

The backbone of Spectra Analyze and Spectra Detect is Spectra Core, our proprietary, high-speed binary analysis engine. The Spectra Core engine fully deconstructs files and objects down to their base elements, extracting thousands of unique file behavioral indicators, and applying AI-driven, multi-factor threat classification to deliver the fastest and most accurate threat analysis in the industry. This release expands on these capabilities to deliver even more powerful malware analysis.

Expanded File Format Coverage and Unpacking Capabilities

ReversingLabs already provides the widest coverage with our ability to identify over 4,800 unique file formats and unpack more than 400 formats, providing unmatched breadth in threat detection.

With the release of Spectra Core v5.1.1, we’re excited to announce support for LLM (Large Language Models) and VM disk images.

• Added identification for ONNX, PicklePKL, and Safetensors file types
• Added unpacking support for Composer, EFI, OVA, VDI, VHDX, and VMDK file types

Spectra Analyze v9.2 Release Highlights

RL Spectra Analyze empowers all levels of the SOC with a private, in-depth, malware analysis workbench. Analysts, incident responders, and threat hunters are enabled with distinct threat classifications, context-rich intelligence, and decisive threat verdicts to speed alert triage, streamline investigations, and accelerate response.

Spectra Analyze v9.2 delivers the following enhancements:

New Sample Summary Page

We’re always striving to improve analysts’ workflows and user experience. To that end, we took our customers’ feedback and redesigned the Sample Summary Page in Spectra Analyze. The new summary page now shows the most relevant information from all analyses on a single screen, saving analysts valuable time when triaging alerts and investigating malware threats.

Spectra Analyze: Sample Summary Page

Improved YARA Workflows

Support for Custom Repositories: YARA rulesets can now be imported from custom repositories, both public and private. Additionally, repositories can be set to automatically update and/or import new or modified rulesets.

Spectra Analyze: YARA Repository Management

Hex Preview Enhancements: ASCII values are now highlighted in the Hex preview for YARA matches, improving the efficiency of SOC teams by offering more readable text at specific offsets.

Spectra Analyze: HEX Preview

YARA Test Run on Hashes: The YARA Test run is now expanded to include tests on hashes, alongside the already existing option to test using tags. This enhances the process of writing and validating YARA rulesets by allowing test runs on a subset of samples.

Spectra Analyze: YARA Test Runs

Improved Search Workflows

We’ve also added new Search capabilities, further simplifying the process of finding interesting samples. Enhancements include:

• A new “Exploit” keyword that displays all samples exploiting cybersecurity vulnerabilities
• Autocomplete for file type formats
• Improved autocomplete sorting logic

Spectra Analyze: Example of Searching by Exploit

Spectra Detect v5.2 Release Highlights

Spectra Detect is the only high-volume, high-speed, large file analysis solution scalable to millions of files per day. Files are automatically ingested and analyzed files from data sources across the enterprise, including email, web traffic, endpoints, and cloud storage – ensuring no threats are overlooked. Results can be directly integrated into advanced analytics platforms, as well as data lakes, to support threat correlation, hunting, and response workflows.

Spectra Analyze v9.2 delivers the following enhancements:

Expanded Integrations

Citrix ShareFile Connector: With the latest release of Spectra Detect, we’ve added support for Citrix ShareFile. This integration further expands our growing list of pre-built connectors for file share services and cloud storage, which currently includes support for OneDrive, SharePoint, AWS S3, Azure Data Lake, SMB/NFS, and now Citrix ShareFile.

ReversingLabs is committed to helping enterprises secure their file shares and collaboration workflows by providing high-speed file inspection and continuous scanning of cloud storage platforms to uncover advanced malware threats missed by other security controls.

We will continue to add new integrations, so stay tuned.

Spectra Detect: Example File Analysis Workflow

The Work Doesn’t Stop Here

At ReversingLabs, we continually strive to meet and exceed our customers' needs and expectations, which means we’re always improving and enhancing our solutions. Stay tuned for more exciting product updates!