Our customers rely on ReversingLabs A1000 Threat Analysis and Hunting Solution to provide an instant malware lab, delivering static and dynamic analysis. Here, we break down the newest improvements to this necessary solution.
ReversingLabs is proud to announce new features for ReversingLabs A1000 Threat Analysis and Hunting Solution. Our solution presents customers with an immediate malware lab equipped with static and dynamic analysis capabilities for all files and binaries within your company. The ReversingLabs A1000 Threat Analysis and Hunting Solution seamlessly integrates with ReversingLabs file reputation services, offering comprehensive context and threat classification. It encompasses features such as visualization, automated workflows through APIs, global and local YARA rules matching, and integration with third-party sandbox tools.
The analysis outcomes are aligned with the industry-standard MITRE ATT&CK framework to enhance usability and facilitate correlation with other security solutions. This contextual information empowers analysts to defend against global and targeted attacks effectively, expediting investigations and response efforts.
The ReversingLabs Threat Analysis and Hunting Solution aims to deliver value to our customers through various avenues. We minimize cyber risks and safeguard data and file privacy, contributing to the success of our businesses. Practitioners benefit from our advanced technology, which shortens Mean Time to Detection (MTtD) and prioritizes malicious files for immediate attention and analysis.
New and improved technology that drives security operations forward
At ReversingLabs, we constantly work to improve our clients' security solutions. That’s why we are pleased to announce the availability of Version 8.2 of our A1000 Malware Analysis Platform. Alongside addressing customer requests, we are delivering improvements with the static analysis, expanding the dynamic and network analysis capabilities, and delivering major improvements to the workflow and user experiences.
New and improved features in A1000 Version 8.2 include:
• Cloud Sample Summary Page (New)
• Improved TiCloud Search Results
• YARA Test Run (New)
• Expanded Row Redesign
• RL Cloud Sandbox - macOS file type selector
• Login Page Redesig
Here are the essential updates to A1000 8.2 that will aid enterprise security operations centers (SOCs) as they defend their organizations against today’s most pressing cyber threats.
Cloud Sample Summary Enhancements
Image 1: All available additional metadata is displayed on Cloud Sample Summary
When it comes to file analysis, access to data is king. In previous versions of our Cloud Sample Summary, users experienced a large gap in the data compared between cloud and local samples and the data provided.
With the newest version of the ReversingLabs A1000, users can preview any Cloud sample and additional metadata regardless if the file size is over 400 MB or the sample is private. Users now have an overview of any sample available on the ReversingLabs TitaniumCloud, improving usability and triage productivity, enabling them to preview cloud samples before fetching locally, and avoiding downloading excessively large samples for analysis.
As part of this update, we are also delivering results faster with the recent Cloud Search improvement and improvements in consistency when queries are re-run. New filters in this update include submission time, last seen, and first seen, with an option to research further into older data for additional results. Users will experience the improved speed and consistency of searched Cloud data, increasing productivity, usability, and confidence while searching through the large library of cloud samples.
Saving Time with YARA Test Run
Image 2: New option for YARA Test Run
As part of our goal to improve the process of writing and validating YARA rulesets, another new feature in this release enables users to test running a YARA ruleset on a subset of samples.
Currently, users of A1000 have the option to write their own rules or find publicly available rulesets, including third-party rules, to improve their hunting activities. But in previous versions of A1000, testing custom-written YARA rulesets was a time-consuming process as it would run the test against all the samples with a pervasive result list. With our latest release of A1000 v8.2, users can use the new YARA Test Run option to check a newly created ruleset against user-selected samples, saving significant development time.
Users will have access to the new “Test Ruleset” option within the action menu on the YARA section, in the YARA Editor and create new rulesets. From there, users can select up to 5 tags to load local samples and test a ruleset on up to 100 local samples. This new feature delivers increased productivity and usability to A1000 users.
Further A1000 8.2 Updates
Other highlights of the A1000 Version 8.2 update include:
• Expanded Row redesign offers more intuitive navigation when previewing samples. Users can now efficiently pivot to high-value data, such as Hex preview, directly from the expanded row view, without having to open an individual sample summary screen
• Login page redesign delivers a unified look and feel across all appliances. The login updated process supports more efficient SSO and general workflows for appliance users
• Explainable tab names provide users with a better overview of opened A1000 pages within a browser window, improving navigation when multiple tabs are open
Image 3: New login page with efficient SSO support
Improvements in Dynamic and Network Analysis
There have been several additions to the product’s static analysis based on feedback from our customers and users.
• AssemblyLine integration preview, offering a simplified setup process to forward files and receive results inside the A1000, providing users with additional analysis metadata to enhance triage and hunting workflows.
• File type selector added to RL Cloud Sandbox macOS configuration, offering a straightforward setup while ensuring only relevant file types are sent to that platform without spending additional RL Cloud Sandbox quota.
• Signatures section added to the Cisco Secure Malware Analytics (formerly known as Threat Grid) integration, improving triage capabilities with new metadata extracted during the dynamic analysis. Additionally, profiles for Cisco Secure Malware Analytics can be set up on the Admin/Integrations page, offering a selection of virtual machines to send the samples.
Experience detailed malware detection and intelligence today by reviewing a demo of ReversingLabs A1000 and start finding the threats your other tools cannot find. A1000 uncovers severe threats while providing the coverage and information necessary to manage and remediate them.
Continued development delivering beyond customers’ expectations
It is clear to us at ReversingLabs that there is no true limit to improving solutions for our customers. This is what we will continue to do with our ReversingLabs A1000 Threat Analysis and Hunting Solution so that organizations can continue to have robust programs to help mitigate today’s most serious malware threats.
Updates made to the most recent version of the ReversingLabs A1000 Threat Analysis and Hunting platform, such as the new Cloud Sample Summary Page, improved TitaniumCloud search results, and the new YARA Test Run capability, will benefit our customers and the mission of ReversingLabs. It’s also important to note that these major updates are just some of the key features that have been made to our Threat Analysis and Hunting solution.
About ReversingLabs
At ReversingLabs, we are providing the world’s largest threat intelligence repository to protect software development and power advanced security solutions, keeping the most advanced cybersecurity organizations and Fortune 500 enterprises informed and ahead of the threats. Our software supply chain security and threat intelligence solutions have become essential to advancing enterprise cybersecurity maturity globally.
