Who is ReversingLabs?
In this episode, Matt answers a simple yet important question: Who is ReversingLabs? Matt does this by recalling the company’s history, dating back to 2009, which began with ReversingLabs hosting the world’s largest reputational database for malware. He then details ReversingLabs’ growth into a leading provider of software supply chain security.
MATT ROSE: Hi everyone. My name is Matt Rose Field CISO at ReversingLabs. I wanted to have a little conversation about who is ReversingLabs, as you can see by the title of this session here. So a lot of people ask about, who's ReversingLabs? I hear you're talking, you're a lot about software supply chain security and SBOM but a lot of people don't realize that they've probably been reusing ReversingLabs on the back end of some other major software vendors in the security space for years.
So I'll give an overview of what ReversingLabs is, who we are and what we do for our customers and the industry as a whole. So thinking back I'll get my pen out here. Around the 2009 timeframe, ReversingLabs came into existence. It came into existence as a reputational database for malware.
So this thing's been growing for years, since 2009. It is currently the largest private repo reputational database of malware in the world. And in the early days of the company, there wasn't really a selling to customers with this reputational database, but it was used for a feed, for probably a security product you've used.
There's just so many software vendors that use our reputational feed for the database to be enhanced their product, to make their product better with the capabilities in our database. Then we moved through the timeframe and we decided to help the SOC analyst and the malware analysis and threat hunting individuals with a UI on top of that database to proactively research potential malware threats, to respond to incidents, to sandbox and detonate malware to see how it works. And that was when we came out with a platform called the A1000.
The A1000 was a UI on top of the database that gave that the malware analysis, threat hunting activities for the SOC analyst the capabilities. Now, here's where the interesting stuff happened.
If you haven't heard about a little software supply chain security attack of a few years ago, which was [00:02:00] SolarWinds, and I'll just use "SW" as the example here. SolarWinds was the first kind of blue chip new frontier of software supply chain. Based on ReversingLab's capability to look and detonate and research malware, we wrote a blog about how the SolarWinds attack happened based on our own research. This blog was basically picked up by a lot of press. It was picked up even by the individuals at SolarWinds. So it started this new kind of identity for the company, which is software supply chain security, or SSCS.
So what happened was post-SolarWinds, we basically created a product for the AppSec professional for the product security office to help prevent vulnerabilities and software supply chain attacks like SolarWinds.
So now we have a product which is called Software Supply Chain Security, that basically helps integrate and automate supply chain scanning of the compiled package as part of that CI/CD pipeline or that final check released to production, if you will.
So think about ReversingLabs, having the capability to look at very large files, scan them in minutes post compilation, pre-deployment, defined software supply chain risk. Software supply chain risk that we're really focusing on at the company is about malware, which is a huge issue. A lot of the vendors that say they do software supply chain security these days are only looking at open source packages.
Are they compromised?
Are there vulnerabilities in them?
Do you need to upgrade?
Are there licensing issues?
We focus on those things as well in some way, shape and form, and I'll talk about it, but more on the malware that potentially is inserted. Secrets identification and prioritization: are the secrets potentially compromised, which are the real secrets you need to worry about. DIFFing of product releases:
So I have version 1.1 of my product. I do a bunch of changes. Now I have version 1.2. I add files, delete files, change files based on our inability to integrate into [00:04:00] that CI/CD pipeline, we can do a DIFF from version 1.1 to 1.2, what files were added, what files were deleted, what files were changed, so on and so forth.
We also have a big one, and this is one of the things that really shines for the company, is we identify behaviors of that application. Once we actually recursively rip apart through binary analysis, the package, and we recognize many different files, war files, jara files, DLLs, ISOs, MSIs, many different files, very complex files.
We can say, hey, this is what this application is programmatically doing. Does that fit or jive with the intentions of the product? Does that fit the threat model of the product? Because a lot of times, and this is a, an obvious thing, but I always like to throw it out there, malware, the first one we talk about here, is not malware.dll.
You just do a gripper of search in the product to say, hey, is there malware? Okay? No. Malware is very good at hiding itself, but it does change certain behaviors in the application to allow the malware to successfully execute itself.
So ReversingLabs is a company that really focuses on two areas, malware analysis and threat hunting for that SOC analyst and Software Supply Chain Security for product security officer, application security professionals to help prevent the next software supply chain attack like SolarWinds or more recently, CircleCI or even more recently, 3CX.
I'm Matt Rose. Hope you enjoyed this episode, not episode, but conversation about who is ReversingLabs, what we do.
We are the software supply chain company with the largest reputational database that's private of malware in the world.
Have a great day. Thanks for taking the time.