How to Combat the IconBurst Software Supply Chain Attack
WATCH ON-DEMAND

Advance Your Malware Lab

Growing demand for local malware analysis capabilities continue to advance the need for a Malware Lab, a centralized malware analysis service organization that provides a single point of contact across the digital business for escalated workflows, as well as access to expertise and analysis resources and services. Through a more capable unified threat analysis platform and detection infrastructure, enterprises can quickly establish and advance a more mature and cyber-resilient digital environment.

Learn More Download Solution Brief
Malware Lab
Analyze Files From a Single Platform

Analyze Files From a Single Platform

Challenge: Threat Analysis tools vary in capabilities and maturity, and researchers routinely rely on a fragmented set of open source and commercial tools to fully process their samples to understand malware behaviors, determine a classification, and to investigate various indicators of compromise. The resulting inefficiencies in manual processes ultimately results in many files going uninvestigated, which leaves the organization at risk.

Solution: With ReversingLabs, analysts and threat hunters can work from a unified threat analysis platform, comprised of capabilities including automated static analysis and dynamic analysis (i.e. sandboxing technologies), as well as other key indicator sources such as network/URL behaviors and certificate trust chains. By consolidating these capabilities into a single automated analysis solution with a common console for investigating samples, managing workflows, and hunting threats, malware analysis teams have seen 3x improvement in productivity.

Malware Lab

Archive Samples for Future Research & On-Demand Training

Challenge: Local malware must be investigated, and the corresponding samples isolated from the production networks to mitigate potential risks. As these samples accumulate over time, with the potential for reclassification, analysts want to be able to reanalyze these files and inspect further based on new attack insights.

Solution: ReversingLabs supports a file lake, or “Malware Locker,” to store files in a secure location, with restrictive access controls, with archived samples available for future research and training. Within the lab, a detailed manifest of security context is maintained for navigating the archived content.

Monitor Sample Data & Alerts With Open Source YARA Rules

Monitor Sample Data & Alerts With Open Source YARA Rules

Challenge: The malware universe is dynamic, and the understanding of attacker intent and corresponding malware behaviors may evolve as new intelligence emerges both locally and across the global intelligence community. As new or updated intelligence is made known, or new hypotheses are proposed, analysts and threat hunters need to be able to access historical data to detect the targeted malware based on these insights.

Solution: ReversingLabs supports a data lake or metadata repository of all local files decomposed and analyzed, and this data is continuously monitored and threats are hunted retrospectively by applying our open source YARA rulesets in search of indicators of interest.

Malware Lab

Solution Insights

Webinar

Automating File Analysis: Yes you Can!

Automating File Analysis: Yes you Can!

5 Key Capabilities for Your Malware Lab

Watch Webinar

Webinar

Rethinking Enterprise File Analysis

Rethinking Enterprise File Analysis

A Case for the Malware Lab

Watch Webinar

Webinar

Building a Better Malware Lab

Building a Better Malware Lab

Realizing The Value Of Tool Consolidation

WATCH WEBINAR

Malware Lab Partners

Tanium

Tanium

The joint ReversingLabs and Tanium solution enables customers to accurately and rapidly identify suspicious files and malware on their endpoints.

Learn More
Splunk

Splunk

ReversingLabs has built an application to enrich Splunk data with next-generation malware analysis and threat intelligence for real-time correlation and threat detection results.

Learn More
Anomali

Anomali

ReversingLabs and Anomali integrate for automated enforcement using exposed threat indicators and to provide rich data for threat hunting and incident response - visible right in ThreatStream.

Learn More