How SolarWinds attackers breached the supply chain
Read here

Advance Your Malware Lab

Growing demands for local malware analysis capabilities continue to advance the need for a Malware Lab, a centralized malware analysis service organization that provides a single point of contact across the digital business for escalated workflows, as well as access to expertise and analysis resources and services. Through a more capable unified threat analysis platform and detection infrastructure, enterprises can quickly establish and advance a more mature and cyber-resilient digital environment.

Learn More
Malware Lab
Analyze Files from a Single Platform

Analyze Files from a Single Platform

Challenge: Threat Analysis tools vary in capabilities and maturity, and Researchers routinely rely on a fragmented set of open-source and commercial tools to fully process their samples in order to understand malware behaviors, determine a classification and to investigate various indicators of compromise. The resulting inefficiencies in manual processes ultimately results in many files going uninvestigated which leaves the organization at risk.

Solution: With ReversingLabs, analysts and threat hunters can work from a unified threat analysis platform, comprised of capabilities including automated static analysis and dynamic analysis (i.e. sandboxing technologies) as well as other key indicator sources such as network/URL behaviors and certificate trust chains. By consolidating these capabilities into a single automated analysis solution with a common console for investigating samples, managing workflows, and hunting threats, Malware Analysis Teams have seen 3x improvement in productivity.

Archive Samples for Future Research & On-Demand Training

Archive Samples for Future Research & On-Demand Training

Challenge: Local malware must be investigated, and the corresponding samples isolated from the production networks to mitigate potential risks. As these samples accumulate over time, with the potential for reclassification, Analysts want to be able to reanalyze these files and inspect further based on new attack insights.

Solution: ReversingLabs supports a File Lake or “Malware Locker” to store files in a secure location, with restrictive access controls, and this archived samples are available for future research and training. Within the Lab a detailed manifest of security context is maintained for navigating the archived content.

YARA

Monitor Sample Data & Alert on Classification Changes

Challenge: The malware universe is dynamic, and the understanding of attacker intent and corresponding malware behaviors may evolve as new intelligence emerges both locally and across the global shared intelligence community. As new or updated intelligence is made known, or new hypotheses are proposed, Analysts and Threat Hunters need to be able to access historical data to detect the targeted malware based on these insights.

Solution: ReversingLabs supports a Data Lake or metadata repository of all local files decomposed and analyzed, and this data is continuously monitored and threats are hunted retrospectively by applying YARA rulesets in search of indicators of interest.

Malware Lab

Solution Insights

Blog

Introducing Explainable Threat Intelligence

Introducing Explainable Threat Intelligence

Next-generation threat detection and hunting algorithms built for humans

Read Blog

Whitepaper

Optimizing Sandbox Performance

Optimizing Sandbox Performance

Download our latest whitepaper "Optimizing Sandbox Performance" to learn about automated, high-speed static analysis can optimize your sandbox deployments.

Download Whitepaper

Webinar

Building a Better Malware Lab

Building a Better Malware Lab

Realizing The Value Of Tool Consolidation

WATCH WEBINAR

Malware Lab Partners

Tanium

Tanium

The joint ReversingLabs and Tanium solution enables customers to accurately and rapidly identify suspicious files and malware on their endpoints.

Learn More
Splunk

Splunk

ReversingLabs has built an application to enrich Splunk data with next-generation malware analysis and threat intelligence for real-time correlation and threat detection results.

Learn More
Anomali

Anomali

ReversingLabs and Anomali integrate for automated enforcement using exposed threat indicators and to provide rich data for threat hunting and incident response - visible right in ThreatStream.

Learn More