Cambridge, MA–February 18, 2020–ReversingLabs, a leading provider of explainable threat intelligence solutions today announced new and enhanced capabilities for its Titanium Platform, including new machine learning algorithm models, explainable classification and out-of-the-box security information and event management (SIEM) plug-ins, security, orchestration, automation and response (SOAR) playbooks, and MITRE ATT&CKTM Framework support. Introducing a new level of threat intelligence, the Titanium Platform now delivers explainable insights and verification that better support humans in the incident response decision making process. ReversingLabs has been named as a ML-Based Machine Learning Binary Analysis Sample Provider within Gartner’s 2019 Emerging Technologies and Trends Impact Radar: Security.1 ReversingLabs will showcase its new Titanium Platform at RSA 2020, February 24-28 in San Francisco, Moscone Center, Booth #3311 in the South Expo.
”As digital initiatives continue to gain momentum, companies are exposed to an increasing number of threat vectors fueled by a staggering volume of data that contains countless malware infected files and objects, demanding new requirements from the IT teams that support them,” said Mario Vuksan, CEO and Co-founder, ReversingLabs. “It’s no wonder security operations teams struggle to manage incident response. Combine the complexity of threats with blind ‘black box’ detection engine verdicts, and a lack of analyst experience, skill and time, and teams are crippled by their inability to effectively understand and take action against these increased risks. The current and future threat landscape requires a different approach to threat intelligence and detection that automates time-intensive threat research efforts with the level of detail analysts need to better understand events, improve productivity and refine their skills.”
According to Gartner’s Emerging Technologies and Trends Impact Radar: Security, “Gartner estimates that ML-based file analysis has grown at 35 percent over the past year in security technology products with endpoint products being first movers to adopt this new technology”.2
Black Box to Glass Box Verdicts
Because signature, AI and machine learning-based threat classifications from “black box” detection engines come with little to no context, security analysts are left in the dark as to why a verdict was determined, negatively impacting their ability to verify threats, take informed action and extend critical job skills. That lack of context and transparency propelled ReversingLabs to develop a new “glass box” approach to threat intelligence and detection designed to better inform human understanding first. Security operations teams using ReversingLabs Titanium Platform with patent-pending Explainable Machine Learning can automatically inspect, unpack, and classify threats as before, but with the added capability of verifying these threats in context with transparent, easy to understand results. By applying new machine learning algorithms to identify threat indicators, ReversingLabs enables security teams to more quickly and accurately identify and classify unknown threats.
Available now with Explainable Machine Learning, ReversingLabs platform inspires confidence in threat detection verdicts amongst security operations teams through a transparent and context-aware diagnosis, automating manual threat research with results humans can interpret to take informed action on zero day threats, while simultaneously fueling continuous education and the upskilling of analysts. ReversingLabs Explainable Machine Learning is based on machine learning-based binary file analysis, providing high-speed analysis, feature extraction and classification that can be used to enhance telemetry provided to incident response analysts.
Key features of ReversingLabs updated platform include:
- Explainable Machine Learning
- Patent-pending Binary Machine Learning Classification Models
- New threat-specific machine learning algorithms for a variety of malware types
- Explainable Malware Classification Indicators in a human readable format that brings understanding to file classification for security analysts
- Explainable SIEM & SOAR Threat Intelligence
- Integration with leading SIEM platforms, including new or enhanced APIs for Splunk Enterprise and Microsoft Azure Sentinel
- Integration to leading SOAR platforms including new or enhanced APIs for Splunk Phantom
- Explainable Threat Insight Dashboards
- MITRE ATT&CK Framework Support: Explainable indicators mapped to the MITRE ATT&CK framework for actionable analyst remediation
- File Intelligence Dashboard: Enhanced summary of the organization’s overall security posture with at-a-glance views into top malware families investigated with human readable understanding broken out by type, and extracted network observables.
- New Timeline Analysis Panel: Visualizes zero-day events identified by ReversingLabs before and in comparison to third party detection engines
“Effective machine learning results depend on having the right volume, structure, and quality of data to convert information into a relevant finding,” said Vijay Doradla, Chief Business Officer at SparkCognition. “With access to ReversingLabs cloud extensive repository, we have the breadth, depth, and scale of data necessary to train our machine learning models. Accurate classification and detection of threats fuels the machine learning-driven predictive security model leveraged in our DeepArmor next-generation endpoint protection platform.”
1, 2 Gartner, “Emerging Technologies and Trends Impact Radar: Security,” Lawrence Pingree, et al, 13 November 2019
ReversingLabs helps Security Operations Center (SOC) teams identify, detect and respond to the latest attacks, advanced persistent threats and polymorphic malware by providing explainable threat intelligence into destructive files and objects.
ReversingLabs technology is used by the world’s most advanced security vendors and deployed across all industries searching for a better way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.
ReversingLabs Titanium Platform provides broad integration support with more than 4,000 unique file and object formats, speeds detection of malicious objects through automated static analysis, prioritizing the highest risks with actionable detail in only .005 seconds. With unmatched breadth and privacy, the platform accurately detects threats through explainable machine learning models, leveraging the largest repository of malware in the industry, containing more than 10 billion files and objects. Delivering transparency and trust, thousands of ‘human readable’ indicators explain why a classification and threat verdict was determined, while integrating at scale across the enterprise with connectors that support existing SIEM, SOAR, threat intelligence platform and sandbox investments, reducing incident response time for SOC analysts, while providing high priority and detailed threat information for hunters to take quick action. Learn more at https://www.reversinglabs.com, or connect on LinkedIn or Twitter.
Jennifer Balinski, Guyer Group