MITRE ATT&CK® Mapping, Indicator Transparency and Interactive Storytelling Provide Added Context, Transparency and Prescriptive Recommendations
CAMBRIDGE, Mass. - August 4, 2020 - ReversingLabs, the leading provider of explainable threat intelligence solutions, today announced new capabilities for its Titanium Platform, continuing to support its novel approach to machine learning malware detection. The platform remains the first machine learning-powered classification system designed to provide explainable insights and verification that better support humans in the incident response decision making process. ReversingLabs new capabilities are accessible for demonstration in the Virtual Business Hall at Black Hat August 5-6. Registered attendees of Black Hat may visit ReversingLabs booth beginning August 5.
ReversingLabs Explainable Threat Intelligence approach to threat intelligence and detection automates time-intensive threat research efforts with the level of detail practitioners need to better understand events, improve productivity and refine their skills. Features announced today optimize analysts’ ability to quickly understand and take action, reducing the time to detect and respond to threats and minimize organizational impact. Direct integration with and better visibility into MITRE ATT&CK tactics, techniques and procedures; unique full indicator transparency for confident classification and understanding; and interactive storytelling linking malware sample behaviors all combine to deliver actionable intelligence and upskill threat hunting and security operations teams.
“Inundated by volumes of threat data and lacking the skills or tools necessary to analyze and understand it, security operations and threat hunting teams struggle to adequately assess and respond to malware risks effectively,” said Mario Vuksan, CEO and Co-Founder, ReversingLabs. “ReversingLabs Explainable Threat Intelligence approach and enhanced platform capabilities combined with the depth and scale of objects and file formats in our repository and split-second analysis ensures that security teams gain human-readable, actionable insights that enable them to quickly and accurately detect, classify and remediate malware threats.”
Modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. Moreover, because signature, AI and machine learning-based threat classifications from “black box” detection engines come with little to no context, security analysts are left in the dark as to why a verdict was determined, negatively impacting their ability to verify threats, take informed action and extend critical job skills. ReversingLabs Explainable Threat Intelligence approach leverages threat data from both internal and external sources to systematically analyze each layer of these complex objects, generating transparent “glass box” actionable intelligence and human interpretable data to detect, classify and respond to malware threats. Combining static, dynamic, and machine learning analysis, ReversingLabs Titanium Platform automates the vast majority of repeatable, time-consuming, and error-prone analysis tasks using a breadth of modern techniques, including object reputation, similarity analysis, and metadata correlation to discern, define and describe good from bad.
Available immediately, ReversingLabs updated Titanium Platform delivers:
- Increased ATT&CK visibility:
When surfacing malware sample details, ReversingLabs results now give prominence to ATT&CK data, making it easier to address threat analysis gaps and accelerating triage investigation and response activities. ReversingLabs visualizes file indicators across the ATT&CK framework, mapping to unify attack techniques and support better planning for defense and mitigation strategies. Analysis summary reports highlight the top three techniques by count with a full, expandable list of ATT&CK data easily accessible.
- One of a kind indicator transparency:
Human-readable explanations for why an indicator appears in a sample analysis report have been expanded to show relevance (high or low) for indicators detected by ReversingLabs Explainable Machine Learning models. ReversingLabs platform is the only threat intelligence solution that gives practitioners the context and transparency needed to more quickly identify, verify and classify results. Additional icons and explanations are also displayed for supported malware types, including ransomware, keyloggers, worms, and backdoors, when a machine learning model has been used to detect them and classify the sample. Brand new Explainable Machine learning classification model that detects Windows malware regardless of its threat type has also been added to the platform.
- Interactive storytelling:
Results for malware sample summaries describing sample behavior now contain links to enrich the malware hunting experience. Each link leads to an advanced search, automatically performing a search query for samples based on the selected indicator of compromise (IoC). Including this level of detail provides the threat analysts and researchers the ability to quickly pivot through ReversingLabs 10B+ sample repository. With this functionally, teams will spend less time triaging information importance and will have more time to focus on incident response.
Open Source YARA Rules
Also available today, ReversingLabs released a new open source YARA rule, aimed at detecting certificates commonly misused by malware. Since first launching open source YARA rules last month, ReversingLabs has continued to add new rules to ReversingLabs GitHub source weekly. Unveiled at ReversingLabs inaugural threat hunter summit REVERSING 2020, these now publicly available rules enable threat defenders to detect a multitude of prominent and prevalent malware downloaders, viruses, trojans, exploits, and ransomware, including WannaCry, Ryuk, GandCrab, TrickBot and others. With free access to rules that generate precise and accurate results and attribution, threat defenders can improve threat hunting and response rates and more quickly pivot from malware detection to threat response.
ReversingLabs is the leading provider of explainable threat intelligence solutions that shed the necessary light on complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC and Threat Hunting processes with a transparency that arms junior analysts to confidently take action.
ReversingLabs is used by the world’s most advanced security vendors and deployed across all industries searching for a more intelligent way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.
ReversingLabs Titanium Platform provides broad integration support with more than 4,000 unique file and object formats, speeds detection of malicious objects through automated static analysis, prioritizing the highest risks with actionable detail in only .005 seconds. With unmatched breadth and privacy, the platform accurately detects threats through explainable machine learning models, leveraging the largest repository of malware in the industry, containing more than 10 billion files and objects. Delivering transparency and trust, thousands of ‘human readable’ indicators explain why a classification and threat verdict was determined, while integrating at scale across the enterprise with connectors that support existing file repository, SIEM, SOAR, threat intelligence platform and sandbox investments, reducing incident response time for SOC analysts, while providing high priority and detailed threat information for both developers and hunters to take quick action.