Enhancements Enable Security Operations Teams to Accelerate SIEM Triage, Automate SOAR Playbooks, and Hunt Threats Continuously
Cambridge, MA - November 20, 2019 - ReversingLabs, the leading provider of destructive object insights delivering SOC decision support, automation and threat analytics solutions for triage, incident response and hunting teams today announced enhancements to its application for Splunk® Enterprise. ReversingLabs integrated Titanium Platform enriches Splunk data with next-generation malware analysis and local threat intelligence for real-time correlation and threat detection results. New capabilities for ReversingLabs Splunk application further automate triage, incident response, and hunting tasks for security operations analysts, architects and threat hunters.
“We recognize that security operations teams continue to face skill and resource challenges while seeking more efficient ways to cope with exploding data, growing attack surfaces and new threats,” said Mario Vuksan, CEO and co-founder, ReversingLabs. “As such, ReversingLabs enhanced integration with Splunk can be a force multiplier for security operations teams seeking to accelerate SIEM triage, automate malware analysis and incident response, enrich investigations, and fuel better orchestration and analytics workflows and decision making.”
By ingesting detailed malware analysis from the ReversingLabs Titanium Platform, Splunk provides security operations teams with additional file reputation capabilities to automate and accelerate the identification and investigation of malware threats. Specifically, ReversingLabs now provides improved email and phishing decision support for Splunk with its ReversingLabs Splunk App, including:
Splunk Triage & Response
- Enhanced File Reputation Correlation – Drive faster triage and analysis through direct Splunk search bar correlation.
- New Splunk Analysis for Quarantined Files – Tanium visibility into Symantec QBD AV quarantined files for integration and analyst visibility.
- New Splunk Analysis for Macro – Macro to executable converter (VBS2Exe formats) extends coverage with less work for analysts.
Advanced Email & Phishing Detection
- Enhanced Email Processing and Classification – Improved email storyteller adds additional email specific tags to yield better, faster results.
- New Deceptive Email Detection – New deceptive email header detection reduces malware going undetected.
Advanced Malware Detection
- Enhanced URL Analysis Reference and Blacklisting – enhancements provide quicker results.
- New Deceptive Link Detection – URLs within HTML files uncovers deception tactics.
- New Malware Detections – Generic worm threats, Ramnit Virus and Ransomware including DelphiRansomware, Dragon, Jaffe, Jemd, Lurk, LuckyJoe, Animus, DCRTR, EZDZ and Hermes improves detection performance.
Security operations personnel will also benefit from ReversingLabs dashboard enhancements which provide improved screen navigation and data consolidation. Security analysts will appreciate enhanced Splunk integration with ReversingLabs which highlights a threat landscape view, showing both threat exposure over time and undetected threats, and an added URL analysis module. Updated Splunk integrations from ReversingLabs will be available in the near future.
ReversingLabs helps organizations to find and neutralize the enemy within. Providing advanced malware analysis and insights into destructive files and objects, ReversingLabs addresses the latest attacks, advanced persistent threats and polymorphic malware. ReversingLabs has become an essential threat solution across the most advanced security companies in the industry, while supporting all industries searching for a better way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.
Through its Titanium Platform, ReversingLabs delivers automated static analysis and file reputation services that represent the fastest and most accurate insights in the industry, finding the hidden objects that are armed to destroy enterprise business value. We maintain the largest repository of malware and goodware in the industry of more than 10 billion files and objects, and are the only vendor to speed analysis of files in milliseconds. ReversingLabs seamlessly integrates at scale across the enterprise with connectors that integrate with existing security investments, reducing SOC triage time with real-time decision support, and automating investigation and control action for incident responders , while providing continuous hunting through advanced tooling . Learn more at https://www.reversinglabs.com, or connect on LinkedIn or Twitter.
1 (570) 765-1091