2023 Updates in Review: Malware Analysis and Threat Hunting
2024-1-10 20:30:0 Author: securityboulevard.com(查看原文) 阅读量:6 收藏

Malware Analysis and Threat Hunting

Throughout ReversingLabs’ 14-year history, our products have constantly excelled and improved to tailor the needs of our customers and match the changing cybersecurity threat landscape. 2023 was no exception to this growth in product quality. This past year, we have delivered key improvements to ReversingLabs Threat Intelligence, Elastic Threat Infrastructure, and Threat Analysis & Hunting solutions, providing more efficient and cutting-edge platforms fit for the busy security practitioner. 

Here are the major improvements to ReversingLabs malware analysis and threat hunting solutions in various areas that are helpful to our customers.

Dynamic Analysis

To mitigate modern-day threats and potential attacks, a complete understanding of malware behavior is a must. ReversingLabs continues to increase file analysis depth and coverage by combining our high-speed static analysis with new dynamic analysis capabilities.

In 2023, ReversingLabs further enhanced our RL Cloud Sandbox dynamic analysis capabilities for the A1000 and TitaniumCloud.

Display of RL Cloud Sandbox Analysis Summary

Figure 1: Display of RL Cloud Sandbox Analysis Summary.

File classification has been improved by additionally using RL Cloud Sandbox dynamic analysis results with ReversingLabs proprietary static analysis, simplifying the process of deciding if a sample is malicious. For the A1000 platform, improvements include the ability to automatically download dropped files from RL Cloud Sandbox and analyze these files using RL’s TitaniumCore static analysis, eliminating the need to download artifacts locally. For TitaniumCloud, the solution’s dynamic analysis capabilities have been expanded to support MacOS, Linux, and Windows 11 profiles, all in a single interface. 

File classification has been improved by additionally using RL Cloud Sandbox dynamic analysis results with ReversingLabs proprietary static analysis, simplifying the process of deciding if a sample is malicious. For the A1000 platform, improvements include the ability to automatically download dropped files from RL Cloud Sandbox and analyze these files using RL’s TitaniumCore static analysis, eliminating the need to download artifacts locally. For TitaniumCloud, the solution’s dynamic analysis capabilities have been expanded to support MacOS, Linux, and Windows 11 profiles, all in a single interface.

Network Threat Intelligence

ReversingLabs has the largest private repository of goodware and malware files in the world, which continues to grow each day. We know the importance of having validated, up-to-date file and network threat intelligence and the necessity to constantly improve on our solutions’ capabilities so that customers can trust and best utilize this data corpus. 2023’s improvements in this area consisted of updates to RL’s TitaniumCloud and TitaniumScale platforms. 

A view of a domain search involved in malicious activity

Figure 2: A view of a domain search involved in malicious activity.

For TitaniumCloud, users can now get up-to-date domain and IP reputations for blocking pertinent threats, based on a list of top threats, reputation data from various sources, statistics for downloaded malicious files, and a list of related URLs. Additionally, TitaniumCloud now delivers more lightweight, fast and simple lookups for domains, IPs, and URLs, which better automates network reputation workflows. Regarding TitaniumScale, users now can configure the retrieval of TitaniumCloud reputation for all network IOCs (Indicators of Compromise) found during file analysis, which enables valuable insights into potential threats and vulnerabilities.

Data Visualization

ReversingLabs understands how important it is for SOC teams to analyze data efficiently and meaningfully, which is why continual enhancements and improvements to data visualization are a must. This year, the A1000 platform had several data visualization improvements. These include a more intuitive navigation design for users when previewing samples, eliminating the need for a user to open an individual sample summary screen just to assess it. Also, antivirus detections are now displayed on the Cloud Sample Summary page and an expanded row from the Search interface improves the efficiency of triage processes for A1000 users. 

Display of expanded row sample preview in the A1000 platform

Figure 3: Display of expanded row sample preview in the A1000 platform.

Threat Hunting

Easing the job of threat hunters is what we do best, which is why ReversingLabs prioritizes improving such capabilities within our solutions. For the A1000 platform, improvements in 2023 included a new and intuitive Relationships Graph, which offers a simplified, node-based graphical overview of opened samples and all metadata connected to them. This gives enterprise SOCs a straightforward visual understanding of a sample and its related network data and files.

Display of the A1000 platform’s Relationships Graph

Figure 4: Display of the A1000 platform’s Relationships Graph.

YARA Rules

YARA is another area ReversingLabs continues to make improvements and enhancements to help threat hunting teams. In 2023, this included improving YARA import workflows by making it easier to upload rulesets from 3rd party repositories, as well as allowing users to select individual rules during the import of larger YARA rulesets. Another key YARA improvement is a ‘test run’ option so users can quickly validate newly created rulesets against a subset of samples, saving significant development time when it comes to writing and refining YARA rules.

File Analysis

For improved file analysis, ReversingLabs made several updates to the TitaniumScale platform in 2023. Users now have more control over TitaniumCore performance through the ability to choose between two processing modes: high-speed or rich report metadata. Additionally, new options for file analysis outputs reduce report sizes and process faster than before, creating a more efficient workflow.

Automations and Integrations

Making our solutions more intuitive and compatible with other services is a high priority for our team, which is why several notable improvements have been made to the TitaniumScale platform in 2023. This includes an updated global navigation bar for better visibility into supported integrations, connector configuration, and statuses, as well as ease of administration for the user. An additional improvement to the platform is a centralized interface for automated deployment, configuration and updating of all appliances managed by C1000, improving workflow efficiency, and ensuring consistency.

Improved centralized interface for appliance management

Figure 5: Improved centralized interface for appliance management

User Experience

ReversingLabs takes the user experience (UX) seriously for all of our solutions, which is why the TitaniumScale platform underwent new UX improvements in 2023. One of these updates is that files can now be examined on C1000’s Analytics Dashboard, delivering live insights into detected threats. This provides greater visibility into an organization’s security posture and improves the efficiency of hunting and triage workflows for the SOC. In addition, SOC analysts can now perform further analysis of files via one-click pivoting to the A1000 Sample Summary from the C1000 Analytics Dashboard, which enhances investigation and hunting workflow efficiency for security teams. 

C1000 Analytics Dashboard with one-click pivoting to A1000 sample summary

Figure 6: C1000 Analytics Dashboard with one-click pivoting to A1000 sample summary

The Work Doesn’t Stop Here

The improvements ReversingLabs made to its solutions in 2023 empower our customers to more efficiently manage their enterprise SOCs and mitigate any modern-day cyber threats coming their way. RL is constantly staying up to speed with today’s threat landscape to ensure that our solutions properly serve our customers’ needs. Change is constant in cybersecurity, so our customers can expect more improvements to ReversingLabs Threat Intelligence, Elastic Threat Infrastructure, and Threat Analysis & Hunting solutions in 2024.

*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by ReversingLabs. Read the original post at: https://www.reversinglabs.com/blog/2023-updates-in-review-malware-analysis-and-threat-hunting


文章来源: https://securityboulevard.com/2024/01/2023-updates-in-review-malware-analysis-and-threat-hunting/
如有侵权请联系:admin#unsafe.sh