ReversingLabs is proud to announce new features for Spectra Analyze (formerly A1000) and Spectra Detect (formerly Titanium Scale). Our goal at ReversingLabs is to consistently improve the quality and efficiency of our platform to exceed the needs of our customers and stay ahead of the evolving threat landscape.
Spectra Analyze v9.1 Release Highlights
RL Spectra Analyze empowers all levels of the SOC with in-depth, automated malware analysis, context-rich file and network intelligence, and decisive threat classifications to drastically reduce false positives and accelerate alert triage. This latest release builds on these capabilities to further empower SOC teams and speed investigations. Below are the highlights of this release.
Network Threat Intelligence Improvements
Based on customer feedback and performance testing, our team has made key enhancements to our network threat intelligence capabilities.
New Network Summary Page. We know the importance of an intuitive and smart interface to ensure the right information can be found as quickly as possible, which is why we’ve completely redesigned the network threat intelligence page. The goal of the new Network Summary page is to increase SOC productivity and accelerate investigations by displaying all key network findings on a single screen for at-a-glance visibility of the most important information. Furthermore, we’ve added even more valuable network metadata, including Passive DNS, WHOIS, ASN, and certificates.
RL Spectra Analyze: Network Threat Intelligence Summary Page
URL Analysis Added for Spectra Sandbox (formerly RL Cloud Sandbox). Keeping with network threat intelligence improvements, customers can now perform URL analysis in our built-in cloud sandbox. This provides security teams with additional URL metadata plus screenshots from dynamic detonations to further enrich investigations. All of this information is easily accessible from the new network summary page.
RL Spectra Analyze: URL Analysis Screenshots
Search and Threat Hunting Enhancements
We also continue to improve our Search and Hunting capabilities to increase the efficiency and productivity of incident responders and threat hunters.
Group Keywords. We’ve implemented an expanded set of familiar keywords, including new group keywords to simplify the process of finding interesting samples. New group keywords include certificate, certificate-country, document, section, segment, and software.
YARA Matched Strings in HEX Preview. This new feature visualizes which part of the binary was matched by a given YARA rule. Threat hunters can now quickly view the exact location of found strings sections in the HEX preview within Spectra Analyze.
RL Spectra Analyze: YARA Matched Strings in HEX Preview
Spectra Detect v5.1 Release Highlights
RL Spectra Detect provides the only high-volume, high-speed analysis of the largest files from across the enterprise, supporting custom detection rules, IOC extraction, and rich behavioral reports. With Spectra Detect, enterprises can automatically ingest and assess millions of files a day from web traffic, email, endpoints, cloud storage, network shares, collaboration tools, and more – at unprecedented speed and accuracy. This latest release adds key functionality for enterprise threat hunting, as highlighted below.
Private YARA Retro Hunting
With the release of Spectra Detect v5.1, customers can conduct retro-YARA queries against private, enterprise-specific files at scale. Retro hunts are easily run against local or remote storage. This enables complete incident response workflows, allowing IR teams to retroactively investigate potentially compromised files by rapidly rescanning key historical files with updated YARA rules.
RL Spectra Detect: YARA Retro Hunt
The Work Doesn’t Stop Here
At ReversingLabs, we continually strive to meet and exceed our customers' needs and expectations, which means we’re always working to improve and enhance our solutions. Stay tuned for more exciting product updates!
