Industry’s First AI-Driven Complex Binary Analysis Detects Malware and Malicious Code Before Software Is Shipped or Deployed — Without the Need for Source Code
Cambridge, MA—February 13, 2024 —ReversingLabs (RL), the trusted authority in software and file security, today announced the release of Spectra Assure best-in-class software supply chain security solution, powered by the industry’s first AI-driven complex binary analysis to uncover material risk. Spectra Assure provides unparalleled protection against software supply chain attacks for software producers, as well as providing the necessary critical risk analysis for enterprise software buyers.
“Spectra Assure answers the fundamental question for those shipping or deploying software: How do you know when your software has been compromised or tampered with? How do you know when your software is malware?” said Mario Vuksan, CEO and Co-founder, RL. “Spectra Assure fills the gap left by the limitations of traditional application security testing solutions so organizations can quickly identify malware or malicious code across proprietary, commercial and open-source software, as well as all elements or artifacts in your software.”
The Rise In Software Supply Chain Attacks
“Software supply chain attacks have seen triple-digit increases, but few organizations have taken steps to evaluate the risks of these complex attacks,” according to the recent Gartner® report Mitigate Enterprise Software Supply Chain Security Risks. “The lack of transparency and trust within the global software supply chain has emerged as a critical issue for organizations of all kinds.”
RL also spotlighted this increase in its recent State of the Software Supply Chain Security 2024 report, revealing that software supply chain threats on open-source alone have increased 1,300% over the last three years. RL also reported a 400% increase in malicious packages on the Python Package Index (PyPI) in 2023.
Spectra Assure Closes The Hole In the Software Supply Chain
Traditional application security testing solutions like SAST, SCA, or DAST are limited as they may only focus on open-source software, are not designed to identify malware or malicious components, and cannot analyze the entire software package. Organizations using only these tools risk having a blind spot or hole in the software supply chain impacting both software producers and their business consumers.
Leveraging AI-driven complex binary analysis, Spectra Assure provides a comprehensive build exam that accurately identifies malware and tampering before release or deployment. It analyzes the entire software package, including first, second, and third-party components for threat detection. Spectra Assure is the only solution capable of handling large and complex software packages that are gigabytes in size, deconstructing and reporting on issues in as little as minutes or hours.
Spectra Assure Addresses Three Critical Challenges
The increase in software supply chain attacks impacts businesses in three critical areas which Spectra Assure addresses head on:
- Critical Asset Protection. Help application security teams secure builds before their final release and vendor risk managers ensure software is safe to deploy.
- Financial Impact. Reduce or eliminate financial losses.
- Breach of Duty. Address the growing regulatory and compliance needs for corporations and their CISOs.
“Built on the world’s largest threat repository containing over 40 billion pieces of malware, goodware, and attack intelligence, Spectra Assure enables software producers and their enterprise buyers to identify compliance issues, exposures, and threats like malware, tampering, vulnerabilities, mitigation guidance, exposed secrets, and license issues – all without the need for source code,” said Tomislav Peričin, Chief Software Architect and Co-Founder, RL. “Our complex binary analysis delivers a comprehensive risk assessment report that lets you identify, assess, and resolve critical issues, delivering the trust and assurance you need before you ship or deploy your software.”
Delivering Critical Capabilities
Spectra Assure delivers the following critical capabilities to address the need for modern, comprehensive software supply chain security.
- AI-Driven Complex Binary Analysis
- Malware and Threat Detection
- Tampering Identification
- Software Integrity Validation
- Secrets Detection
- Vulnerability Prioritization
- Hardening and Mitigation Guidance
- Comprehensive Software Bill of Materials (SBOM)
Learn More
To learn more about Spectra Assure and how it delivers comprehensive software supply chain security, join us on March 7 at 11:00 a.m. ET for Know When Your Software is Malware: The New Era of Software Security . In this webinar we’ll discuss the limitations of traditional application security solutions, and how we close those gaps for both software producers and enterprise software consumers.
Additional Information
- To learn more about RL Spectra Assure software supply chain security solution, click here.
- To watch a video explaining how RL Spectra Assure identifies malware, tampering, and risks, click here.
- To learn more about RL Complex Binary Analysis, click here.
- To read the Gartner report “Mitigate Enterprise Software Supply Chain Security Risks.” click here.
- To learn more about the “State of Software Supply Chain Report 2024,” click here.
- RL was named “Hot Company for Software Supply Chain Security” by Cyber Defense Magazine. Click here to learn more.
About ReversingLabs
ReversingLabs is the trusted authority in software and file security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, the ReversingLabs Titanium Platform® powers the software supply chain and file security insights, tracking over 40 billion files daily with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.
Gartner, “Mitigate Enterprise Software Supply Chain Security Risks” Dale Gardner, 31 October 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.