SBN

The Power of Complex Binary Analysis

Blog image Complex Binary Analysis-01-1A prism is a fascinating thing. It separates a single stream of light into different wavelengths to make visible different colors. It is a fitting metaphor for ReversingLabs complex binary analysis. It takes in a single entity, a file or software package, and through our own analysis and “refraction,” we can separate out critical insights, making it possible to see malware, tampering, vulnerabilities, exposed secrets, malicious behavior, and more. 

RL Spectra Assure delivers the industry’s leading complex binary analysis technology, powered by RL Spectra Core. It delivers critical visibility into malware, tampering, vulnerabilities, suspicious behaviors and more to prevent even the most advanced software supply chain attacks. Capable of digging deeper and providing the unfettered insights necessary for any analyzed binary, Spectra Assure delivers the fastest and most comprehensive solutions for automated static analysis of binary files. Proven in the field for over 15 years, ReversingLabs data analysis is used by the world’s leading cybersecurity enterprises and Fortune 500 partners to enable their security teams, power their security solutions, and enhance their visibility into the modern threat.

[ Get the white paper: Complex Binary Analysis: Closing the Software Supply Chain Security Gap ]

Software Supply Chain Attacks Upend Security Detection

In the evolving cybersecurity landscape, detecting and mitigating threats has become increasingly complex, especially with the rise of sophisticated attacks through software supply chains and advanced obfuscation techniques. Traditional application security testing (AST) tools, like SAST, DAST, and SCA, are now proving less effective in addressing modern software supply chain attacks. Their focus on vulnerabilities within a specific subset of the codebase- be it open source libraries, source code, or running web applications – overlooks issues such as tampering and the placement of malware inside trusted code. 

Because traditional AST tools require access to source code, they are unable to detect embedded risk within commercial-off-the-shelf (COTS) software procured from vendors. That represents a major visibility gap for third-party risk management (TPRM) professionals.  As a result, security teams may turn to cumbersome and resource intensive techniques like pen-testing, vendor questionnaires, or sandboxing to understand the software’s behavior. Sandboxing, specifically,  is resource intensive, and can be easily evaded using malicious techniques such as time-based payload execution delay methods like those used within the SolarWinds software supply chain attack.

Introducing Spectra Assure

The need to adopt a robust approach to analyze  both proprietary and third-party software packages and detect the most advanced software supply chain threats is clear.

Spectra Assure delivers the granular and accurate technology critical to scale to these complex threats. It is the heart of a highly scalable and automated complex binary analysis technology, adept at recursively unpacking and extracting threat and risk indicators and classifying files to enhance real-time and high-volume applications. By deconstructing binaries at scale and identifying malicious components before they make it to production, it provides a crucial layer of defense that bolsters the security of software supply chains and addresses a critical blind spot in cybersecurity defenses.

Analysis Without Detonation or Source Code

 Spectra Assure’s complex binary analysis can dissect and scrutinize the binary code without the execution of- or even the need for source code. This ability is critical for enterprise buyers that need to analyze third-party commercial software. Spectra Assure recursively unpacks an application’s components down to the binary elements and flags threats like malicious code, exposed secrets, tampering, suspicious behaviors, and more.

The World’s Fastest Software Deconstruction

The power of Spectra Assure’s complex binary analysis is not just in the depth of its analysis but also in its unmatched processing speed, providing a solution for operations of any scale – from a few files to millions of samples daily. Spectra Assure can unpack over 4800 file types down to individual DLLs, containers, and other post-build artifacts that can inflate the size of the application several times over. Beyond the files themselves, Spectra Assure also extracts proactive threat indicators (PTIs), and correlates each against a repository of over 3000 threat indicators and assigns a risk ranking accordingly. 

File and software size is no limiting factor, with Spectra Assure’s ability to deconstruct and analyze a1GB package with speed and accuracy in as little as 5 minutes. Analysis of a 30GB package can take as little as two hours. This scalability and efficiency make complex binary analysis a welcome solution to the challenges posed by today’s extensive attack surface and can keep development teams moving at speed.

Explainable Artificial Intelligence — xAI

Undocumented, novel malware requires a level of analysis that looks at specific threat indicators to determine whether the code is malicious or not. This is why Spectra Assure includes Explainable Artificial Intelligence (xAI) learning as part of its complex binary analysis engine.

xAI helps to classify unknown malware, while providing security analysts a deep and actionable understanding of “why” the detection was determined. Spectra Assure’s AI classification is based entirely on human readable threat indicators, coded to identify which of these indicators apply to a piece of potential malware. For example, in the case of malware, Spectra Assure will, in human readable terms, outline threat indicators such as whether the code can read, write, or encrypt files, or iterate certain disk drives. A perfect illustration of this concept is how Spectra Assure will explicitly call out threat indicators that mimic the attack that impacted SolarWinds in 2019. 

Mining The World’s Largest Threat Repository 

Of course, any threat analysis engine must also draw from a repository of known malware. When deconstructing and analyzing a software package for embedded threats, Spectra Assure’s complex binary analysis engine draws from Spectra Assure’s Threat Repository containing over 40 billion searchable pieces of malware, and goodware.

Beyond that, Spectra Assure also catalogs attack intelligence data such as malicious behavior and characteristics that could be an indicator of a software supply chain attack. In fact, 60 of the world’s leading cybersecurity vendors rely on our Threat Repository as a feed for the solutions they provide to customers. 

Complex Binary Analysis vs. Software Attacks

While specialized tools like software composition analysis (SCA) help prevent security issues in open source software from making it to the build, they are not designed to address the complexity of modern software supply chains, with their mix of proprietary, commercial and open source code. As such, SCA solutions can miss threats introduced elsewhere in the software supply chain. Software producers need the ability to validate trust and security of their products in the final state that they will be delivered to their customers. Spectra Assure provides that final build exam.

Simultaneously, TPRM professionals can benefit from complex binary analysis to analyze commercial (COTS) software packages and subsequent updates before deployment. By populating an actional SBOM that encompasses the entire executable package, not just open-source libraries, TPRM professionals can make more informed security decisions when assessing vendor risk and, subsequently, work with SecOps teams to establish the proper compensating controls post-deployment.

As the enterprise attack surface evolves, the tools we use to defend must also advance. The AI-Driven Complex Binary Analysis powering Spectra Assure transforms the way security professionals assess the security and integrity of complex software packages. Unmatched in its speed, capability, and accuracy, Spectra Assure addresses critical blind spots in cybersecurity defenses for enterprise software producers and third-party risk professionals. 

Learn More About ReversingLabs

ReversingLabs is the trusted name in file and software security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, the ReversingLabs Spectra Core powers the software supply chain and file security insights, tracking over 40 billion searchable files daily with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.

See our white paper for a full breakdown of how complex binary analysis powers Spectra Assure to bring comprehensive software supply chain security insights for enterprise software producers and buyers.

*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by ReversingLabs. Read the original post at: https://www.reversinglabs.com/blog/the-power-of-complex-binary-analysis