ReversingLabs Software Supply Chain Security Platform

Additional Info

CompanyReversingLabs
Websitehttp://www.reversinglabs.com
Company size (employees)100 to 499
Headquarters RegionNorth America

Overview

In 2022, Gartner predicted that 45% of organizations will suffer from supply chain attacks by 2025. Despite this figure, most organizations producing software for their business or customers still fail to fight back against attacks from cybercriminals and nation-state actors targeting their supply chains. According to a ReversingLabs research report titled, “Flying Blind: Software Firms Struggle To Detect Supply Chain Hacks”:
While 98% report that third-party software use, including open-source software, increases security risks, only 51% report being able to protect their software from supply chain attacks.
87% agree that software tampering is a new vector with breach opportunities for bad actors, but only 37% indicate they have a way to detect it across their supply chain.

While these firms recognize these threats and admit their struggle to prevent them, many maintain a business-as-usual approach. According to the research:
54% of respondents say their firm knowingly releases software with potential security risks

Since the early days of SolarWinds SunBurst, ReversingLabs has taken action to help mitigate these threats. First, with its ReversingLabs Managed Software Assurance service, which provides a proactive and transparent approach to understanding the threats that exist within software. In 2022, ReversingLabs Managed Software Assurance was named a GOLD GLOBEE winner for Best Security Service.

Later in 2022, ReversingLabs expanded its commitment by releasing ReversingLabs Software Supply Chain Security (SSCS). The new platform addresses the fact that reducing exposures and vulnerabilities during the coding process is no longer enough. Companies today require a software supply chain security solution that scans software builds, binaries, release packages, and containers for malware, software tampering, and other software supply chain threats, deployment, or compliance risks.

ReversingLabs SSCS addresses this need by automating software supply chain security analysis, policy controls, and auditing required by different teams at various stages of software development and delivery pipelines. For example, with

How we are different

ReveringLabs differentiators include:
End-to-end Development, SOC and Risk Team Support and Workflows: Democratize software decision making across teams:
Development and AppSec teams can safely release.
IT and Procurement can securely deploy
SOC can detect, isolate and respond.
Risk & Audit teams can comply with internal/external standards and mandates.


See More Software Risks: Cross-functional teams expand visibility beyond vulnerabilities by analyzing software tapering, THE largest contributor to modern software risk. Differentiators include:
Largest Threat Intelligence Repository: 14 years aggregating malware/goodware privately based on 46 AV scanners & threat intel platform adding 8M+ daily.
Extensive Policy and Software Support: Supports 4800+ file types – JAVA, .NET, python, Mac OS, Linux, MS Office, PDF, APK, Docker
Proprietary recursive binary analysis: Unpacks, deobfuscates, extracts metadata, and classifies down to the lowest level.
Leading Analysis Speed of Large Complex Software Packages: Analyze largest proprietary and open-source complex files in seconds– 10GB+ files at 10M files per day – enabling frictionless release & deployment.
Comprehensive Software Risk Visibility and Prioritization: Visibility into malware, tampering, differential behaviors, secrets, certificate misconfigurations and dependencies to prioritize remediation, release, deployment and decision making.


Optimize Dev & SOC Tech Investments: Existing AppSec solutions (SAST, DAST & SCA) focus on vulnerabilities and code quality issues at the expense of threats and cannot identify malicious and unauthorized changes to software behaviors that prestage attacks (e.g. ability to change account privileges). ReversingLabs SSCS optimizes these investments.


While malware analysis and hunting investments aren’t engineered to analyze large complex files, binaries, and software packages, ReversingLabs SSCS enables SOC teams to complement AV, EDR, and Sandbox solutions with the ability to scan larger software executables. Because today’s third-party software binaries and updates often exceed the file size limits for effective threat assessment, ReversingLabs enables SOCs to identify software supply chain threats hidden within large executables that circumvent those controls.