Product roundup – May 2023

All of us at Stairwell continue to pursue our mission to make hard jobs easier for threat hunters, SOC analysts, and cybersecurity teams as a whole. To help their organizations defend against attackers, we believe using the latest technology and having a totally new approach to address the ever-changing threat landscape is the only way to be able to accurately detect and respond to threats.

So, we’re back at it again with another edition of the product roundup. If you missed the last Product Roundup – March 2023, check it out to see how we’re making the security team’s lives easier by automating threat report ingestion and scanning for related IOCs across your entire environment, now and in the past.

Automate reverse engineering of malware 

Mandiant’s capa scanner has been added to the arsenal of static analysis tools that scan files within the Stairwell platform. It automatically scans files for specific capabilities of executable files and will generate an easy-to-understand, comprehensive list of potentially malicious actions a file can take.

The capa scanner also automatically correlates these capabilities to MITRE ATT&CK tactics and Malware Behavior Catalog (MBC) behaviors. This new capability will help analysts using Stairwell supercharge their triage workflows and develop a deeper understanding of the files they investigate in their environments.

Keep executives up to date with automated reports

Live Threat Reports deliver near real-time value to users by showing if an organization has potentially malicious matches against any threat report. While this is extremely useful to threat hunters and analysts, additional stakeholders (like leadership teams) may want to see the results but may not have access to the platform.

In addition to the live Threat Reports, customers are able to take advantage of the Health Check report, which gives you the power to automate the creation of a report for a given threat or exploit. Next time a manager or executive asks, “Are we affected by [name your threat]?” the analysis and report generation will be done in minutes instead of days or weeks.

macOS: Easily deploy and manage the Stairwell file shipper 

Ease of deployment and manageability is important for any admin responsible for deploying a security tool. We’ve extended our policy functionality to now include macOS deployments.

With the latest release,  macOS policies now allow for full management of what file types are ingested by the Stairwell file shipper and the behavior behind the collection. This can be configured to collect/exclude a given file type/path or ignore certain file types unless the file shipper sees a suspicious execution event, in which case the file will be uploaded. Additional policies will continue to be released and are planned on the Stairwell roadmap.

Expand your coverage with new unpackers

In our ongoing effort to ingest every binary and executable file, .vbn and .asar files are the latest additions to Stairwell unpackers. A .vbn file is associated with Norton Corporate Anti-Virus quarantined files, and this addition allows threat hunters to gain a deep understanding of what threats are actually being identified on corporate systems. An .asar file is an archive used to package Electron applications. With Electron’s popularity in desktop app development, malware targeting these archives are on the rise.
Stay tuned for the next update! In the meantime, feel free to drop us a line or take a virtual tour of the Stairwell platform.