Quarkslab is excited to announce the release of a new version of Quarks Flow, a cloud-friendly, automated file analysis platform for malware detection.
PARIS, November 17th, 2021- Quarkslab announced today the release of Quarks Flow version 1.3, its scalable cloud-friendly, automated file analysis platform.
The need for quick and accurate malware detection at scale is indispensable and security teams are increasingly turning to automation to standardise their processes, help their analysts work smarter and restore trust quickly post a breach.
Quarks Flow aims to provide SOCs, CERTs and Managed Security Service Providers (MSSPs) with a platform to fight against malware arising from files. A sovereign, cloud-native platform, Quarks Flow automates and orchestrates malware detection workloads at scale using diverse set of detection tools and techniques. The actionable results produced by Quarks Flow provide insights, visibility and speed of reaction to analysts before, during and after an intrusion, maximizing detection and minimizing response times.
Read on to find out the latest improvements, what’s new and what has changed in the new version.
Quarks Flow v1.3
Quarks Flow Store improvements
The Probe store is at the heart of every Quarks Flow
instance. It allows the users to not only browse the different analysis probes
that are available but also to manage their entire life cycle – install,
update, and uninstall.
In the v1, we had some of these features accessible through the Probe Store Web UI, but some of the actions were only possible through the API.
With the current release, Quarks Flow administrators can perform all these actions directly through the Web UI. Administrators can now restrict access to certain probes only to users with an Analyst role, to limit the use of probes that may have usage limits or incur additional third-party costs.
We also took this opportunity to redesign the Probe Store to ensure all actions can be performed consistently and clearly.
Additionally, we optimized the probe store APIs on the backend which in some cases reduced the response times by more than 90%.
We improved the Web UI to make it easier for users to browse through their file history, view the details of the latest analysis of a file and look at the historical record of all previous analysis.
As analysis Probes are constantly updated with new signature definitions, IOCs and detection rules, what was not detected as malware yesterday may be flagged as such today. Users can now trigger a file re-scan from the Web UI, thus making it easier to stay on top of evolving threats.
Advanced file scan
Users with an Analyst role can now manually select the set of Probes to scan a given file. This allows for fine-grained analysis where an analyst can pick Probes that may perform a more in-depth analysis, or are costlier, than what is normally used in the standard default workflow.
First iteration of Integration API
Quarks Flow is built as an open platform to which customers could integrate easily via a RESTful API. However, we saw the need for a dedicated Integration API tailored for specific scenarios where clients need to submit large batches of files in just one API call. In addition to the existing API, the new Integration API provides a new simplified endpoint for programmatic integration with Quarks Flow. Client programs can now choose between using the traditional API that has more granular control or the new simplified API to analyse files in bulk.
It is no secret that cyber threats today are more complex, frequent and challenging to detect and mitigate. This is especially true of malware, which continues to evolve at a rapid pace year after year. As threat actors get smarter, so do automated security analysis solutions. Unlike in the past, today’s threat landscape affects all aspects of a business and is not just a concern for the cybersecurity teams.
“This new version of Quarks Flow evolved further from our initial release of July 2021 based on the feedback and requests we gathered from our customers,” said Iván Arce, CTO Security Analysis at Quarkslab. “We are very happy with how Quarks Flow is shaping up and we have a lot of interesting features lined up for 2022. The threat landscape is growing fast both in volume and pace, to cope with that trend, orchestration and automation are really necessary to augment the capabilities of security teams. We think Quarkslab can contribute to that”, he added.
Quarkslab is a French company specializing in information security R&D, consulting and software development. Our expertise is in combining offensive and defensive security to help organizations adopt a new security posture: Force the attackers, not the defender, to adapt constantly. Through our consulting services as well as our software, we provide tailored solutions to organizations, helping them to protect their assets, sensitive data, and users against increasingly sophisticated attacks.