ReversingLabsReversingLabs

CEO Mario Vuksan Panel Discussion at RSA. Learn More

Solution

Real-time elastic file analysis infrastructure

Data center
building block
for real-time processing of massive amounts of files

Integrated malware identification, policy violation checks and indicator extraction

Match custom
SOC, DHS and FBI YARA rules
for enhanced
visibility

Process massive amounts of files for malware identification, policy violation checks and content indexing in a cost efficient and rapid fashion. New data center infrastructure building block for file and payload analysis. Solves malware automation analysis problems, as well as analysis of storage & cloud repositories.

TitaniumScale File Analysis Solution

The ReversingLabs TitaniumScale solution provides the industry's first high volume file assessment solution that elastically scales to process multiple terabytes of data per day. This solution enables organizations to build an automated infrastructure for real-time assessment of files in transit or at rest. The TitaniumScale assessment criteria is customizable for each organization’s unique requirements supporting internally developed SOC YARA rules, or YARA rules obtained from third parties such as DHS, FBI or FS-ISAC.

TitaniumScale provides the industry's first high volume file assessment solution

The TitaniumScale solution implements a scalable architecture that integrates with network forensics, SIEM and analytics platforms. TitaniumScale object analysis solution easily integrates with Web sensors (Symantec Security Analytics, ReversingLabs N1000, Bro), endpoint solutions, email gateways, and any file source that requires analysis. The results of the analysis and files can be stored in external object store and/or pushed to external analytics systems such as Splunk or our ReversingLabs A1000 for detailed file analysis.

Solution

Hunt for Malware using World’s Largest Malware Repository

Over 3,200,000,000 files available for analysis

Hunt for Malware using YARA and code similarity against World’s Largest Repository of File Reputation data and files. Augment your Threat Intelligence repository with the richest set of file threat reputation data including over 3,000 indicators per file.

Yara

Hunt using YARA and code similarity against 3.2B unique files

Privacy controls

Privacy controls prevent accidental data leakage

Safe malware storage

Local solutions for safe malware storage and advanced file analysis

Advanced local and global hunting capabilities are enabled through a combination of RHA functional similarity hashing and custom YARA rules. Every RHA hash potentially identifies thousands of functionally similar malware files, even though each has a unique SHA-1 hash. RHA detects new & unknown malware variants functionally similar to known malware. The TitaniumCloud File Reputation service and the A1000 appliance support custom YARA rules for automatically identifying threats of interest.

RHA
Yara

The ReversingLabs Threat Intelligence and Hunting solution provides researchers, auditors, and responders a centralized analyst workspace to automatically find and cluster files. Comprehensive hunting solutions discover both internal and external threats using TitaniumCloud File Reputation services. Furthermore, the A1000 Malware Analysis appliance can manage all malware for an organization in a safe, centralized location that obviates the need for malware to be emailed or stored locally on analysts’ machines, avoiding regulatory risks.

Solution

Continuous Incident Response

Proactive data acquisition and inspection provides defenders with the best means of defense against sophisticated cyber attacks. This ReversingLabs solution provides actionable intelligence on data collected from networks, storage and endpoints allowing security policy changes and the addition of custom detection rules and policies.

Collect

Collect

Unmonitored file flows within an IT infrastructure represent an enormous security blind spot and vulnerability. Industry experts report that less than a third of breaches are discovered by the targeted organization.

Analyze

Analyze

Our network appliance uses unique technologies to detect malicious files in web, email and file transfer traffic before execution. These technologies evaluate file DNA rather than symptoms of their behavior.

Protect

Protect

Our file reputation service and Automated Static Analysis technology provide the industry's most comprehensive contextual information on goodware and malware.

Products

How does CIR work?

The client deploys one or more sensors in the environment to analyze and collect data. These sensors are on the network (N1000) and/or on the endpoint (S1000). The sensors operate autonomously to detect threats in their respective domains but report findings (e.g. scan report or real-time file flow) and collected files back to the central server - A1000.

Mario Vuksan, RL CEO
"No single person or security company — I don’t care how good you are — can clean up everything. And unless you completely disinfect a system, it will come back."
Mario Vuksan, RL CEO The New York Times
Tomislav Pericin, RL CSA
"Continuous incident response (CIR) is ReversingLabs answer to increased number of advanced persistent threats attacking business environments. At its heart CIR is about the constant need for vigilance."
Tomislav Pericin, RL CSA RL Tech Talk