ReversingLabs Solutions

File Reputation & Threat Intelligence

Instant Access to a repository with Curated Information on 8 Billion Goodware and Malware Files

  • Increase detection analysis and response efficiency by instantly comparing samples against a massive goodware and malware file reputation database.
  • Faster results when hunting for relevant malware globally using flexible searches and pivoting on internal attributes, functional similarities, and threat indicators.
  • Monitor threats “in-the-wild” for specific malware or interesting file characteristics using YARA rules, watch lists and feeds.
  • Maintain privacy with all submissions and queries to avoid losing confidential information or tipping off adversaries.

How it works

ReversingLabs File Intelligence Service is the industry’s largest and most comprehensive source for up-to-date classification and rich context on files. ReversingLabs harvests over 8 million files daily and processes them with unique File Decomposition and Static Analysis technologies for unpacking and data extraction. This analysis exposes extensive data from all extracted objects, and makes it available to customers for searching, hunting and analysis.

Malware Analysis and Hunting

Combines Automated Analysis with Local and Global Intelligence to Uncover Threats

  • Quickly identify threats, address undetected malware, and correlate attacks through automated static analysis and search.
  • Leverage detailed file information to make rapid, informed decisions using automated static analysis enriched with global file intelligence.
  • Develop intelligence and context of files “in the wild” with advanced search, YARA hunting, alerts, feeds and other advance services.
  • Identify malware and bolster defenses by deploying YARA rules to increase effectiveness of local and global threat hunting.

How it works

The ReversingLabs Malware Analysis and Hunting appliance processes all files with unique Automated Static Analysis to unpack them and expose comprehensive internal data. The extracted data is processed by classification algorithms to assign threat levels and severity scores. Advanced pivots, functional similarity and YARA alerts enable analysts to quickly expand their understanding of attacks and develop effective defenses.

Enterprise-Scale File Analysis

Comprehensive, High-Volume Analysis for Determining File Reputation at Massive Scale

  • Gain in-depth knowledge of the files inside your organization to combat malware that evades detection.
  • Uncover undetected malware in your organization based on internal file characteristics.
  • Better leverage external threat intelligence by quickly answering the question, “Do I have this problem?”
  • Identify specific threats, monitor policies and support adherence to regulations by customizing file assessments with YARA rules.

How it works

A high-volume infrastructure performs an in-depth assessment of millions of files daily. Email gateways, web proxies, endpoint solutions and other devices automatically submit files for processing to identify threats and derive internal details enriched with global file intelligence context. Stored in a ‘data lake’, this information enables advanced hunting and analytics based on internal file characteristics. The solution sends real-time alerts to a SIEM or analytics platforms when malware is identified or a customer-defined YARA rule is triggered.

A few words from our Execs
"No single person or security company — I don’t care how good you are — can clean up everything. And unless you completely disinfect a system, it will come back."
Mario Vuksan, RL CEO The New York Times
Mario Vuksan, RL CEO
"Continuous incident response (CIR) is ReversingLabs answer to increased number of advanced persistent threats attacking business environments. At its heart CIR is about the constant need for vigilance."
Tomislav Pericin, RL CSA RL Tech Talk
Tomislav Pericin, RL CSA

Blog

January 14, 2019

Customer Use Case: Combatting Undetected Malware with Tanium and ReversingLabs

We’ve seen some exciting customer results from our partnership with Tanium. This blog focuses on the results and lessons learned from a proof of concept (PoC) completed with one of these customers.

Read More
More Blog Articles