ReversingLabs Appliance Extracts All Malicious Files from Network Traffic

ReversingLabs Appliance Extracts All Malicious Files from Network Traffic

August 18, 2014 - Cambridge, MA –- ReversingLabs, the provider of game-changing solutions for detection and analysis of advanced cyber threats, today announced the N1000 Network Security Appliance that employs unique Active Decomposition and Predictive Detection technologies to detect threats in files contained in email, web and file transfer traffic.  These innovations leapfrog current signature, behavior and sandbox based solutions because they don’t rely on symptoms of a threat but analyze internal threat indicators in files. The result is the industry’s most effective defense against zero-day, targeted and polymorphic file threats.. The solution extracts all files from supported network protocols and provides unprecedented visibility into threat indicators in a broad array of file types.  In addition, this solution integrates with leading SIEM and “Big Data” analytics solutions.

Today’s cyber threats have moved from mere malicious code to attacks by well-funded, motivated adversaries. The game has changed.  Conventional detection tools are ineffective against the new breeds of attacks.   Furthermore, current capabilities are not enough.  To mount an effective defense, organizations must understand their adversary’s identity, intentions, tactics and capabilities. A new approach is needed.  ReversingLabs facilitates this new paradigm with a complete solution with its complementary products.   The new N1000 appliance identifies and captures suspicious files from network traffic . The recently announced A1000 enables organizations to classify and understand these potential threats. T1000 appliance can work in conjunction with the A1000 and N1000 to maintain the data privacy and performance expected from a solution that monitors all incoming, outgoing and internal file movements.

ReversingLabs has developed Active Decomposition and Predictive Detection technologies to address the limitations of today’s malware protection products and provide new levels of malware detection across a wide variety of executable platforms.  Active Decomposition unpacks each file to reveal thousands of internal threat indicators that are invisible to convention products. Predictive Detection uses specialized hashing algorithms to calculate a file’s similarity to known malware or other unknown threats. These unique, innovative technologies process files in milliseconds to enable the N1000 to operate on a network at a full line rate. ReversingLabs malware detection does not rely on executing files so it can thus process a diverse set of file types including: Windows, Linux, Mac OS, Android, iOS, Windows Phone, popular document formats and firmware.

“Over the last 5 years, ReversingLabs has developed file threat analysis technologies to level the playing field for defenders against cyber criminals,” said Mario Vuksan, CEO at ReversingLabs.  “These technologies are now available as plug-and-play appliances, such as the N1000, that provide ground breaking file threat mitigation solutions.”

The N1000 connects to a SPAN port and extracts all files from SMTP, SMB, HTTP and FTP traffic.  The appliance can be configured to inspect inbound, outbound and/or internal traffic.  Source and destination information for files is also collected.  An advanced rules engine classifies each file’s threat level and disposition.  Customers can configure their own YARA based rules to match their specific requirements.  The N1000 integrates with industry leading SIEMs and analytics solutions (e.g. Palantir) to support threat mitigation.  Suspicious files can be archived to NAS or external storage for further analysis.

“ReversingLabs has an innovative set of technologies and solutions to address the new class of cyber adversaries,” said Marc Eisenbarth, ASERT Research Manager & Architect at Arbor Networks.  “Arbor Networks consider flow a critical component for modern security implementations.  As conventional defenses do not work, we need to expand our efforts from tracking Open Flow and protocol based anomalies to actual file payloads.”

The N1000 File Flow Sensor appliance is available today as a 1U hardware appliance or a virtual appliance (VDMK) compatible with major hypervisor and cloud service providers.

Contact:

John Hanratty
ReversingLabs
jhanratty@reversinglabs.com
+1 (617) 250-7518

More News