TitaniumCloud Reputation Services are powerful threat intelligence solutions with up-to-date, threat classification and rich context on over 8 billion goodware and malware files across MacOS, Linux, Windows and Android platforms. TitaniumCloud’s flexible APIs encompass file reputation, file upload/download and a variety of feeds to provide access to ReversingLabs' vast knowledge base.
TitaniumCloud provides over 50 search, query and feed APIs that automate processing, analysis, and threat status information gathering, allowing OEM partners to quickly and easily embed our solutions into their existing products and platforms.
TitaniumScale provides highly scalable automated static analysis to recursively unpack, extract internal indicators and calculate threat levels of files to support real-time and high-volume applications. This approach provides deep analysis within a few hundred milliseconds and supports several hundred file types, including executables, documents and scripting languages. TitaniumScale provides advanced static file analysis that is impervious to sandbox evasion and without the resource consumption of dynamic analysis solutions.
TitaniumScale advanced static file analysis provides OEMs with complete file visibility to enable anti-malware and other security policy-based solutions. Extremely fast, deep analysis provides rich metadata, such as classification, threat scoring and threat indicators, which may be used to drive more granular policy enforcement and provide users with rich threat intelligence about files in the OEM application. TitaniumScale may be operated by the OEM in their infrastructure or provided as a cloud service by ReversingLabs.
The A1000 Malware Analysis & Hunting Platform is an analysis and visualization platform that supports advanced hunting and investigations through high-speed automated static analysis. Analysts can access data via the platform UI or analysis can be integrated with other security tools via robust APIs. A1000 is natively integrated with TitaniumCloud file reputation services to access in-depth, rich context and threat classification as well as access functionally similar files from the ReversingLabs cloud.
The A1000 Malware Analysis & Visualization platform allows OEM partners to enhance their existing tools and products with our enriched Malware analysis data and visualizations, including advanced search, hunting, and YARA rule support. Delivered as hardware, VMDK or Cloud-based appliance, the A1000 brings immediate value to end-users with its easy and flexible integration and implementation options.
ReversingLabs TitaniumCore automated static analysis engine is a high-performance reverse-engineering technology that recursively unpacks, extracts internal indicators and calculates the threat level of files to support real-time and high-volume security applications. Companies who OEM TitaniumCore offer their customers the ability to fully dissect internal contents of files without execution, determine threat level, and expose vital information for remediation.
TItaniumCore automated static analysis engine enables OEMs to embed ReversingLabs analysis directly into the OEM product/platform. Rich output generated by TitaniumCore can be used for malware detection or other policy enforcement and provides users with rich threat intelligence about files in the OEM application. TitaniumCore is delivered as a SDK for tight integration with the OEM application.
OEM Use Case Examples
EDR solutions often rely on reputation to identify malicious files. TitaniumCloud quickly and accurately detects malware residing on endpoints using TitaniumCloud file reputation. File upload and alerting provides robust automation APIs to help ensure threat intelligence is accurate and up-to-date. For deeper analysis, unknown or suspicious files can be collected and analyzed to provide customers with rich reports that can be fed back into EDR platform analytics or external SIEM for correlation.
Analyze email payloads at scale without impacting user experience (wait time). Static analysis can be deployed in on-premises and cloud email systems to analyze documents and other attachments which are typically unique (or targeted in the case of phishing payloads) to the end user. Rich analysis can be used for policy decisions such as quarantine payloads or block senders.
Low-quality crowd-sourced solutions can significantly impact the profitability of MSSPs who rely on accurate intelligence to detect and respond to threats. For unknown files, detonation services are resource intensive and require analyst time and expertise to interpret results. Even then, over 10% of unknown files won’t detonate due to lack of file type support or evasion by attackers. TitaniumScale can act as a central broker for analysis and retention of interesting content that can later be used to accelerate incident response and enable threat hunting services. ReversingLabs TitaniumScale and A1000 provide a centralized system for deploying and matching YARA rules across any downloaded, emailed or found-at-the-endpoint content; as YARA rules are an active part of threat intelligence sharing, it is important to deploy infrastructure that can facilitate its matching.
ReversingLabs TitaniumCloud provides Network Security providers with accurate and comprehensive file analysis as an easy to integrate and low resource impact malware filtering capability. ReversingLabs TitaniumCore SDK and TitaniumScale offer network security vendors an alternative to sandboxing or other resource-intensive approaches that introduce latency into networking products. Next-generation networking such as NFV/SDN can leverage ReversingLabs file analysis to provide deep file inspection capabilities to power new approaches to file inspection that aren’t dependent on traditional AV or sandboxing.
Data Science-based security requires large amounts of classified data to enable training and quality assurance of machine learning (ML) models. TitaniumCloud is comprised of over 8 billion goodware and malware files, each analyzed and accurately tagged with a variety of metadata attributes. ReversingLabs APIs enable searching this vast repository to enable download of shareable content to build ML training sets.