TitaniumCore implements highly-scalable automated static analysis to recursively unpack, extract internal indicators, and classify files to support real-time and/or high-volume applications. Files are not executed hence a detailed analysis may be performed in milliseconds on an extensive list of file types.
Deep File Analysis through Unpacking and Deobfuscation
Unique Automated Static Analysis fully dissects the internal contents of files without execution to detect attacks
Analysis Engine performs high-speed, static analysis to unpack files, extract internal indicators, determines threat level and expose vital information for remediation
Analysis Without Execution
Every sample processed to extract all objects and uncover threat indicators
3,600 file formats identified from PE/Windows, ELF/ Linux, Mac OS, iOS, Android, firmware, FLASH and documents
Over 360 file formats unpacked and analyzed including archives, installers, and packers & compressors
Extraction of Actionable Threat Indicators
Empowers SOC/CIRTs with actionable threat indicators by exposing multi-layered obfuscation used to mask true payload and intent, and delivering enriching threat intelligence such as object metadata, extracted files, functionally related file hashes, certificates, etc. to security solutions for accelerating triage
YARA-based rules matched on all decompressed content; the user can provide their own YARA rules or ingest third party YARA rules as threat intelligence
Scales elastically to process the most demanding workloads across Linux and Windows platforms
TitaniumCore implements highly-scalable automated static analysis to recursively unpack, extract internal indicators and classify files to support real-time and/or high-volume applications. With static analysis, files are not executed so that detailed analysis may be performed in milliseconds on an extensive list of file types. TitaniumCore consists of software and an SDK for integration into advanced automated workflows, products or services.
High-Speed Analysis for a New Generation of Advanced Threats
TitaniumCore performs advanced file analysis at millisecond speeds with a powerful engine for applications of any scale, from a few samples to millions of samples daily. The rules engine calculates threat level based on rules provided by ReversingLabs and YARA rules supplied by the customer. Extracted files can automatically be routed to additional analysis tools (e.g., decompilers, debuggers, sandboxes) or an analyst for further evaluation based on threat level and type to make the most efficient use of security assets. No other product (e.g., sandboxes or scanners) exposes the breadth and depth of threat indicators extracted by TitaniumCore.