Enterprise Scale File Visibility

Enterprise Scale File Visibility

Deep insight to unknown files to expose attacks before they strike

Key Features


Real-time, deep inspection of files scalable to millions of files per day without dynamic execution


Broad coverage – identifies 3600+ file formats and capable of unpacking 360+ file formats


Files sourced from a variety of inputs via automated submission from ReversingLabs and third party products


Extracted file profiles are storable and searchable by content or context through analytic tools

Request a demo


TitaniumScale increases visibility and knowledge of files encountered in enterprises to reduce the risk to unknown file based threats, accelerate incident response, validate third party software, and respond to government and compliance entity requests. Conventional malware products focus on detecting malware while treating undetected files as good, essentially forgetting their existence. As the amount of malware that evades detection grows, the need to profile, track, and correlate “undetected” files becomes imperative to limit the impact and accelerate resolution of incidents and breaches. Utilizing ReversingLabs TitaniumCore Engine, TitaniumScale enables an organization to profile and classify large volumes of files in near real-time to create relevant data for advanced analytics platforms to support threat correlation, hunting and response. This data helps close the visibility gap between malware detection and tedious and expensive post-breach reconstruction.

TitaniumScale helps enterprises form a comprehensive assessment of millions of files from web traffic, email, file transfers, endpoints or storage. The solution uses unique ReversingLabs File Decomposition Technology to extract detailed metadata, add global reputation context and classify threats. TitaniumScale automatically acquires files by integrating with solutions installed in the enterprise security infrastructure, including: email gateways, intrusion detection systems, firewalls and other devices. The results feed into industry leading SIEM, orchestration and analytics platforms to provide visibility, provide data to analytics tools, support advance hunting strategies and enable advanced policy enforcement.

Screen Shot 2019-01-18 at 10.10.48 AM

TitaniumScale Use Cases

File Classification - Fill the malware visibility gap through near real-time file inspection and classification

Accelerate Response - Find threats in existing files by their attributes

Custom Classification - Implement targeted malware identification at enterprise scale using YARA rules

Validate Applications - Check installation and update packages before deployment

Massively Scalable Architecture

TitaniumScale uses a flexible cluster architecture that scales incrementally to support distributed or centralized file processing across physical and cloud environments. The cluster incrementally scales file processing capacity from 100K to 100M files per day by adding Worker Nodes to the cluster.

TitaniumScale consists of:

  • Worker Nodes - A cluster of physical or virtual servers that perform the actual file assessment and support N+1 redundancy.
  • Load Balancer Hubs - A server (and optional redundant server) that directs files to Worker Nodes for processing.
  • Control Manager - A server that manages configuration (i.e. YARA rules, whitelists) and monitors status across the TitaniumScale cluster.
  • TitaniumCloud File Reputation - A service available as a cloud service or on-site appliance that identifies and provide information on known goodware and malware.

Speed - Files cataloged in milliseconds to support real-time, high-volume processing

Coverage - Over 360 file formats processed and 3600 file types identified from diverse platforms, applications and malware families

Depth - Recursive unpacking and extraction of 3000 indicators per file

Reputation - Files checked against the industry’s most comprehensive database of goodware and malware - TitaniumCloud

Classification - Files classified by advanced rules engine that supports customer supplied YARA rules

Product Docs