T1000

File Reputation Appliance

On-premises Threat Intelligence

File Reputation Appliance

Key Features

  • 1

    On-premises implementation of TitaniumCloud File Reputation Service for environments that demand the lowest latency and/or an air-gapped deployment

  • 2

    Most comprehensive and accessible on-premises source of threat intelligence and file reputation data in support of SOC/CIRTs and forensics teams

  • 3

    With TitaniumCore Enterprise Platform (TCEP) can scale elastically to meet the most demanding volume processing requirements

  • 4

    As part of AT1000 Incident Response Toolkit, provides a unique tool for scanning files on suspected systems or images, significantly increasing speed/effectiveness of cyber investigations

Overview

The T1000 File Reputation Appliance provides on-premises access to an up-to-date copy of ReversingLabs’ TitaniumCloud data, the industry’s most comprehensive source for threat intelligence and reputation data on files. The T1000, an on-premises implementation, provides a solution for customers that require more performance and privacy than that provided by the cloud-connected solution.

The T1000 File Reputation Appliance provides on-premises, up-to-date information from TitaniumCloud on over 2.5 billion goodware and malware files. TitaniumCloud sends over 10 million data updates daily in real-time that can be applied automatically over the Internet or manually for "air gapped" situations. TitaniumCloud identifies files and provides rich information about their reputation and contents. Every sample is processed using the ReversingLabs engine to extract all contained objects and their internal information. The samples are recursively unpacked, decompressed, decrypted, repaired and de-obfuscated. The information extracted from the resulting components includes format, format validation, strings, sections and certificate chains. Malware samples are continually reanalyzed for the most up-to-date file reputation status. The history is stored in the TitaniumCloud database.

As a local database, customers do not incur latency penalties and privacy risks associated with the Internet, while having the best possible filtering and identification capability for both whitelisted and blacklisted files. Powerful query functions are accessed through a high performance REST interface. The T1000 File Reputation Appliance uses a proprietary NoSQL database optimized to replicate data and support advanced search across billions of file records in milliseconds.

Ask for a Demo today

All Products