File Reputation Service
Threat Intelligence Cloud | Industry’s Most Comprehensive Source for Reputation Data
Key Features
- 1
Increase detection, analysis and response efficiency by identifying files with global goodware and malware database
- 2
Prepare for emerging threats by monitoring malware “in the wild” using threat specific feeds and hunting including Ransomware, APT, CVE, financial and retail
- 3
Support air gapped environments with the industry’s only on-premises file reputation appliance
- 4
Maintain customer privacy with secure query and file submission service
Overview
ReversingLabs’ TitaniumCloud Reputation Services are powerful threat intelligence solutions with up-to-date, threat classification and rich context on over 6B goodware and malware files. ReversingLabs does not depend on crowd sourced collection but instead curates the harvesting of files from software vendors and diverse malware sources. All files are processed using unique ReversingLabs File Decomposition technology combined with other dynamic and detection information to provide industry reputation consensus. TitaniumCloud supports a powerful set of REST API query and feed functions that deliver targeted file and malware intelligence for threat identification, analysis, intelligence development and hunting.
Global File Reputation
ReversingLabs TitaniumCloud continually processes goodware and malware files providing early intelligence about attacks before they infiltrate customer infrastructures. This visibility to threats “in-the-wild” enables preparation for new attacks and quickly identifies the threat levels of new files as they arrive. TitaniumCloud enables more effective and efficient file analysis, development of better threat intelligence and implementation of proactive threat hunting programs.
TitaniumCloud APIs and Feeds
ReversingLabs TitaniumCloud provides over 50 search, query and feed APIs that automate processing, analysis and threat status information gathering.
TitaniumCloud Database for Reputation Data
- Over 6B unique file records with TitaniumCloud data with classification, adding up to 8 million malware and goodware updates daily
- High performance online query processing
Detailed File Reputation Information
- Every sample processed using file decomposition to extract all objects and uncover threat indicators
- 3500 file formats identified
- Over 350 families unpacked and analyzed including archives, installers, packers & compressors
- Historic detection information from more than 40 AV scanners for industry consensus showing changes over time
- Malware samples continually reanalyzed for the most up-to-date file reputation status
Queries via REST Web Services APIs
- Powerful query and feed functions
- REST API for automated analysis process integration
- File reputation information via single and bulk hash queries
- Functional similarity hash queries for identifying new and polymorphic threats
- Advanced search and hunting by file context and threat indicators
- Alerting on threat level changes for subscribed files
- File uploads / downloads
Targeted Reputation Feeds
- Extensive Feeds for specific threats, e.g. file types, threat types, industry, CVE, URI
Delivery Options
- Online: Cloud based service with web GUI
- On-Premises: T1000 File Reputation Appliance
REST Web Services Over the Internet
Customer applications access TitaniumCloud using a REST Web Services API over the Internet. Results are returned in JSON or XML format.
On-Premises T1000 File Reputation Appliance
The T1000 File Reputation Appliance provides a high performance, low latency solution for high volume, automated applications. The appliance maintains a local copy of the TitaniumCloud database on a customer's premises that is updated in real-time over the Internet or can be ‘manually’ updated in air-gapped networks.
TitaniumCloud provides multiple APIs and Feeds that automate processing, analysis and threat status information gathering on single or bulk samples. For a full list of APIs and details contact us. Some examples follow:
File Reputation APIs:
- File Reputation Details (Whitelist and Blacklist)
- File Reputation Change on tracked samples
- Return all Malware Family Members
- Return functionally similar files (RHA)
Threat Feeds:
- Exploits with CVE
- Linux, MacOS and Android Malware
- IP/Domains present in Malware
- APT threats
- Malware Targeting Financial Services, Retail, Healthcare, Oil&Gas, etc.
