A1000

Malware Analysis Platform

Malware Analysis Platform

Cybersecurity Threat Analysis Platform

A1000

Key Features

1

Definitive File Analysis: unpack, de-obfuscate, extract internal indicators and assign threat levels in milliseconds

2

Universal Format Coverage: includes PE, ELF, MachO, Dex, .NET, Java, JS, documents, firmware, business apps

3

Integrated YARA Rules Engine: utilize custom rules to identify/enable new and advanced malware detection

4

Private File Analysis: files not shared publicly, files and results never leave your site

Request a demo

Overview

The A1000 Malware Analysis Platform supports advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine. It is integrated with file reputation services to provide in-depth rich context and threat classification on over 8 billion files and across all file types. The A1000 supports visualization, APIs for integration with automated workflows, a dedicated database for malware search, global and local YARA Rules matching, as well as integration with 3rd party sandbox tools.

A1000 Malware Analysis and Hunting

The A1000 accelerates analysis for users at different levels from the helpdesk to an 'analyst workbench’ for deeper analysis. It assesses malware and malware status changes as malware families morph over time via obfuscation and other techniques. Integration with TitaniumCloud enables users to search across 8 billion goodware and malware files and to privately upload files samples for analysis.

A1000 product Graph

Features

Integrated Malware Analysis & Investigation

  • Analysis Engine performs high-speed, static analysis to unpack files, extract internal indicators and assign a threat level
  • Integrated database enables safe, secure storage of results and to search samples by threat indicators
  • Visualization GUI for quickly understanding critical info

Automated Static File Analysis

  • Processes files within milliseconds
  • Evaluates functional similarity to known malware
  • Build and deploy custom YARA rules
  • Unpacks over 300 families of archives, installers, packers & compressors
  • Identifies more than 3500 file formats
  • Extracts over 3000 threat indicators

Private Content Repository

  • Provides safe storage of malicious/suspicious files
  • Stores file context in an onboard searchable database
  • Enables private, safe sample sharing & historical analysis

Extensive Search & Hunting

  • Search by hash, imphash, file name, #tags and more
  • Enables pivots on functional similarity and threat indicators
  • Supports user-defined YARA Rules for matching and hunting

Alerting Subscription and Management

  • Easy to subscribe to the following alerts: Classification change, Sample availability, YARA Ruleset match, Cuckoo Analysis complete, File Upload complete, TitaniumCloud scan complete

Customer Option: Advanced Search

  • Build powerful queries with search modifiers and operators
  • Select from hundreds of expressions and dozens of keywords
  • Identify files according to antivirus detections
  • Perform targeted queries on large sample datasets

Customer Option: Active YARA & Retro-YARA Rules

  • Users can hunt through 90 days of data history
  • Real-time updates are provided with full results in < 2hrs
  • Progress is reported via API or GUI for real-time updates

Integrated with TitaniumCloud File Reputation Services

  • Access to a comprehensive, curated source of threat intelligence and reputation data on 8 billion Goodware and Malware for global context
  • Enables upload/download samples via GUI
  • Supports YARA Rules Search

Supports Integration

  • Supports automated analysis workflows via REST Web Services API
  • Integrates directly with Cuckoo and Joe Sandbox
  • Delivered as hardware, VMDK or Cloud-based appliance