A1000

Malware Analysis Platform

Cyber Security Threat Analysis Platform

Malware Analysis Platform

Key Features

  • 1

    Secure isolation workspace for storage, analysis and collaboration on samples by SOC/CIRTs, driven by Active File Decomposition (AFD) and RHA code functional similarity processing

  • 2

    Integrates the speed and processing depth of TitaniumCore Automated Static Analysis with TitaniumCloud or T1000 File Reputation Service with powerful REST APIs and a management GUI

  • 3

    Pre-execution static analysis and deep threat intelligence for broad array of file types: Linux, Windows, Mac OS, Android, Windows Mobile, email attachments, documents and firmware

  • 4

    Provides historical results: malware samples are continuously reanalyzed for the most up-to-date file reputation results

Overview

The A1000 Malware Analysis Platform is a powerful, integrated, plug-and-play solution for individual analysts or small teams of analysts that makes threat detection, deep analysis and collaboration more effective and productive. This solution is offered as an on-premises hardware appliance, a VM appliance or as a cloud-based service.

The A1000 integrates ReversingLabs game-changing TitaniumCore automated static analysis technology and the TitaniumCloud File Reputation Service with a database and powerful workflow management GUI.  The Web-based GUI and REST Services APIs enable analysts to input suspected samples, access unpacked files and view extracted Proactive Threat Indicators (PTI).  The A1000 also calculates each file’s Threat Level to help support determination of remediation priorities.  The PTIs for each file are stored in an onboard database with advanced search capabilities to find files with specific characteristics (e.g., domain name, virus family, exploit).  The platform performs in-depth static analysis of a comprehensive array of file types including Windows, Linux, Mac OS, iOS, Android, Windows Mobile, email attachments, documents and firmware.

Conventional automated analysis tools rely on symptoms of attacks and thus miss malicious capabilities.  For example, tools that observe the behavior of files while they execute (e.g., sandboxes) provide only a partial view of a threat’s capabilities.  Instead, ReversingLabs proprietary  (Active File Decomposition) dissects each file before execution to extract and classify its "DNA", ‘left of boom’.  This unique and powerful approach exposes threats not visible to manual or automated analysis tools.  The files are completely unpacked to extract and classify their internal PTIs in milliseconds.  These indicators provide unprecedented visibility to identify and analyze advanced threats.  This also provides an 'analyst workbench’ for deeper analysis to assess potential malware provenance as malware families morph over time via obfuscation and other techniques.

Being able to preserve such forensic evidence provides a basis for more-detailed and diverse detection, analysis and collaboration on results over time by analyst teams.

Ask for a Demo today

All Products