TitaniumCore

Malware Analysis Solution

High-Speed Threat Analysis

Key Features

  • 1

    Unique Automated Static Analysis fully-dissects internal contents of files without execution to detect attacks, determine threat level and expose vital information for remediation

  • 2

    Empowers SOC/CIRTs and enriches threat intelligence for many security solutions by exposing multi-layered obfuscation used to mask true payload and intent to accelerate triage

  • 3

    YARA-based rules matched on all decompressed content; custom rules and 3 rd party modules supported

  • 4

    Scales elastically to process the most-demanding workloads across Linux and Windows platforms

Overview

TitaniumCore software performs  for game-changing detection and analysis of cyber threats. It performs automated static analysis to unpack files and extract internal threat indicators at millisecond speed to provide the industry's most broad and comprehensive threat coverage.

As new cyber-attacks increasingly evade conventional defenses, organizations must develop new, game-changing defense strategies and capabilities. These advanced and targeted attacks require not only next generation detection but also comprehensive analysis to determine the capabilities and intent of adversaries.  The TitaniumCore™ software platform fundamentally enhances an organization’s capabilities to perform in-depth malware analysis, large-scale threat detection, accelerated incident response and software validation.  It automates high-speed analysis of a binary file’s internal threat indicators to make these tasks significantly broader and more effective.

TitaniumCore software provides the world's most comprehensive and flexible solution for high-speed detection and analysis of new generations of advanced threats. The latest generations of cyber attacks mask themselves under layers of obfuscation and packing to become invisible to conventional detection and analysis tools. ReversingLabs implements powerful and unique technology that performs automated static analysis to fully dissect the internal contents of binary files, without executing them, to detect attacks, determine threat level and expose vital information for remediation. The platform recursively unpacks internal objects, extracts Proactive Threat Indicators (PTIs) and identifies threat level for a broad array of binary file types, including: Windows, Linux, Mac OS, Android, iOS, firmware, Flash, PDF, and other documents. This advanced file inspection occurs before a file executes to identify threats. TitaniumCore provides a powerful solution for operations on any scale from a few samples to millions of samples daily. The software accentuates threat detection and analysis performing high-speed automated static analysis. The rules engine calculates threat level based on YARA rules provided by ReversingLabs and/or customized by the customer. Extracted files are fully repaired and can automatically get routed to 3rd party tools (e.g., de-compilers, debuggers, sandboxes) or a human analyst for further analysis based on threat level and type to make the most efficient use of security assets. No other product (e.g., sandboxes or scanners) exposes the breadth and depth of threat indicators extracted by TitaniumCore.

TitaniumCore supports high-volume (millions of files per day) automated binary file processing to enable new and powerful cyber defense capabilities and strategies. The platform processes each file in milliseconds and is multi-threaded to take full advantage of underlying hardware. In addition, TitaniumCore includes a scheduler for distributing processing across multiple servers to scale for volume. An SDK allows integration with automated workflows and other analysis products. This immense scaling capability enables numerous new and powerful applications, including:

  • Triage for large malware analysis labs to preprocess and prioritize incoming files
  • Analysis of all the contents of large file stores or email servers to detect latent threats
  • Speeding up incident response by scanning systems for the most suspicious files
  • Software verification to detect “unwanted” features in applications (e.g., mobile app capabilities and unlicensed components) to/from an organization

Malware analysis becomes significantly faster and more productive through automation of the tedious and time-consuming tasks of unpacking binaries, extracting their internal data and identifying threats.

Titanium Core Enterprise Platform (TCEP)

File Analysis Platform

Key Features

  • 1Leveraging two core ReversingLabs technologies, TitaniumCore engine and TitaniumCloud File Reputation Service, TCEP provides the fastest, most-advanced file analysis platform
  • 2Optional integration with the T1000-XG file reputation database provides file threat reputation and intelligence data for on-premises implementations
  • 3Detailed threat reputation reports and a wealth of meta-data are extracted in XML and STIX formats for subsequent use and analysis by SOC/CIRTs in their inspection of enterprise archives
  • 4Advanced modules include RHA Code Functional Similarity Analysis, Static Behavior Analysis, Malformation Classification as well as TitaniumCloud and T1000 Analysis

Overview

The TitaniumCore Enterprise Platform (TCEP) is the fastest and the most advanced file analysis platform. It leverages the benefits of the ReversingLabs TitaniumCore engine with advanced file classification methods that include the ReversingLabs Hashing Algorithm (RHA), complex malformation rules and integrated TitaniumCloud file threat reputation data available via the optional T1000-XG file reputation database appliance. In addition, it produces validly decomposed files that TCEP recursively analyzes and can be executed via dynamic analysis. Detailed threat reputation reports and a wealth of meta-data are extracted for subsequent use and analysis. Analysis results are available in JSON, XML and STIX formats.

Ask for a Demo today

All Products