Overview
The A1000 Malware Analysis Platform supports advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine. It is integrated with file reputation services to provide in-depth rich context and threat classification on over tens of billions of files and across all file types. The A1000 supports visualization, APIs for integration with automated workflows, a dedicated database for malware search, global and local YARA Rules matching, as well as integration with 3rd party sandbox tools.
A1000 Malware Analysis and Hunting
The A1000 accelerates analysis for users at different levels from the helpdesk to an 'analyst workbench’ for deeper analysis. It assesses malware and malware status changes as malware families morph over time via obfuscation and other techniques. Integration with TitaniumCloud enables users to search across tens of billions of goodware and malware files and to privately upload files samples for analysis.
Integrated Malware Analysis & Investigation
- Analysis Engine performs high-speed, static analysis to unpack files, extract internal indicators and assign a threat level
Integrated database enables safe, secure storage of results and to search samples by threat indicators- Visualization GUI for quickly understanding critical info
Automated Static File Analysis
- Processes files within milliseconds
- Evaluates functional similarity to known malware
- Build and deploy custom YARA rules
- Identifies more than 4000 file formats
- Unpacks over 400 file formats of archives, installers, packers & compressors
- Extracts over 3000 threat indicators
Private Content Repository
- Provides safe storage of malicious/suspicious files
- Stores file context in an onboard searchable database
- Enables private, safe sample sharing & historical analysis
Extensive Search & Hunting
- Search by hash,
imphash , file name, #tags and more - Enables pivots on functional similarity and threat indicators
- Supports user-defined YARA Rules for matching and hunting
Alerting Subscription and Management
- Easy to subscribe to the following alerts: Classification change, Sample availability, YARA Ruleset match, Cuckoo Analysis complete, File Upload complete, TitaniumCloud scan complete
Customer Option: Advanced Search
- Build powerful queries with search modifiers and operators
- Select from hundreds of expressions and dozens of keywords
- Identify files according to antivirus detections
- Perform targeted queries on large sample datasets
Customer Option: Active YARA & Retro-YARA Rules
- Users can hunt through 90 days of data history
- Real-time updates are provided with full results in < 2hrs
- Progress is reported via API or GUI for real-time updates
Integrated with TitaniumCloud File Reputation Services
- Access to a comprehensive, curated source of threat intelligence and reputation data on 10 billion Goodware and Malware for
global context - Enables upload/download samples via GUI
- Supports YARA Rules Search
Supports Integration
- Supports automated analysis workflows via REST Web Services API
- Integrates directly with Cuckoo and Joe Sandbox
- Delivered as hardware, VMDK or Cloud-based appliance