Exceptional scale and coverage to extract and analyze all files at millisecond speed
Provides visibility to unknown threats in files from HTTP, SMTP and FTP traffic. Identifies more than 3500 file formats while classifying files “in flight” before they execute
Performs “retro-detection” by continually re-checking reputation on past files and alerting on status changes, including hunting with customer supplied YARA rules
Integrates seamlessly with SIEM and analytics platforms supplying rich file analysis reports, and scales to high volume and deeper analysis with TitaniumScale and A1000 Malware Analysis Platforms
The N1000 utilizes ReversingLabs unique File Decomposition technology to derive detailed internal indicators. File Decomposition enables deep file inspection at speeds orders of magnitude faster than sandbox products so that the N1000 can extract and classify all major file formats from the network stream in near real-time. File classification utilizes up-to-date intelligence from our industry leading File Reputation Service with a powerful rules engine to assign threat level, name and type. The results are made available through an integrated GUI and/or customer SIEMs and analytics platforms such as Splunk and Elasticsearch for further action.
The N1000 enables users to view file events, access file summary and detail information, see file network context (e.g. source, destination), search by file attributes and customize threat detection with custom YARA rules.
The N1000 performs real-time classification and analysis of files in network traffic. With the optional TitaniumScale, the N1000 can be configured for even higher throughput applications. Files of interest generate reports to SIEM and analytics platforms and can be automatically fed to an A1000 Malware Analysis Platform for deeper analysis.
|Model||Capacity||UseR COUNT (APPROX.)||Objects* ANALYZED / Day||pHYSICAL CONNECTION|
|N1000-100||100 Mbps||100||15,000||Copper 10/100/1000|
|N1002-250||250 Mbps||1,000||75,000||Copper 10/100/1000|
|N1005-500||500 Mbps||5,000||150,000||Copper 10/100/1000|
|N1000-1010||1 Gbps||10,000||300,000||Copper / Fiber 10/100/1000/10000|
|N1000-10X0||3 Gbps||20,000||600,000||Copper / Fiber 10/100/1000/10000|
|N1000 system||Depends on number of systems deployed||Highly Scalable||Depends on number of systems deployed||
Fiber or Copper 10/100/1000/10000
* An Object equals an email message or web transaction