Network Security Appliance

Network Security Appliance

Enterprise Visibility of Files to Expose Threats in Email, Web & File Transfers

Network Security Appliance

Key Features


Exceptional scale and coverage to extract and analyze all files at millisecond speed


Provides visibility to unknown threats in files from HTTP, SMTP and FTP traffic. Identifies more than 3600 file formats while classifying files “in flight” before they execute


Performs “retro-detection” by continually re-checking reputation on past files and alerting on status changes, including hunting with customer supplied YARA rules


Integrates seamlessly with SIEM and analytics platforms supplying rich file analysis reports, and scales to high volume and deeper analysis with TitaniumScale and A1000 Malware Analysis Platforms

Request a demo


The N1000 utilizes ReversingLabs unique File Decomposition technology to derive detailed internal indicators. File Decomposition enables deep file inspection at speeds orders of magnitude faster than sandbox products so that the N1000 can extract and classify all major file formats from the network stream in near real-time. File classification utilizes up-to-date intelligence from our industry leading File Reputation Service with a powerful rules engine to assign threat level, name and type. The results are made available through an integrated GUI and/or customer SIEMs and analytics platforms such as Splunk and Elasticsearch for further action.

N1000 Network Threat Visualization

The N1000 enables users to view file events, access file summary and detail information, see file network context (e.g. source, destination), search by file attributes and customize threat detection with custom YARA rules.

N1000 dashboard

N1000 Network Threat Detection, Classification and Hunting

The N1000 performs real-time classification and analysis of files in network traffic. With the optional TitaniumScale, the N1000 can be configured for even higher throughput applications. Files of interest generate reports to SIEM and analytics platforms and can be automatically fed to an A1000 Malware Analysis Platform for deeper analysis.

N1000 product graph



Network File Reputation and Analysis

  • Connects to SPAN port to monitor all files traversing the network
  • Analyzes files from HTTP, FTP and SMTP traffic in near real-time
  • Processes files up to 400MB (default)
  • Exceeds sandbox file processing in coverage & volume

Threat Classification of Extracted Files

  • Uses unique File Decomposition technology to assess and classify files in near real-time
  • Inspects over 360 file formats across platforms including Windows, Linux, Mac OS, Android, iOS, documents and media files
  • Reports on file activity per source, destination or file type
  • Checks TitaniumCloud file reputation service for whitelisted and blacklisted content

Identification of Zero-Day/Advanced Threats

  • Recognizes polymorphic attacks by identifying functional similarity to known malware
  • Applies your custom YARA rules to all files defined for threat calculation

Enterprise Data Integration

  • Integrates file analysis logs and threat detections with SIEM or “Big Data” solutions
  • Includes Web GUI for monitoring, configuration, and reporting

ReversingLabs Integration

Delivered as

  • Hardware-based or virtual machine
Available Configurations
N1000-100 100 Mbps 100 15,000 Copper 10/100/1000
N1002-250 250 Mbps 1,000 75,000 Copper 10/100/1000
N1005-500 500 Mbps 5,000 150,000 Copper 10/100/1000
N1000-1010 1 Gbps 10,000 300,000 Copper / Fiber 10/100/1000/10000
N1000-10X0 3 Gbps 20,000 600,000 Copper / Fiber 10/100/1000/10000
N1000 system Depends on number of systems deployed Highly Scalable Depends on number of systems deployed

Fiber or Copper 10/100/1000/10000

* An Object equals an email message or web transaction

Product Docs