Network Security Appliance

File Flow Threat Discovery

Network Security Appliance

Key Features

  • 1

    Extracts all files from email, web and file transfer traffic to detect cyber threats from malware/exploits as well as intentional/unintentional movement of sensitive files/DLP

  • 2

    Supports SOC/CIRTs by processing all file traffic, pre-execution: inbound, outbound and across the network to enable deep analysis by TitaniumCore Automated Static Analysis

  • 3

    With TitaniumCore and TitaniumCore Enterprise Platform (TCEP) enables elastic scale to process the most-demanding workloads across Linux and Windows platforms

  • 4

    Enables uncovering and delivering the most accurate and up-to- date threat intelligence for remediation as well as tuning of network defense rules engines in deployed security solutions


Unmonitored file flows within an IT infrastructure represent an enormous security blind spot and vulnerability. Industry experts report that less than a third of breaches are discovered by the targeted organization. By any measure, this is a dismal record. Conventional, first-generation anti-virus scanners, intrusion detection systems and firewalls are implemented universally, yet breaches have become more frequent. 2nd generation products “detonate" files in a sandbox to observe their behavior. Although these products improve on the status quo, they can’t process every transmitted file and are often circumvented by advanced malware using obfuscation and other techniques. A new solution is needed.

The ReversingLabs N1000 Network File Flow Analysis appliance provides a new solution that fills the gaps of and goes beyond existing solutions by extracting all files from email, web and file transfer traffic. This is completed not only for inbound  traffic to the organization but outbound and laterally/within as well to detect cyber threats both from malware/exploits as well as unintentional movement of sensitive files/DLP.

Advanced threats are detected with ReversingLabs unique  (Active File Decomposition) and ReversingLabs Hashing Algorithm (RHA), Functional Similarity Analysis technologies.

A New Approach to Advanced Threats

ReversingLabs N1000 appliances address critical security blind spots with a completely new and innovative approach for detecting advanced threats in files before they execute.   Rather than looking for external behavior or symptoms, the N1000 performs an automated, multi-faceted analysis of each file's internal attributes.  Since the analysis does not depend on execution, a broad array of file types are inspected in real-time, including Windows, Mac OS, Linux, Android, iOS, Windows Phone, document and media files.  The N1000 connects to a SPAN port to analyze file flows in HTTP, SMTP, SMB and FTP traffic.  The appliance can be configured to monitor traffic from external sources, to external sources and/or between internal systems.

N1000 Shema

Revolutionary Binary Classification Analysis

Files extracted from network traffic are classified in real-time (milliseconds per file).  They are recursively unpacked to remove obfuscation and extract all internal files and objects. ReversingLabs unique technology identifies over 3500 format families and extracts over 3000 Proactive Threat Indicators from over 300 file format types. The extracted files are then analyzed using advanced Functional Similarity hashing technology that neutralizes polymorphic obfuscation techniques to identify similarities to known malware and classify unknown threats. If necessary, files are also checked against the TitaniumCloud File Reputation Service to identify known goodware and malware using file reputation and ReversingLabs file functional similarity hash (RHA). YARA based rules are applied to classify the threat level of each file and generate the appropriate reports and alerts. Customers can also write custom YARA rules to meet special requirements.

Enterprise Integration

While the N1000 has a powerful GUI for alerts, threat visualization analytics, file analysis, threat filtering and configuration, it also integrates with other enterprise solutions such as SIEMs, Splunk, Elastic Search and Palantir. The GUI provides a dashboard that summarizes file flow by file type, threat level, source and destination. Event filtering and reporting are configurable.

Ask for a Demo today

All Products