File Reputation & Threat Intelligence

Instant Access to a repository with Curated Information on 8 Billion Goodware and Malware Files

  • Increase detection analysis and response efficiency by instantly comparing samples against a massive goodware and malware file reputation database.
  • Faster results when hunting for relevant malware globally using flexible searches and pivoting on internal attributes, functional similarities, and threat indicators.
  • Monitor threats “in-the-wild” for specific malware or interesting file characteristics using YARA rules, watch lists and feeds.
  • Maintain privacy with all submissions and queries to avoid losing confidential information or tipping off adversaries.

How it works

ReversingLabs File Intelligence Service is the industry’s largest and most comprehensive source for up-to-date classification and rich context on files. ReversingLabs harvests over 6 million files daily and processes them with unique File Decomposition and Static Analysis technologies for unpacking and data extraction. This analysis exposes extensive data from all extracted objects and makes it available to customers for searching, hunting, and analysis.

Malware Analysis and Hunting

Combines Automated Analysis with Local and Global Intelligence to Uncover Threats

  • Quickly identify threats, address undetected malware, and correlate attacks through automated static analysis and search.
  • Leverage detailed file information to make rapid, informed decisions using automated static analysis enriched with global file intelligence.
  • Develop intelligence and context of files “in the wild” with advanced search, YARA hunting, alerts, feeds and other advance services.
  • Identify malware and bolster defenses by deploying YARA rulesto increase effectiveness of local and global threat hunting.

How it works

The ReversingLabs Malware Analysis and Hunting appliance processes all files with unique Automated Static Analysis to unpack them and expose comprehensive internal data. The extracted data is processed by classification algorithms to assign threat levels and severity scores. Advanced pivots, functional similarity, and YARA alerts enable analysts to quickly expand their understanding of attacks and develop effective defenses.

Enterprise-Scale File Analysis

Comprehensive, High-Volume Analysis for Determining File Reputation at Massive Scale

  • Gain in-depth knowledge of the files inside your organization to combat malware that evades detection.
  • Uncover undetected malware in your organization based on internal file characteristics.
  • Better leverage external threat intelligence by quickly answering the question, “Do I have this problem?”
  • Identify specific threats, monitor policies and support adherence to regulations by customizing file assessments with YARA rules.

How it works

A high-volume infrastructure performs an in-depth assessment of millions of files daily. Email gateways, web proxies, endpoint solutions, and other devices automatically submit files for processing to identify threats and derive internal details enriched with global file intelligence context. Stored in a ‘data lake’, this information enables advanced hunting and analytics based on internal file characteristics. The solution sends real-time alerts to a SIEM or analytics platforms when malware is identified or a customer-defined YARA rule is triggered.