Automate Incident Response

Automate response to incidents with deep threat context to support confident analysis and action. ReversingLabs eliminates manual research and reverse engineering steps, while surfacing local intelligence in real-time - integrated seamlessly with incident response or SOAR system - arming you with information you can trust in order to respond fast.

Automate Incident Response
Enrich EDR, Sandbox and Threat Intelligence Alerts

Enrich EDR, Sandbox and Threat Intelligence Alerts

Challenge: Incident responders are challenged with a backlog of alerts, including Anti-Virus alerts which are signature based often lacking historical reference, EDR alerts which are behavioral based with no file level information, and sandbox alerts which are limited in file format support, often lack MacOS and Linux support , and suffer from file queues due to lack of capacity and size restrictions.

Solution: ReversingLabs avoids these problems, supporting the largest selection file formats on the planet, and enriching AV, EDR, email, gateway, backup, cloud, supply chain, sandbox and threat intelligence platform alerts through static analysis, natural language analysis, malware family identification, threat severity rating, and indicators of compromise, so incident responders have the information at their fingertips to investigate an incident properly.

Learn More:
TIP Sandbox EDR
Automate Research & SOAR Playbooks

Automate Research & SOAR Playbooks

Challenge: Incident responders take hours if not days to investigate incidents given the lack of detail, while also delaying the orchestration of responses and threat rules to security controls.

Solution: ReversingLabs automates the process removing the manual steps required to reverse engineer malware infected files while seamlessly integrating within SOAR playbooks.

Learn More:
SIEM/SOAR
Ticket Support & Post Close Event Monitoring

Ticket Support & Post Close Event Monitoring

Challenge: Threat data is often disaggregated in various locations impacting time required for SOC analysts to respond to events. And once the ticket is closed the threat is often forgotten and not monitored for reoccurrence.

Solution: ReversingLabs monitors closed tickets for new malicious activity while serving up a ‘plain language’ summary report tagged with specific incident response plans, and attached as artifacts for archival. SOCs have a simple-to-understand digest of specific files of interest that educate and guide analysts in their response and can be filed with each case for audit and compliance requirements.

Reference Architecture

The Titanium Hybrid-Cloud Platform offers a flexible deployment architecture enabling high volume processing, accelerated object analysis, file reputation services and investigation through TitaniumCore, TitaniumCloud, TitaniumScale and the A1000

Reference Architecture - ReversingLabs Solutions

SIEM & Alert Partners

Splunk Phantom

Splunk Phantom

ReversingLabs and Splunk Phantom automate SOC workflows by providing rich file intelligence and key threat indicators to more quickly triage and resolve incidents.

Learn More
IBM Resilient

IBM Resilient

ReversingLabs and IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform provide a joint platform offering easier identification of advanced threats and more effective response to triage, contain, and resolve those threats.

Learn More
ReversingLabs and Anomali integrate for automated enforcement using exposed threat indicators and to provide rich data for threat hunting and incident response - visible right in ThreatStream.

Anomali

ReversingLabs and Anomali integrate for automated enforcement using exposed threat indicators and to provide rich data for threat hunting and incident response - visible right in ThreatStream.

Learn More