Splunk and ReversingLabs: Deliver Faster Threat Response
Integrating Proactive Malware Intelligence into Your SIEM to Dramatically Lower MTTR.
ReversingLabs provides comprehensive, automated static analysis on files entering an organization. This rich, highly relevant file intelligence enhances correlation and visibility of malware, enriching any SIEM or SOAR, and promotes a more effective and efficient malware identification and incident response process.
Challenge: Not enough context in file intelligence data to understand the threat and be actionable for security operations teams to respond smartly and in a timely manner.
Solution: ReversingLabs performs high-speed static analysis to classify files (good, malicious, suspicious, unknown), rank severity level, and provide enriched context in near real-time. File reputation can be supplied from ReversingLabs with a query directly from the SIEM or SOAR console.
Challenge: There is no unified platform for advanced analysis on unknown malware, finding functionally similar malware or performing pivots on IOCs to better understand threats. Analysts are forced to navigate between siloed security tools that are not designed for collaboration, and in most cases, open to privacy compromises.
Solution: ReversingLabs provides seamless integration with SIEM and SOAR solutions. The platform provides a unified workbench and integrates with a 10 billion sample database of goodware and malware, offering enriched context and continuous threats-in-the-wild updates. In a single click, a user can switch to the ReversingLabs console and quickly determine relevant indicators to help prioritize threats and determine the next course of action.
Challenge: Given multiple file sources and varying types of incoming files, there are many ways malware can enter your environment. In a similar manner, specific or similar threats may already exist in your environment and also need to be identified.
Solution: ReversingLabs classifies huge volumes of files at near real-time, providing comprehensive detection for a wide-range of sources while enhancing automated playbooks, streamlining workflows, and reducing analyst overhead. Summary results can be reviewed in Splunk, and with a single click analysts can pivot to the ReversingLabs platform for further analysis and hunting.
The Titanium Hybrid-Cloud Platform offers a flexible deployment architecture enabling high volume processing, accelerated object analysis, file reputation services and investigation through TitaniumCore, TitaniumCloud, TitaniumScale and the A1000
Solution Insights
Integrating Proactive Malware Intelligence into Your SIEM to Dramatically Lower MTTR.
Driving Down both Mean Time to Detect and Mean Time to Respond.
ReversingLabs has built an application to enrich Splunk data with next-generation malware analysis and threat intelligence for real-time correlation and threat detection results.
ReversingLabs and Splunk Phantom automate SOC workflows by providing rich file intelligence and key threat indicators to more quickly triage and resolve incidents.
ReversingLabs and IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform provide a joint platform offering easier identification of advanced threats and more effective response to triage, contain, and resolve those threats.