ReversingLabs 2018-04-04T22:21:36+00:00

















REVERSING LABS

Advanced Threat Hunting and Analysis

to protect your files on the web


Let’s talk











Advanced Threat Hunting and Analysis

to protect your files on the web


Let’s talk






Elastic object processing detects malware and zero day and performs YARA based classification for DLP, malware identification, policy violations and regulatory compliance.




Elastic object processing detects malware and zero day and performs YARA based classification for DLP, malware identification, policy violations and regulatory compliance.



Benefits



Prevents policy violations and regulatory risks

The only elastic solution for real-time file and object analysis.


Stop potential threats

ReversingLabs’ products are the only elastic solution for real-time file and object analysis. It grants the needed scalability for modern companies, both on Windows and Linux platforms


Protect your operation center

Reputation services: modular solution that scales to process millions of files daily


Scalability

ReversingLabs’ products are the only elastic solution for real-time file and object analysis. It grants the needed scalability for modern companies, both on Windows and Linux platforms



Benefits



Prevents policy violations and regulatory risks

The only elastic solution for real-time file and object analysis.


Stop potential threats

ReversingLabs’ products are the only elastic solution for real-time file and object analysis. It grants the needed scalability for modern companies, both on Windows and Linux platforms


Protect your operation center

Reputation services: modular solution that scales to process millions of files daily


Scalability

ReversingLabs’ products are the only elastic solution for real-time file and object analysis. It grants the needed scalability for modern companies, both on Windows and Linux platforms



ReversingLabs
ReversingLabs A1000


ReversingLabs

ReversingLabs A1000
Cybersecurity threat analysis platform


ReversingLabs A1000: Malware analysis platform

The A1000 Malware analysis platform is a powerful, integrated, plug-and-play solution for individual analysts or small teams of analysts that makes threat detection, deep analysis and collaboration more effective and productive. This solution is offered as an on-premises hardware appliance, a VM appliance or as a cloud-based service.

The platform performs in-depth static analysis of a comprehensive array of file types including Windows, Linux, Mac OS, iOS, Android, Windows Mobile, email attachments, documents and firmware.

The A1000 also calculates each file’s Threat Level to help support determination of remediation priorities. The PTIs for each file are stored in an onboard database with advanced search capabilities to find files with specific characteristics (e.g., domain name, virus family, exploit).


  • Binary file analysis
  • Uploads multiple samples from a directory
  • Processes files in milliseconds
  • Unpacked elements and files are stored in the on-board database and available for further analysis and collaboration
  • File reputation information
  • Uses, by default, cloud-based “TitaniumCloud File Reputation Service” that identifies over 5 billion goodware and malware files
  • Integrates, optionally, with an on-premises “T1000 File Reputation” appliance for additional privacy (particularly in air-gapped networks)
  • Provides historical results: malware samples are continually reanalyzed for the most up-to-date file reputation status
  • Includes “ReversingLabs Hashing Algorithm” (RHA1) for functional similarity analysis

  • REST Web services API
  • Supports automated analysis processes
  • Automated static analysis
  • Unpacks over 300 families of archives, installers, packers and compressors
  • Identifies over 3500 additional file formats
  • Extracts over 3,000 PTIs from extracted files for PE/Windows, ELF/Linux, Mac OS, iOS, Android, firmware and documents
  • Calculates file threat level using extracted information
  • Includes 100k+ rules to generate file intent behavior indicators
  • Upload custom Yara rules for inclusion in TitaniumCore static analysis (in addition to ReversingLabs-supplied rules)

  • Stores PTIs and historic anti-virus detections in an onboard database that supports advanced searches
  • Search based on PTIs including: threat type, malware family name, application capabilities, import/exports, resources and strings
  • Analysis management GUI
  • Provides access to unpacked files, PTIs and threat level
  • Supports collaborative case management, tagging and annotations
  • Search for samples by file name or tag
  • Search the A1000 as well as TitaniumCloud by MD5, SHA1 or SHA 256 hashes, and search TitaniumCloud by malware family names to discover additional samples for analysis

Cybersecurity threat analysis platform
ReversingLabs A1000: Malware Analysis Platform

The A1000 Malware Analysis Platform is a powerful, integrated, plug-and-play solution for individual analysts or small teams of analysts that makes threat detection, deep analysis and collaboration more effective and productive. This solution is offered as an on-premises hardware appliance, a VM appliance or as a cloud-based service.

The platform performs in-depth static analysis of a comprehensive array of file types including Windows, Linux, Mac OS, iOS, Android, Windows Mobile, email attachments, documents and firmware.

The A1000 also calculates each file’s Threat Level to help support determination of remediation priorities. The PTIs for each file are stored in an onboard database with advanced search capabilities to find files with specific characteristics (e.g., domain name, virus family, exploit).

  • Binary file analysis
  • Uploads multiple samples from a directory
  • Processes files in milliseconds
  • Unpacked elements and files are stored in the on-board database and available for further analysis and collaboration
  • File reputation information
  • Uses, by default, cloud-based “TitaniumCloud File Reputation Service” that identifies over 5 billion goodware and malware files
  • Integrates, optionally, with an on-premises “T1000 File Reputation” appliance for additional privacy (particularly in air-gapped networks)
  • Provides historical results: malware samples are continually reanalyzed for the most up-to-date file reputation status
  • Includes “ReversingLabs Hashing Algorithm” (RHA1) for functional similarity analysis

  • REST Web Services API
  • Supports automated analysis processes
  • Automated static analysis
  • Unpacks over 300 families of archives, installers, packers and compressors
  • Identifies over 3500 additional file formats
  • Extracts over 3,000 PTIs from extracted files for PE/Windows, ELF/Linux, Mac OS, iOS, Android, firmware and documents
  • Calculates file threat level using extracted information
  • Includes 100k+ rules to generate file intent behavior indicators
  • Upload custom Yara rules for inclusion in TitaniumCore static analysis (in addition to ReversingLabs-supplied rules)

  • Stores PTIs and historic anti-virus detections in an onboard database that supports advanced searches
  • Search based on PTIs including: threat type, malware family name, application capabilities, import/exports, resources and strings
  • Analysis management GUI
  • Provides access to unpacked files, PTIs and threat level
  • Supports collaborative case management, tagging and annotations
  • Search for samples by file name or tag
  • Search the A1000 as well as TitaniumCloud by MD5, SHA1 or SHA 256 hashes, and search TitaniumCloud by malware family names to discover additional samples for analysis



ReversingLabs
ReversingLabs N1000


ReversingLabs

ReversingLabs N1000
Network security appliance.


ReversingLabs N1000

The “ReversingLabs N1000 Network File Flow Analysis” appliance provides a new solution that fills the gaps of and goes beyond existing solutions by extracting all files from email, web and file transfer traffic. This is completed not only for inbound traffic to the organization but outbound and laterally/within as well to detect cyber threats both from malware/exploits as well as unintentional movement of sensitive files/DLP.

Since the analysis does not depend on execution, a broad array of file types are inspected in real-time, including Windows, Mac OS, Linux, Android, iOS, Windows Phone, document and media files. The N1000 connects to a SPAN port to analyze file flows in HTTP, SMTP, SMB and FTP traffic. The appliance can be configured to monitor traffic from external sources, to external sources and/or between internal systems.


  • Network file extraction
  • Extracts all files from HTTP, FTP, SMTP and SMB traffic
  • Monitors incoming, outgoing and internal traffic
  • Extracts files up to 700MB (default) for automated analysis
  • Identifies file flows by source, destination and file type
  • Threat classification of extracted files
  • Identifies over 3500 file format families
  • Neutralizes polymorphic attacks by identifying functional similarities to known malware
  • Identifies known families of malware.

  • Verifies file type and certificate on files and payloads
  • Performs continual “retrospective” checks to detect new threats in past file flows
  • Checks TitaniumCloud file reputation whitelist and blacklist of 5 billion unique files
  • Reporting and threat information
  • Provides advanced web GUI for alerts and file flow visualization
  • Logs events in “Common Event Format” (CEF) and sends them to specified SIEM/Syslog servers
  • Enables continuous diagnostics and mitigation
  • Supports YARA rules for threat level calculation
  • Reports file flow to “Big Data” repositories

  • Supports continuous diagnostics and mitigation
  • Audits network file traffic for industrial control systems
  • Identifies network-based malware
  • Detects file exfiltration
  • Enterprise data integration
  • Integrates easily with SIEMs and advanced analytics platforms (e.g., Splunk)
  • Provides a REST export API to retrieve event details
  • Includes Web GUI for monitoring, configuration and reporting
  • Integrated ReversingLabs solution
  • Can connect to the “T1000 File Reputation Appliance” for performance and privacy
  • Provides files to the A1000 malware analysis appliance for deeper analysis

Next generation intelligence for deep network malware analysis.
ReversingLabs N1000

The “ReversingLabs N1000 Network File Flow Analysis” appliance provides a new solution that fills the gaps of and goes beyond existing solutions by extracting all files from email, web and file transfer traffic. This is completed not only for inbound traffic to the organization but outbound and laterally/within as well to detect cyber threats both from malware/exploits as well as unintentional movement of sensitive files/DLP.

Since the analysis does not depend on execution, a broad array of file types are inspected in real-time, including Windows, Mac OS, Linux, Android, iOS, Windows Phone, document and media files. The N1000 connects to a SPAN port to analyze file flows in HTTP, SMTP, SMB and FTP traffic. The appliance can be configured to monitor traffic from external sources, to external sources and/or between internal systems.

  • Network file extraction
  • Extracts all files from HTTP, FTP, SMTP and SMB traffic
  • Monitors incoming, outgoing and internal traffic
  • Extracts files up to 700MB (default) for automated analysis
  • Identifies file flows by source, destination and file type
  • Threat classification of extracted files
  • Identifies over 3500 file format families
  • Neutralizes polymorphic attacks by identifying functional similarities to known malware
  • Identifies known families of malware.

  • Verifies file type and certificate on files and payloads
  • Performs continual “retrospective” checks to detect new threats in past file flows
  • Checks TitaniumCloud file reputation whitelist and blacklist of 5 billion unique files
  • Reporting and threat information
  • Provides advanced web GUI for alerts and file flow visualization
  • Logs events in “Common Event Format” (CEF) and sends them to specified SIEM/Syslog servers
  • Enables continuous diagnostics and mitigation
  • Supports YARA rules for threat level calculation
  • Reports file flow to “Big Data” repositories

  • Supports continuous diagnostics and mitigation
  • Audits network file traffic for industrial control systems
  • Identifies network-based malware
  • Detects file exfiltration
  • Enterprise data integration
  • Integrates easily with SIEMs and advanced analytics platforms (e.g., Splunk)
  • Provides a REST export API to retrieve event details
  • Includes Web GUI for monitoring, configuration and reporting
  • Integrated ReversingLabs solution
  • Can connect to the “T1000 File Reputation Appliance” for performance and privacy
  • Provides files to the A1000 malware analysis appliance for deeper analysis




A Few Words from our Customers:



“No single person or security company — I don’t care how good you are — can clean up everything. And unless you completely disinfect a system, it will come back.”

Mario Vuksan, CEO RL The New York Times

“Continuous incident response (CIR) is ReversingLabs answer to increased number of advanced persistent threats attacking business environments. At its heart CIR is about the constant need for vigilance.”

Tomislav Pericin, RL CSARL Tech Talk




What’s new at ReversingLabs


Get to know James Lyne's (Global Research Advisor at Sophos) y Mario Vuksan's (CEO at ReversingLabs) predictions

around the 6 key subjects for the growth of companies and the security of their key assets

Check the predictions out:



What’s new at ReversingLabs


Get to know James Lyne's (Global Research Advisor at Sophos) y Mario Vuksan's (CEO at ReversingLabs) predictions

around the 6 key subjects for the growth of companies and the security of their key assets

Check the predictions out:

Request the specialized advice you need