Company Name: ReversingLabs
Product Name: Titanium Platform
Basic Price: Starting price is $10,000 for threat intelligence integrations and web offerings with volume-based pricing for large scale deployments.
What it does: A machine learning hybrid cloud platform that harvests thousands of file types at scale to minimize threat detection lead time.
What we liked: Detailed threat analysis of network traffic rendered in easy to read graphs that rapidly categorize file detections by malware type.
The Bottom Line: An efficient top down analytics tool for threat monitoring and detection.
Understanding the when and where malicious payloads will be delivered is an ongoing concern for security teams. Technology advancements have narrowed the gap which was acknowledged by Gartner when they named Machine Learning Binary Analysis as an emerging technology ready for primetime threat hunting. Despite all the industry fanfare, finding tools that streamline the process and deliver results has become an increasingly persistent problem.
As a recognized leader in the threat intelligence space, ReversingLabs highlights three major challenges companies face when using these tools. The first is Object Complexity, which relates to the challenge of sorting through a variety of file sizes, format types, compound documents and sometimes third-party sources. The second is a Black Box Verdict, which occurs when closed-loop technologies are used to determine whether a file is good or bad. This approach to file sorting is problematic because most tools focus on prevention and do not offer insights on why a file is bad; or what can be done to prevent similar problems in the future. The last issue is Skills Sets, which refers to the general lack the time, resources and skills that many organizations can apply to effectively evaluate threat data.
The ReversingLabs Titanium Platform provides a holistic solution to address these challenges. It seamlessly integrates at the system level, providing a true bottom up analysis of network traffic. The tool follows a predefined analysis path supported by high volume processing and integration with over 400 file formats processed (e.g. embedded executables, libraries, documents, resources, icons) and 4,000 file types (.pdf, .dox). At real time speed, Titanium inspects files, scaling to millions of files per day, using its capabilities as a machine learning hybrid cloud platform; in doing so, it eliminates the need for a common analysis technique known as dynamic execution.
At the first level of scrutiny, Titanium applies a static analysis engine to dissect file contents in five milliseconds or less using a specialized algorithm. The algorithm hashes file features (not just the bits) allowing it to differentiate between malware files that may be functionally similar. The next step of analysis leverages explainable machine learning, which applies more than 15 analysis engines to derive distinct malware type and classification verdicts. The resulting output is displayed with easy-to-interpret indicators that describe intent and allow security analysts to understand the issue and respond accordingly. From these indicators, the Titanium Platform generates a “visual map” that categorizes specific threats based on their similarities, potential for damage, and who/where they were accessed from.
Once the map is generated, the Platform moves to the final phase of analysis…the file reputation and intelligence stage. At this level, the powerful threat intelligence solution known as TitaniumCloud processes files using ReversingLabs File Decomposition Technology. This process is done in order to create an up-to-date threat classification index with rich context compiled from more than 10 billion goodware and malware files. This framework allows TitaniumCloud to support a powerful set of REST API query and feed functions that deliver targeted file and malware detail for threat identification, analysis, intelligence development, and hunting. On a daily basis, Titanium updates threat details using up to eight million malware and goodware sources creating the database that ultimately helps security teams stay abreast of the latest forms of malware afflicting the industry.
All this analysis lays a solid foundation for the investigation and hunting function of Titanium. This feature identifies objects and files of interest that have entered the infrastructure and retains their technical information, ultimately creating a repository for retro hunting and ongoing analysis to uncover attacker techniques and tactics. This categorizing of objects and files classifies and prioritizes threats, which helps hunting teams accelerate investigations and compress incident response times.
ReversingLabs’ Titanium Platform has a seamless UI, with an easy-to-interpret threat map that includes detailed hash files for in-depth analysis. Each threat identified is severity-rated and classified with a file format structure that includes a description, threat response and recommended fix. The large repository of goodware/malware ensures that users can easily navigate threats, regardless of skill sets. The Titanium Platform is the perfect tool for any company looking for a one size fits all solution to threat intelligence file analysis. The ReversingLabs Titanium Platform has a starting price of $10,000 for threat intelligence integrations and web offerings.