ReversingLabs is well known by the over 30 leading security companies who utilize our industry best file reputation service or OEM our powerful, automated static analysis engine. We are also well known by our many Fortune 250 customers, and by the IC and DOD agencies that use our products. Now you can get to know us at RSA, and a visit to our booth is well worth your time. When you visit, you will certainly want to ask about the reason JP Morgan Chase invested in us, or the reason In-Q-Tel formed a strategic partnership with us, or even the reason that 30 plus security vendors (all at RSA) use our technology inside their solutions.
Those reasons all come down to one important fact, when it comes to understanding the context and the risk profile of the millions of files in your network, we are the experts. We understand that visibility, awareness and insight into those files and the risk they pose is core to the success of any security team that is targeted by advanced malware. We all know the vast majority of cyber-attacks utilize files of various types, but we also know that the vast majority of the millions of files that move about your organization at any given time pose no risk. The “needle in the haystack” challenge is finding the “unknown bad” files that pose a threat.
What if the files in your network were automatically inspected and the good ones were accurately classified and removed from the triage process? At the same time, what if all the high-risk files (containing known malware or positive indicators) were also automatically classified as threats and immediately moved to a response and control process?
What would remain are the “unknown” files, most benign but some fraction malicious. In most organizations, these “unknown” files go largely unnoticed and the security team loses visibility of their existence until something unexpected or blatantly malicious occurs. The security team then must scramble to find, characterize and respond to the malicious “unknown” files. Currently these files are sent to sandboxes for dynamic analysis or manually investigated by tier three analysts in a slow and tedious forensic process.
What if, the “unknown” files, once identified, could be assessed by a unique decomposition and static analysis process that takes just milliseconds to extract context and assesses threat levels based on internal characteristics? And what if the entire static analysis system could send this information to your SIEM and analytics platforms to identify risky files, accelerate response and enable hunting by file attributes?
The result is a complete transformation of your analysis and response process, greatly improving efficiency and accuracy. The threat output can be quickly fed back into your security environment to hunt for other related files and used to develop rules for prevention tools to upgrade their ability to recognize the malware the next time it hits your perimeter.
We call our enterprise scale analysis and classification tool TitaniumScale, our file reputation and threat intelligence service TitaniumCloud and our automated static analysis “workbench” the A1000. It all works together, it all integrates into your existing environment, and whether deployed in pieces or together, it helps eliminate your file-level threat visibility gap while greatly increasing your analysis and response process speed. Stop by Booth 230 in the South Hall and we will be happy to show it to you. We think it is really cool, and so does JPMC, In-Q-Tel and a bunch of security vendors.