ReversingLabs TitaniumScale

TitaniumScale enables an organization to profile and classify large volumes of files in real-time to create relevant data for advanced analytics platforms to support threat correlation, hunting and response. Conventional malware products focus on detecting malware while treating undetected files as good, essentially overlooking them. As the amount of malware that evades detection grows, the need to profile, track and correlate “undetected” files becomes imperative to limit the impact and accelerate resolution of incidents and breaches. This intelligence data helps close the visibility gap between malware detection and tedious and expensive post-breach reconstruction. Key Features

• Real-time, deep inspection of files scalable to millions of files per day without execution.

 

• Broad coverage identifying 3600+ file formats and unpacking of 360+ file formats.

 

• Files sourced from a variety of inputs via automated submission from ReversingLabs and third-party products.

 

• Customer supplied YARA rule matching.

 

• Extracted file profiles are searchable by content or context of the file.

 

• Infrastructure scales incrementally to meet customer volume and/or capacity requirements.

 

• Programmable infrastructure supports threat identification, analytics, hunting, and software verification.

 

• Seamless integration for automated operations with SIEM, analytics, and file collection.

 

Scalable Architecture TitaniumScale uses a flexible cluster architecture that scales incrementally to support distributed or centralized file processing across physical and cloud environments. The cluster scales file processing capacity from 100K up to 100M files per day by adding worker nodes. TitaniumScale consists of: Worker Nodes: A cluster of physical or virtual servers that perform the actual file assessment and support N+1 redundancy. Load Balancer Hubs: A server (and optional redundant server) that directs files to Worker Nodes for processing. Control Manager: A server that manages configuration (i.e. YARA rules, whitelists) and monitors status across the TitaniumScale cluster. TitaniumCloud File Reputation: A service available as a cloud-based resource or on-site appliance that identifies and provides information on known goodware and malware.