IT Central Station is now PeerSpot: Here's why

ReversingLabs Titanium Platform OverviewUNIXBusinessApplication

What is ReversingLabs Titanium Platform?

ReversingLabs delivers advanced malware analysis and insights into destructive files and objects that address the the latest attacks, advanced persistent threats and polymorphic malware. These threats routinely defeat current anti-virus scanner, white list, behavioral and sandbox technology thus requiring tedious, manual analysis by highly skilled experts

Through its automated static analysis and file reputation platform, it delivers the fastest and most accurate insights in the industry, finding the hidden objects that are armed to destroy enterprise business value.

The hybrid cloud platform provides connectors that integrate with existing security investments such as EDR, email gateways, IDS, SIEM, threat intelligence platforms and sandboxes, reducing incident response time for SOC analysts, while providing high priority and detailed threat information for hunters to take quick action through advanced search and YARA rule tooling.

ReversingLabs has become an essential threat solution across the most advanced security companies in the industry, while supporting all industries searching for a better way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.

https://www.reversinglabs.com

ReversingLabs Titanium Platform was previously known as ReversingLabs Titanium.

Buyer's Guide

Download the Anti-Malware Tools Buyer's Guide including reviews and more. Updated: April 2022

ReversingLabs Titanium Platform Customers

Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology

ReversingLabs Titanium Platform Video

Archived ReversingLabs Titanium Platform Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Forensic Lead, Global Security Fusion Center at a insurance company with 10,001+ employees
Real User
Very good malware and goodware repository and enables us to look more deeply at indicators of compromise
Pros and Cons
  • "The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
  • "I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."

What is our primary use case?

We use it to analyze and pull out any indicators of compromise from malware that we get within the environment. We check to see if those indicators are seen throughout our infrastructure.

We also do some type of open-source intelligence using the platform, at a basic level, dumping emails into it to see if it can parse out any of the URLs and the like. But that part is very basic.

We're basically using it as a "sandbox" for static analysis. It's on-prem. Only certain people have access to it. It's not integrated into our whole environment as of yet. I would like it to be in our plans to do so but, currently, it's not deployed in that manner.

How has it helped my organization?

Because we are a young global fusion center, we have very junior examiners and incident handlers. This solution gives them a better way to understand how malware is constructed, what kind of indicators accompany it, etc. We use it for both junior- and mid-level people to get down and dirty and do analysis, on-the-go, when needed.

What has been nice is that those junior-level people can use that information and push it forward for final actions if needed, or verification through senior examiners and incident handlers. They get them to confirm what they're seeing so that we can detect and remediate in a more timely manner. It's absolutely saving us time. We're not even using the full capabilities, but it has reduced our mean time to remediation by about 25 percent.

What is most valuable?

The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild.

Also, the solution’s object and file analysis provide us with actionable insights.

Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.

What needs improvement?

I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually. If I have, say, a couple of thousand hash sets, I would like to be able to upload them. Currently, it's a very manual task.

For how long have I used the solution?

I have been using ReversingLabs for two-and-a-half years now.

What do I think about the stability of the solution?

The stability has been fine. We haven't had one issue with it.

The only issue we have, once in a while, is our lack of getting to the RDP sessions into it, but that has nothing to do with ReversingLabs. It happens with our environment.

What do I think about the scalability of the solution?

It can be scaled a lot better than the way we're using it. The analogy I like to use is that I have an iPad and I probably only use 15 percent of its capabilities. We're using about the same percentage of ReversingLabs' capabilities. It can be scaled to be more broad-based within our environment. I hope to push that in the next few quarters.

If the solution was to be integrated, we're talking about close to a million assets, worldwide.

How are customer service and technical support?

Their staff has always been responsive and great. I have nothing but great things to say about them. They've been awesome anytime I have a question. I don't have to wait 24 hours for an answer; usually, it's no more than an hour to two hours. And I've never had to escalate an issue.

I've had great relationships with the company. Even if somebody leaves and somebody comes on, they're very responsive. There's rarely a hiccup with their product.

Which solution did I use previously and why did I switch?

We had nothing and that's why we went to the Titanium platform. We had nothing in the environment to do such analysis, so it's been a savior in many ways. We had nothing even close to what ReversingLabs does.

Leadership realized we needed something like this because of the turnover of talent and people not having an understanding of malware analysis. We needed some type of reliable solution that would help with at least the static analysis of such items.

How was the initial setup?

We have a separate engineering and infrastructure side, so I can't talk about the actual deployment in detail. But I believe that once we set up the environment, we were provided with a VM of the system. But there was more of a connection with our engineering groups to get it deployed within the environment, so we could access it and use it for our analysis.

It only took one guy a couple of days. And it takes just one person to maintain it, again within the engineering team. There are about 35 of us using it, including level-ones, level-threes, and forensics.

What about the implementation team?

It was our internal team and ReversingLabs. That's it.

What was our ROI?

Our return on investment is in time saved as well as in producing indicators of compromise.

What's my experience with pricing, setup cost, and licensing?

We pay on a yearly basis. 

Which other solutions did I evaluate?

I don't believe they looked into any other products before choosing ReversingLabs. And I've been very satisfied with ReversingLabs. If it isn't broken, why try to fix it?

What other advice do I have?

Work with the ReversingLabs team. They're great to work with, and they're willing to help in any way.

The biggest lesson I've learned from using it is that I need to know a heck of a lot more about the solution's power and how we can better integrate it into the environment for all our teams to use.

We don't deploy it in a fashion where it is integrated with our existing security investments as of yet. We are going to look into those integrations in the next few quarters. Right now, it's more of a standalone analysis system that is not hooked up to any of our EDR solutions. We have also not looked into the Threat Summary Dashboards yet. We've had a lot of employee changes and leadership changes. That's one of those things that is on the to-do list, but no one has really sat down and gone over it all.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Information Security Engineer IV at a financial services firm with 1,001-5,000 employees
Real User
Gives us a more in-depth analysis and better reporting on a larger number of file types
Pros and Cons
  • "It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
  • "We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."

What is our primary use case?

We haven't finished building it out fully but we want to use it as a pre-filter before samples go to anything else for analysis. Things are going to be coming to it and we're going to get a score regarding what ReversingLabs thinks of any file samples and, if it's a score that says it's a high threat level, we'll send it on for further analysis in other automated platforms.

How has it helped my organization?

The actionable insights that we've used thus far are from another ReversingLabs product, their APIs for hashes. We've been able to analyze thousands of hashes and then act on the ones which were deemed suspicious and malicious, by either retrieving a sample for further analysis or looking it up in other products.

The head of my division has bought into the ReversingLabs group of products and their capabilities. One of the things that ReversingLabs has enabled us to do is look at new hashes and to do something with them, to act on them. When new files come in, we have at least one piece of information about them that we can query and find out further information. We might then do a pivot into other systems or other manual investigation methods. They've helped us begin to further automate our automated malware analysis and triage of new samples.

What is most valuable?

We are primarily using it for its static analysis capabilities. It is valuable because it offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information, and then we use that information to decide whether or not we want to send it on and do further analysis. It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types.

While we have not extensively tested the detection, it has detected everything that we've thrown at it that we've known is malicious. From the numbers they've given us, the solution's malware and goodware repository seems huge.

It easily integrates with our SIEM, Splunk.

What needs improvement?

We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us. The integration may have not been tested all that well, because we don't have a complex setup in regard to connecting these things together. But when we tried the ReversingLabs integration with ThreatConnect, it flat out did not work. And we also haven't been able to get the Tanium integration to work.

We are currently talking to them about some things we need in the next release. Mainly, they are security improvements and they know about those. They have done a great job in getting them to us, as soon as they can dedicate some engineering resources to them. Security improvements are the main things that we are working on with them right now because we do security scans of the appliance itself and there have been a number of vulnerabilities that have shown up.

For how long have I used the solution?

We've been using it for about a year.

What do I think about the stability of the solution?

It's stable and capable. We've only had one issue where it needed to be updated because it had gotten into a weird state and there were memory issues and we couldn't run anything on the appliances. But there was only that one situation and that was fixed within a week to week-and-a-half, which I feel was good. 

What do I think about the scalability of the solution?

We haven't tested it extensively, but we feel that it's going to be a very scalable solution which is going to handle the volume we intend to push to it.

If everything is onboarded the way we want it, the entire company will be using it, in that all samples will be coming from all sorts of sources. It will be "under the hood" doing analysis constantly, 24 hours a day. Our company has 10,000-plus employees.

We're not using it very extensively yet. We're still in the middle stages of implementation. We haven't integrated it with very many systems in our company yet, and we are still trying to figure out the engineering problems surrounding it, and are working on getting it secure enough to deploy in our environment.

There are a number of different use cases for it. One of them is someone using it directly for doing threat hunting or threat detection. I'm not sure how many people are on those teams. But with the different threat-hunting teams and threat-detection teams, as well as forensic teams that might be using it, we could have at least 100 direct users.

With everything else, it's being used indirectly by a number of services, under the hood. Anything that gets saved on a network share, any new updates on any of the operating systems - Linux, Windows, etc. - we want analyzed, as well as anything that gets saved or that gets brought in as an email attachment. We'd like, eventually, that anything that comes over the wire, that comes through our proxies and firewalls, downloaded by someone, to be analyzed. It's going to be the crux of a solution that does a lot of automated analysis. It's just one piece, but it's going to be a very critical piece because it's going to be the on-ramp.

Responsibility for the solution will move to another team once I'm done with it, and that other team has about 15 people. But they support a lot of other things. They're a custom-support team, they support custom solutions.

How are customer service and technical support?

Their engineering team has been great. In everything that we've done so far with ReversingLabs, they have been very responsive and very helpful on the support side. They're as speedy as they can be.

How was the initial setup?

This was my first time ever doing something like this, and I was working with a team to do it. The initial setup did seem, to me, to take a while, but I don't have enough perspective to judge how complex or straightforward it was because I've never done anything comparable.

Our deployment has been ongoing for about a year.

Our implementation strategy is to get a number of sources of file samples and hashes onboarded into the ReversingLabs ecosystem, whether it be the APIs or the appliances, including the A1000, and once we do that in development we want to export what we've learned to production.

What about the implementation team?

The "team," in this regard, is that ReversingLabs' team helped us greatly. They really provided the support and information we needed to get the initial setup going. But ultimately, it was an integrated team between them and us, because they did help us a lot. There were four on our side and it took us a number of months to get to the point where we felt that anything was happening with the solution, which may be typical. I'm not sure.

Which other solutions did I evaluate?

We are also using FireEye and Palo Alto. As far as I can tell, the quantity of files that the ReversingLabs solution can process in a day is greater than many of these products. Also, the stability of this product seems to be much higher than some of the other ones that we've had issues with.

  • Stability
  • reliability
  • volume of processing

are the pros.

On the other hand - and this is something of a pro and a con - there's a lot of tooling that we need to build up around the solution to get it to integrate with our existing setup. That's a plus and a minus, in that once we get it integrated, and once we understand all of the interfaces to this product and how best to utilize it, then it becomes a tool that we can extend in our own right. But the con side of it is that it takes all that engineering work, all that understanding, all that effort, and we're not there yet. And we've been doing this for some time. Other tools do not require as much of that sort of effort.

ReversingLabs is going to be one of many things that we use. We don't want a mono-culture here, and we don't want information from just one vendor or one perspective. But we do respect ReversingLabs enough to put them in a very critical role in our infrastructure. We want to analyze pretty much everything that comes into our company, from email attachments to new files that are dropped by Microsoft updates, to files that people save on network drives, and we're going to use ReversingLabs to ingest all of those samples.

ReversingLabs is supplemental for us. It will be a kind of filter before things get to the other solutions.

What other advice do I have?

Anything we've pumped at this thing, it seems that it's just fine handling it. That's one of the big reasons we want it to be the funnel that everything comes through first. We want that determination of good, bad, or suspicious. We have complete faith that it can do that for us, and can do it at scale.

It's stellar. I would easily give it a nine out of ten. I've had a great experience with it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Anti-Malware Tools
April 2022
Find out what your peers are saying about ReversingLabs, VirusTotal, CrowdStrike and others in Anti-Malware Tools. Updated: April 2022.
595,546 professionals have used our research since 2012.
CSO - Information Security at a financial services firm with 1,001-5,000 employees
Real User
We use the product for data enrichment or downloading malicious programs that we are otherwise unable to find
Pros and Cons
  • "As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
  • "As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
  • "The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
  • "While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."

What is our primary use case?

The primary use case is static analysis and retrieval of malware relevant indicators.

We have multiple products in use. As far as the onsite product is concerned, we use the latest version of the product. The other version is a cloud-based solution, so I assume this is always the latest version.

We are not integrating the solution with our bank technologies directly since we are employing the solution in a special infrastructure, which is isolated from the rest of the production network for security reasons. However, we do integrate the solution with a number of other analysis technologies that we use as part of our laboratory infrastructure. As far as this is related, integration is fine.

As far as the static analysis capabilities are concerned, they're used extensively on a daily basis. We've just completed the integration of the cloud-based variant.

How has it helped my organization?

We are not compiling specific metrics for this product. We are integrating both products. The static analysis engine that we've been using for roughly four to five years, which this is fully integrated in our workflows and processes. Then, there is the cloud-based variant that we've been using for around a year. This is also integrated in our platform for analyzing malicious programs directly. 

For downloading reasons, we have integrated the product directly with our platform. So, if you search for specific malicious programs that are, for instance, referenced in threat intelligence reports. Then, the product would be automatically leveraged as a source, not the only source, but as one source. Therefore, the users have the possibility of searching through different repositories in order to find threat intelligence related information.

As far as the analysis is concerned, we do this ourselves and mostly leverage other products for this. We use the product from ReversingLabs, mostly, for data enrichment or downloading malicious programs that we are otherwise unable to find.

As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive.

The solution helps to automate SOC operations when it comes to identifying the highest priority threats. We're leveraging the APIs, so the whole process with respect to looking up information and retrieving information about threats is fully automated. It's used as a data enrichment source. It is not used as the only source, but it's the information that is provided by the product and we retrieve from other sources, then we prioritize based on respective threats and corresponding risks.

What is most valuable?

As far as the cloud version is concerned, we mostly leverage the product to retrieve samples, or malicious programs, that we are otherwise unable to find. So, the ability to download programs directly from the platform is of importance to us. Other than that, we mostly leverage the information regarding static analysis.

As far as URLs are concerned, we would use the product as a source to verify whether or not the URL has been flagged as malicious. 

As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name. Besides this, packing or unpacking related information is something that we leverage a lot.

As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources.

What needs improvement?

It's integrated in our product. We leverage the API, but it doesn't contribute to increasing the release time of the product itself.

While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality. This could be an area where the company can generally improve. It is not a big issue for us, since we have our own development team, but it could be an issue for other companies who are less mature.

For how long have I used the solution?

We have been a customer of this company for around four to five years. This particular solution has been in use for around a year now.

What do I think about the stability of the solution?

The product works fine. We had some inner issues for some special use cases, where we initiated Webex sessions with the support, who eventually helped us figure out alternative solutions. Some of them were very helpful, and others were not so helpful.

All in all, the stability is definitely okay, with some minor problems as far as special use cases are concerned.

What do I think about the scalability of the solution?

The scalability is good. It's a scalable product.

Only malware analysts and reverse engineers are currently leveraging the product, and those are around 15 users.

How are customer service and technical support?

The product support could be better at times. They are typically okay. They are definitely trying to reach high customer satisfaction. They are also available on a very short notice. Sometimes, the resources that they provide could be of higher quality.

Which solution did I use previously and why did I switch?

We did not switch solutions. We use an alternative solution in addition to the current product.

How was the initial setup?

The initial setup was straightforward. 

We were able to use the product within a day, then started integrating it in into our own platform. It was mostly access credential-based.

What about the implementation team?

We deployed the solution in-house.

I have a dedicated developer team of six developers with two additional administrators. Not all of them are necessary specifically for this product, but some of them are able to set up this technology and also maintain it.

The strategy was always to use the product as an enrichment source in addition to other technologies, then make all that information centrally available in a fully automated manner.

What was our ROI?

We are mostly leveraging the API. All of this is automated, which in turn, helps to reduce response time.

What's my experience with pricing, setup cost, and licensing?

We have a yearly contract based on the number of queries and malicious programs which can be processed.

Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months.

Which other solutions did I evaluate?

We evaluated most of the features that we were eventually licensing. That included, for instance, the possibility to download malicious programs from the repository. As far as the static analysis engine was concerned, we ran a very in depth evaluation. We also compared the results of those analyses with information that we had available from other tools. So, there were some quite in-depth technical assessments done before purchasing the solution.

What other advice do I have?

It's definitely a technical product. Some expertise and experience with malware analysis and anti-malware operations is required. Only purchasing the static analysis parts, as well as the APIs, this typically requires some maturity in the Security Operations Center (in respect to CERTs). If this is not the case, then respective teams should opt for the graphical user interface, which provides more guided support. Other than that, it's a good product.

I would rate it approximately seven and a half to eight. One of the problems is currently that the company offers three different types of products which are very similar to each other. It's not entirely clear during respective discussions how those different products can be truly distinguished from each other. Besides having a graphical user interface and a cloud-based variant, there was originally just one product, which eventually evolved into different directions. Then, it became a series of different products. For the customer, this is not that easy to understand.

The other aspect is, as far as the APIs are concerned, the respective sample scripts are not of very high quality. Some of them are really basic, and that code base should generally be improved.

We are not leveraging the product as part of SOC operations. We use it for contributing to our anti-malware related operations, which is slightly different.

We don't use the solution's threat summary dashboards.

We're not leveraging the whitelist so much, so I can't say much about the goodware.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.