The actionable insights that we've used thus far are from another ReversingLabs product, their APIs for hashes. We've been able to analyze thousands of hashes and then act on the ones which were deemed suspicious and malicious, by either retrieving a sample for further analysis or looking it up in other products.

The head of my division has bought into the ReversingLabs group of products and their capabilities. One of the things that ReversingLabs has enabled us to do is look at new hashes and to do something with them, to act on them. When new files come in, we have at least one piece of information about them that we can query and find out further information. We might then do a pivot into other systems or other manual investigation methods. They've helped us begin to further automate our automated malware analysis and triage of new samples.

We are not compiling specific metrics for this product. We are integrating both products. The static analysis engine that we've been using for roughly four to five years, which this is fully integrated in our workflows and processes. Then, there is the cloud-based variant that we've been using for around a year. This is also integrated in our platform for analyzing malicious programs directly. 

For downloading reasons, we have integrated the product directly with our platform. So, if you search for specific malicious programs that are, for instance, referenced in threat intelligence reports. Then, the product would be automatically leveraged as a source, not the only source, but as one source. Therefore, the users have the possibility of searching through different repositories in order to find threat intelligence related information.

As far as the analysis is concerned, we do this ourselves and mostly leverage other products for this. We use the product from ReversingLabs, mostly, for data enrichment or downloading malicious programs that we are otherwise unable to find.

As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive.

The solution helps to automate SOC operations when it comes to identifying the highest priority threats. We're leveraging the APIs, so the whole process with respect to looking up information and retrieving information about threats is fully automated. It's used as a data enrichment source. It is not used as the only source, but it's the information that is provided by the product and we retrieve from other sources, then we prioritize based on respective threats and corresponding risks.

Because we are a young global fusion center, we have very junior examiners and incident handlers. This solution gives them a better way to understand how malware is constructed, what kind of indicators accompany it, etc. We use it for both junior- and mid-level people to get down and dirty and do analysis, on-the-go, when needed.

What has been nice is that those junior-level people can use that information and push it forward for final actions if needed, or verification through senior examiners and incident handlers. They get them to confirm what they're seeing so that we can detect and remediate in a more timely manner. It's absolutely saving us time. We're not even using the full capabilities, but it has reduced our mean time to remediation by about 25 percent.

The solution helps to stay on top of emerging threats with easy integration with other products.