We are primarily using it for its static analysis capabilities. It is valuable because it offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information, and then we use that information to decide whether or not we want to send it on and do further analysis. It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types.

While we have not extensively tested the detection, it has detected everything that we've thrown at it that we've known is malicious. From the numbers they've given us, the solution's malware and goodware repository seems huge.

It easily integrates with our SIEM, Splunk.

As far as the cloud version is concerned, we mostly leverage the product to retrieve samples, or malicious programs, that we are otherwise unable to find. So, the ability to download programs directly from the platform is of importance to us. Other than that, we mostly leverage the information regarding static analysis.

As far as URLs are concerned, we would use the product as a source to verify whether or not the URL has been flagged as malicious. 

As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name. Besides this, packing or unpacking related information is something that we leverage a lot.

As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources.

The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild.

Also, the solution’s object and file analysis provide us with actionable insights.

Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.

ReversingLabs has a large sample size.