We just raised a $30M Series A: Read our story

ReversingLabs Titanium Platform OverviewUNIXBusinessApplication

ReversingLabs Titanium Platform is the #2 ranked solution in our list of top Threat Intelligence Platforms. It is most often compared to VirusTotal: ReversingLabs Titanium Platform vs VirusTotal

What is ReversingLabs Titanium Platform?

ReversingLabs delivers advanced malware analysis and insights into destructive files and objects that address the the latest attacks, advanced persistent threats and polymorphic malware. These threats routinely defeat current anti-virus scanner, white list, behavioral and sandbox technology thus requiring tedious, manual analysis by highly skilled experts

Through its automated static analysis and file reputation platform, it delivers the fastest and most accurate insights in the industry, finding the hidden objects that are armed to destroy enterprise business value.

The hybrid cloud platform provides connectors that integrate with existing security investments such as EDR, email gateways, IDS, SIEM, threat intelligence platforms and sandboxes, reducing incident response time for SOC analysts, while providing high priority and detailed threat information for hunters to take quick action through advanced search and YARA rule tooling.

ReversingLabs has become an essential threat solution across the most advanced security companies in the industry, while supporting all industries searching for a better way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.

https://www.reversinglabs.com

ReversingLabs Titanium Platform is also known as ReversingLabs Titanium.

Buyer's Guide

Download the Anti-Malware Tools Buyer's Guide including reviews and more. Updated: October 2021

ReversingLabs Titanium Platform Customers

Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology

ReversingLabs Titanium Platform Video

Archived ReversingLabs Titanium Platform Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SS
Information Security Engineer IV at a financial services firm with 1,001-5,000 employees
Real User
Gives us a more in-depth analysis and better reporting on a larger number of file types

Pros and Cons

  • "It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
  • "We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."

What is our primary use case?

We haven't finished building it out fully but we want to use it as a pre-filter before samples go to anything else for analysis. Things are going to be coming to it and we're going to get a score regarding what ReversingLabs thinks of any file samples and, if it's a score that says it's a high threat level, we'll send it on for further analysis in other automated platforms.

How has it helped my organization?

The actionable insights that we've used thus far are from another ReversingLabs product, their APIs for hashes. We've been able to analyze thousands of hashes and then act on the ones which were deemed suspicious and malicious, by either retrieving a sample for further analysis or looking it up in other products.

The head of my division has bought into the ReversingLabs group of products and their capabilities. One of the things that ReversingLabs has enabled us to do is look at new hashes and to do something with them, to act on them. When new files come in, we have at least one piece of information about them that we can query and find out further information. We might then do a pivot into other systems or other manual investigation methods. They've helped us begin to further automate our automated malware analysis and triage of new samples.

What is most valuable?

We are primarily using it for its static analysis capabilities. It is valuable because it offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information, and then we use that information to decide whether or not we want to send it on and do further analysis. It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types.

While we have not extensively tested the detection, it has detected everything that we've thrown at it that we've known is malicious. From the numbers they've given us, the solution's malware and goodware repository seems huge.

It easily integrates with our SIEM, Splunk.

What needs improvement?

We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us. The integration may have not been tested all that well, because we don't have a complex setup in regard to connecting these things together. But when we tried the ReversingLabs integration with ThreatConnect, it flat out did not work. And we also haven't been able to get the Tanium integration to work.

We are currently talking to them about some things we need in the next release. Mainly, they are security improvements and they know about those. They have done a great job in getting them to us, as soon as they can dedicate some engineering resources to them. Security improvements are the main things that we are working on with them right now because we do security scans of the appliance itself and there have been a number of vulnerabilities that have shown up.

For how long have I used the solution?

We've been using it for about a year.

What do I think about the stability of the solution?

It's stable and capable. We've only had one issue where it needed to be updated because it had gotten into a weird state and there were memory issues and we couldn't run anything on the appliances. But there was only that one situation and that was fixed within a week to week-and-a-half, which I feel was good. 

What do I think about the scalability of the solution?

We haven't tested it extensively, but we feel that it's going to be a very scalable solution which is going to handle the volume we intend to push to it.

If everything is onboarded the way we want it, the entire company will be using it, in that all samples will be coming from all sorts of sources. It will be "under the hood" doing analysis constantly, 24 hours a day. Our company has 10,000-plus employees.

We're not using it very extensively yet. We're still in the middle stages of implementation. We haven't integrated it with very many systems in our company yet, and we are still trying to figure out the engineering problems surrounding it, and are working on getting it secure enough to deploy in our environment.

There are a number of different use cases for it. One of them is someone using it directly for doing threat hunting or threat detection. I'm not sure how many people are on those teams. But with the different threat-hunting teams and threat-detection teams, as well as forensic teams that might be using it, we could have at least 100 direct users.

With everything else, it's being used indirectly by a number of services, under the hood. Anything that gets saved on a network share, any new updates on any of the operating systems - Linux, Windows, etc. - we want analyzed, as well as anything that gets saved or that gets brought in as an email attachment. We'd like, eventually, that anything that comes over the wire, that comes through our proxies and firewalls, downloaded by someone, to be analyzed. It's going to be the crux of a solution that does a lot of automated analysis. It's just one piece, but it's going to be a very critical piece because it's going to be the on-ramp.

Responsibility for the solution will move to another team once I'm done with it, and that other team has about 15 people. But they support a lot of other things. They're a custom-support team, they support custom solutions.

How are customer service and technical support?

Their engineering team has been great. In everything that we've done so far with ReversingLabs, they have been very responsive and very helpful on the support side. They're as speedy as they can be.

How was the initial setup?

This was my first time ever doing something like this, and I was working with a team to do it. The initial setup did seem, to me, to take a while, but I don't have enough perspective to judge how complex or straightforward it was because I've never done anything comparable.

Our deployment has been ongoing for about a year.

Our implementation strategy is to get a number of sources of file samples and hashes onboarded into the ReversingLabs ecosystem, whether it be the APIs or the appliances, including the A1000, and once we do that in development we want to export what we've learned to production.

What about the implementation team?

The "team," in this regard, is that ReversingLabs' team helped us greatly. They really provided the support and information we needed to get the initial setup going. But ultimately, it was an integrated team between them and us, because they did help us a lot. There were four on our side and it took us a number of months to get to the point where we felt that anything was happening with the solution, which may be typical. I'm not sure.

Which other solutions did I evaluate?

We are also using FireEye and Palo Alto. As far as I can tell, the quantity of files that the ReversingLabs solution can process in a day is greater than many of these products. Also, the stability of this product seems to be much higher than some of the other ones that we've had issues with.

  • Stability
  • reliability
  • volume of processing

are the pros.

On the other hand - and this is something of a pro and a con - there's a lot of tooling that we need to build up around the solution to get it to integrate with our existing setup. That's a plus and a minus, in that once we get it integrated, and once we understand all of the interfaces to this product and how best to utilize it, then it becomes a tool that we can extend in our own right. But the con side of it is that it takes all that engineering work, all that understanding, all that effort, and we're not there yet. And we've been doing this for some time. Other tools do not require as much of that sort of effort.

ReversingLabs is going to be one of many things that we use. We don't want a mono-culture here, and we don't want information from just one vendor or one perspective. But we do respect ReversingLabs enough to put them in a very critical role in our infrastructure. We want to analyze pretty much everything that comes into our company, from email attachments to new files that are dropped by Microsoft updates, to files that people save on network drives, and we're going to use ReversingLabs to ingest all of those samples.

ReversingLabs is supplemental for us. It will be a kind of filter before things get to the other solutions.

What other advice do I have?

Anything we've pumped at this thing, it seems that it's just fine handling it. That's one of the big reasons we want it to be the funnel that everything comes through first. We want that determination of good, bad, or suspicious. We have complete faith that it can do that for us, and can do it at scale.

It's stellar. I would easily give it a nine out of ten. I've had a great experience with it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SV
CSO - Information Security at a financial services firm with 1,001-5,000 employees
Real User
We use the product for data enrichment or downloading malicious programs that we are otherwise unable to find

Pros and Cons

  • "As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
  • "As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
  • "The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
  • "While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."

What is our primary use case?

The primary use case is static analysis and retrieval of malware relevant indicators.

We have multiple products in use. As far as the onsite product is concerned, we use the latest version of the product. The other version is a cloud-based solution, so I assume this is always the latest version.

We are not integrating the solution with our bank technologies directly since we are employing the solution in a special infrastructure, which is isolated from the rest of the production network for security reasons. However, we do integrate the solution with a number of other analysis technologies that we use as part of our laboratory infrastructure. As far as this is related, integration is fine.

As far as the static analysis capabilities are concerned, they're used extensively on a daily basis. We've just completed the integration of the cloud-based variant.

How has it helped my organization?

We are not compiling specific metrics for this product. We are integrating both products. The static analysis engine that we've been using for roughly four to five years, which this is fully integrated in our workflows and processes. Then, there is the cloud-based variant that we've been using for around a year. This is also integrated in our platform for analyzing malicious programs directly. 

For downloading reasons, we have integrated the product directly with our platform. So, if you search for specific malicious programs that are, for instance, referenced in threat intelligence reports. Then, the product would be automatically leveraged as a source, not the only source, but as one source. Therefore, the users have the possibility of searching through different repositories in order to find threat intelligence related information.

As far as the analysis is concerned, we do this ourselves and mostly leverage other products for this. We use the product from ReversingLabs, mostly, for data enrichment or downloading malicious programs that we are otherwise unable to find.

As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive.

The solution helps to automate SOC operations when it comes to identifying the highest priority threats. We're leveraging the APIs, so the whole process with respect to looking up information and retrieving information about threats is fully automated. It's used as a data enrichment source. It is not used as the only source, but it's the information that is provided by the product and we retrieve from other sources, then we prioritize based on respective threats and corresponding risks.

What is most valuable?

As far as the cloud version is concerned, we mostly leverage the product to retrieve samples, or malicious programs, that we are otherwise unable to find. So, the ability to download programs directly from the platform is of importance to us. Other than that, we mostly leverage the information regarding static analysis.

As far as URLs are concerned, we would use the product as a source to verify whether or not the URL has been flagged as malicious. 

As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name. Besides this, packing or unpacking related information is something that we leverage a lot.

As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources.

What needs improvement?

It's integrated in our product. We leverage the API, but it doesn't contribute to increasing the release time of the product itself.

While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality. This could be an area where the company can generally improve. It is not a big issue for us, since we have our own development team, but it could be an issue for other companies who are less mature.

For how long have I used the solution?

We have been a customer of this company for around four to five years. This particular solution has been in use for around a year now.

What do I think about the stability of the solution?

The product works fine. We had some inner issues for some special use cases, where we initiated Webex sessions with the support, who eventually helped us figure out alternative solutions. Some of them were very helpful, and others were not so helpful.

All in all, the stability is definitely okay, with some minor problems as far as special use cases are concerned.

What do I think about the scalability of the solution?

The scalability is good. It's a scalable product.

Only malware analysts and reverse engineers are currently leveraging the product, and those are around 15 users.

How are customer service and technical support?

The product support could be better at times. They are typically okay. They are definitely trying to reach high customer satisfaction. They are also available on a very short notice. Sometimes, the resources that they provide could be of higher quality.

Which solution did I use previously and why did I switch?

We did not switch solutions. We use an alternative solution in addition to the current product.

How was the initial setup?

The initial setup was straightforward. 

We were able to use the product within a day, then started integrating it in into our own platform. It was mostly access credential-based.

What about the implementation team?

We deployed the solution in-house.

I have a dedicated developer team of six developers with two additional administrators. Not all of them are necessary specifically for this product, but some of them are able to set up this technology and also maintain it.

The strategy was always to use the product as an enrichment source in addition to other technologies, then make all that information centrally available in a fully automated manner.

What was our ROI?

We are mostly leveraging the API. All of this is automated, which in turn, helps to reduce response time.

What's my experience with pricing, setup cost, and licensing?

We have a yearly contract based on the number of queries and malicious programs which can be processed.

Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months.

Which other solutions did I evaluate?

We evaluated most of the features that we were eventually licensing. That included, for instance, the possibility to download malicious programs from the repository. As far as the static analysis engine was concerned, we ran a very in depth evaluation. We also compared the results of those analyses with information that we had available from other tools. So, there were some quite in-depth technical assessments done before purchasing the solution.

What other advice do I have?

It's definitely a technical product. Some expertise and experience with malware analysis and anti-malware operations is required. Only purchasing the static analysis parts, as well as the APIs, this typically requires some maturity in the Security Operations Center (in respect to CERTs). If this is not the case, then respective teams should opt for the graphical user interface, which provides more guided support. Other than that, it's a good product.

I would rate it approximately seven and a half to eight. One of the problems is currently that the company offers three different types of products which are very similar to each other. It's not entirely clear during respective discussions how those different products can be truly distinguished from each other. Besides having a graphical user interface and a cloud-based variant, there was originally just one product, which eventually evolved into different directions. Then, it became a series of different products. For the customer, this is not that easy to understand.

The other aspect is, as far as the APIs are concerned, the respective sample scripts are not of very high quality. Some of them are really basic, and that code base should generally be improved.

We are not leveraging the product as part of SOC operations. We use it for contributing to our anti-malware related operations, which is slightly different.

We don't use the solution's threat summary dashboards.

We're not leveraging the whitelist so much, so I can't say much about the goodware.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.