If you were talking to someone whose organization is considering ReversingLabs Titanium Platform, what would you say?
How would you rate it and why? Any other tips or advice?
Work with the ReversingLabs team. They're great to work with, and they're willing to help in any way. The biggest lesson I've learned from using it is that I need to know a heck of a lot more about the solution's power and how we can better integrate it into the environment for all our teams to use. We don't deploy it in a fashion where it is integrated with our existing security investments as of yet. We are going to look into those integrations in the next few quarters. Right now, it's more of a standalone analysis system that is not hooked up to any of our EDR solutions. We have also not looked into the Threat Summary Dashboards yet. We've had a lot of employee changes and leadership changes. That's one of those things that is on the to-do list, but no one has really sat down and gone over it all.
Anything we've pumped at this thing, it seems that it's just fine handling it. That's one of the big reasons we want it to be the funnel that everything comes through first. We want that determination of good, bad, or suspicious. We have complete faith that it can do that for us, and can do it at scale. It's stellar. I would easily give it a nine out of ten. I've had a great experience with it.
It's definitely a technical product. Some expertise and experience with malware analysis and anti-malware operations is required. Only purchasing the static analysis parts, as well as the APIs, this typically requires some maturity in the Security Operations Center (in respect to CERTs). If this is not the case, then respective teams should opt for the graphical user interface, which provides more guided support. Other than that, it's a good product. I would rate it approximately seven and a half to eight. One of the problems is currently that the company offers three different types of products which are very similar to each other. It's not entirely clear during respective discussions how those different products can be truly distinguished from each other. Besides having a graphical user interface and a cloud-based variant, there was originally just one product, which eventually evolved into different directions. Then, it became a series of different products. For the customer, this is not that easy to understand. The other aspect is, as far as the APIs are concerned, the respective sample scripts are not of very high quality. Some of them are really basic, and that code base should generally be improved. We are not leveraging the product as part of SOC operations. We use it for contributing to our anti-malware related operations, which is slightly different. We don't use the solution's threat summary dashboards. We're not leveraging the whitelist so much, so I can't say much about the goodware.