How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
We use it to analyze and pull out any indicators of compromise from malware that we get within the environment. We check to see if those indicators are seen throughout our infrastructure. We also do some type of open-source intelligence using the platform, at a basic level, dumping emails into it to see if it can parse out any of the URLs and the like. But that part is very basic. We're basically using it as a "sandbox" for static analysis. It's on-prem. Only certain people have access to it. It's not integrated into our whole environment as of yet. I would like it to be in our plans to do so but, currently, it's not deployed in that manner.
We haven't finished building it out fully but we want to use it as a pre-filter before samples go to anything else for analysis. Things are going to be coming to it and we're going to get a score regarding what ReversingLabs thinks of any file samples and, if it's a score that says it's a high threat level, we'll send it on for further analysis in other automated platforms.
The primary use case is static analysis and retrieval of malware relevant indicators. We have multiple products in use. As far as the onsite product is concerned, we use the latest version of the product. The other version is a cloud-based solution, so I assume this is always the latest version. We are not integrating the solution with our bank technologies directly since we are employing the solution in a special infrastructure, which is isolated from the rest of the production network for security reasons. However, we do integrate the solution with a number of other analysis technologies that we use as part of our laboratory infrastructure. As far as this is related, integration is fine. As far as the static analysis capabilities are concerned, they're used extensively on a daily basis. We've just completed the integration of the cloud-based variant.