Network File Flow Analysis
Sensor Appliance detecting threats in Web, FTP and Email
N1000 appliance delivers game-changing threat detection in web, email and file transfer network traffic. Incident response providers report that less than a third of breaches are discovered by the attacked organizations. By any measure, this is a dismal record. Conventional, First generation anti-virus scanners, intrusion detection systems and firewalls are implemented universally, yet breaches have become more frequent. Second generation products “detonate" files in a sandbox to observe their behavior before they reach user systems. Although these products improve on the status quo, they can’t process every observed file and are often circumvented by advanced malware. A new solution is needed. The N1000 connects to a SPAN port to analyze file flows in HTTP, SMTP, SMB and FTP traffic. The appliance can be configured to monitor traffic from external sources, to external sources and/or between internal systems.
- 1U Hardware appliance
ReversingLabs N1000 appliances implement acompletely new and innovative approach for detecting advanced threats in
files before they execute. Rather than looking for external behaviors or symptoms, the N1000 performs a multi-faceted
analysis of the internal attributes of each file. Since the analysis does not depend on execution, a broad array of
file types can be processed in real-time, including Windows, Linux, Mac OS, Android, iOS, Windows Phone, documents
and media files.
While the N1000 has an integrated GUI, it also integrates with other enterprise solutions such as SIEM, Splunk, Elastic Search and Palantir. The GUI includes a dashboard that summarized file flow by file type, threat level, source and destination. Event filtering and reporting are configurable. “Interesting” files can be saved to a NAS or external storage for in-depth analysis by the A1000 Malware Analysis Platform or other tools.