opswat presentation for xxx month date, year. opswat & ____________ agenda overview of opswat ...
TRANSCRIPT
OPSWAT Presentation for XXX
Month Date, Year
OPSWAT & ____________
Agenda
Overview of OPSWAT
Multi-scanning with Metascan
Controlling Data Workflow with Metadefender
Questions
OPSWAT at a Glance
Company Established 2002 Private, profitable and growing Head office in San Francisco, California
Products Multi-scanning – Metascan® and Metadefender®
Security Application Manageability – OESIS® & AppRemover Secure Virtual Desktop Isolation Technology GEARS – Network Manageability
Customers Governments, CERTs, Finance, Utilities, [esp. Nuclear],
Military OEM s – SSL VPN, NAC Management services, Support Tools
SSL VPN and NAC
Customer Verticals
Network Compliance and
Vulnerability Assessment
Support Tools Government
Higher Ed and Corporations
Managed Services
MetascanScan Files with Multiple Antivirus
Engines
Why Multi-scanning?Too much malware, insufficient
detection
Over 220,000 new malware variants appear every day
http://www.av-test.org/en/statistics/malware/
“Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.”
http://www.csmonitor.com/Commentary/Opinion/2012/0808/Help-wanted-Geek-squads-for-US-cybersecurity
The rapid growth in the amount of malware continues to accelerate
No AV vendor can keep up with the number of new malware variants
The Reality MetascanMultiple engine malware scanning technologyInsufficient detection by any one AV product
Measuring Antivirus Capabilities
Much variation between different anti-malware engines
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 1991.00%
92.00%
93.00%
94.00%
95.00%
96.00%
97.00%
98.00%
99.00%
100.00%
0
5
10
15
20
25
30
35
40
Detection RateFalse Positives
Detection Rate vs. False Positives for 19 Engines
Source: AV ComparativesSeptember 2012
This graph shows the time between malware outbreak and AV detection by six AV engines for 75 outbreaks.
No Vendor detects every outbreak.
Only by combining six engines in a multiscanning solution are outbreaks detected quickly.
By adding additional engines, zero hour detection rates increase further.
Zero hour detection
5 min to 5 days
No detection at 5 days
Illustrating The Decreased Outbreak Detection Time
Geographic Distribution of Antivirus Engines
Performance by the numbers
The scan time is much shorter than the sum of the individual scans
1 engine
3 engines
8 engines
PDF EXE JPG OTHER
Presumed Scan Time
What is Metascan?
Multi-scanning engine
A server application with a local and network programming interface that allows customers to incorporate multiple anti-malware engine scanning technologies into their security architecture
Supports 0 to 30 anti-malware engines [and growing!]
Simultaneously scans files with all engines
Scan directories, files, archives, buffers, and boot sector
Automatic online definition updates or manual offline
updates
ICAP functionality
Metascan vs Traditional Antivirus Engines
Metascan integrates multiple engines that are optimized to work together on the same system
Metascan does not provide Real Time Protection (RTP) like many traditional antivirus engines, all scanning is done on demand
What is Metascan?
Multi-scanning engine
Flexible and scalable API driven solution Many programming Interfaces –
C++ Java PHPC#/ASP.NETRESTful (Web API)/HTTPCLI[command line interface]ICAP
Analyzes files locally on a single server or remotely from Windows or Linux systems
Metascan
Who uses Metascan?
Analysts who research threats in binaries CERTs (Computer Emergency Response/Readiness Teams) Government agencies Federal and State Law enforcement agencies Computer forensic analysts
IT security managers who seek to control data flow Files from public facing sharing/upload sites Data moving across internal security domains Detect infected attachments
Independent software vendors seeking to identify threats in their binaries False positives Accidental infections
Metascan Features
Manual (Offline) Updates – ZIP file Download the package (.zip) from an Internet connected
system Transfer the file to a system in the offline network and use the
Metascan Management Console or the Metascan Management Station to “push” to multiple servers
Engine Definition updates
Metascan
Standard packages
In addition to our standard offerings, the engines listed below may be added to create custom packages
MetadefenderSecuring Data Flows into/out of
Organizations
Why Metadefender?Peripheral media cannot be trusted
Why Metadefender?Peripheral media is an easy attack vector
Surveys show that 10% to 25% of malware is spread via USB (Sources: ESET & Panda)
Autorun viruses are easy to create
Instructions to create a virus are easily found online
The US Department of Defense banned peripherals entirely in 2008 after an outbreak of the SillyFDC worm which was spread by removable media
Why Metadefender?Metadefender use cases
USBs are the most effective way to deliver malware into a company
USBs bypass network security and deliver malware directly to the endpoint
Contractors and visiting vendors accidentally bring in malware on USB
Software updates and upgrades brought into secure networks on DVDs have contained malware
Banks and other financial institutions are attacked with USBs dropped in parking lots that employees pick up and insert in their work computers. (human curiosity?)
Advanced attacks mail infected USBs to employees as gifts
What is Metadefender?
Metadefender allows customers to define data security policies for their users to prevent the introduction of malware to a corporate network through portable media
Define multiple policies for different users or groups of
users
Process files to determine if they are a threat
Take the appropriate actions on both allowed and blocked
files
Optionally include Multi-scanning by Metascan
Metadefender
Features
Multi-Step Process to Secure Network User Authentication File Type Filtering Scanning with Metascan Scan look up by SHA256 hash value File Type Conversions
Including embedded object removal Enhanced Post-Processing Metadefender System Restore after each session to
ensure system integrity
Metadefender and Metascan
The Metascan multi-scanning server can be integrated as part of the Metadefender security workflow
Metascan can be installed on the same system as
Metadefender or can be on its own dedicated system
Multiple Metadefender systems can use a single
Metascan for multi-scanning
MetadefenderWho uses Metadefender?
Highly Secure facilities that host outside visitors/contractors Government Agencies Power Plants / Nuclear Facilities
IT security managers who seek to control physical media Banks Investment companies
Any company concerned about physical media-based malware infections
How Metadefender is commonly usedData workflow controls
Create a process ( workflow ) to control data coming into and out of your organization.
Example: Scan the contents of peripherals using multiple AV
engines
Require visitors to put all content onto a provided USB – then scan the content for malware with multiple AV engines
Convert selected data types
Convert files to jpeg or png to eliminate threats in original file
Block selected file types
Block all executables and other commonly infected files [e.g., PDF]
Metadefender
Metadefender is delivered in two formats:
Software to deploy on any system that meets Metadefender’s requirements
Kiosk with Metadefender pre-installed and configured
Delivery
Metadefender Deployment OptionsChoosing the best for your security
needs
Product Deployment Options
Standalone Systems with no Network connectivity
In this deployment option, Metadefender kiosks have both the Metascan server and the Metadefender client installed and have no network connection. Virus definition updates are downloaded from a system connected to the Internet and copied to physical media to be transferred to each Metadefender kiosk.
ProsNo network connection requiredConsUpdating virus definitions requires physically bringing media (USB drive/DVD/CD) to each kiosk and applying the update on each one
Product Deployment Options
Standalone Systems with Metascan Management Station
In this deployment option, a Metascan Management Station is installed on a dedicated system that has network connection to each Metadefender kiosk. The Metadefender kiosks have both the Metascan server and the Metadefender client installed and have network connection to Metascan Management Station only. Virus definition updates are downloaded on the system with the Metascan Management Station installed, and updates are applied to the Metadefender kiosks via the Metascan Management Station.
ProsEasier to deploy than standalone systems with no network connectivityConsRequires network connectivity between each kiosk and the Metascan Management StationDefinition updates need to be transferred over the networkRequires an additional system for the Metascan Management Station
Product Deployment Options
Distributed Systems (Metascan Server Offline)
In a distributed system, Metadefender kiosks have only the Metadefender client installed. The Metascan server is installed on a dedicated system. In this deployment option, the Metascan server does not have access to the Internet, and Metadefender kiosks have network connection to the Metascan server only. Virus definition updates are downloaded on a system with connection to the Internet and manually transferred and applied to the Metascan server.
ProsOnly requires deploying virus definition updates to a single Metascan serverThe Metascan server can be higher powered to allow for higher scan throughputConsRequires network connectivity between each kiosk and the Metascan serverAll files being scanned will be transferred over the network
Product Deployment Options
Distributed Systems (Metascan Server Online)
In a distributed system, Metadefender kiosks have only the Metadefender client installed. The Metascan server is installed on a dedicated system. In this deployment option, the Metascan server has access to the Internet, and Metadefender kiosks have network connection to the Metascan server only. Because of Internet connectivity, virus definitions automatically update on the Metascan server.
ProsVirus definition updates are applied automatically to the Metascan serverThe Metascan server can be higher powered to allow for higher scan throughputConsRequires network connectivity between each kiosk and the Metascan serverAll files being scanned will be transferred over the networkRequires Internet connection for the Metascan server
Support
OPSWAT provides three levels of support
Basic Support - Free
Premium Support – 18% of license cost
Platinum Support – 25% of license cost
SupportPremium Support
What is covered by Premium support?
Phone support, 9 am to 6 pm PST Monday – Friday
Support Account Manager
Quarterly Conference call reviews
For details of what is covered by each level of support see the Support page on the OPSWAT website
SupportPlatinum Support
What is covered by Platinum support?
(Everything in Premium support)
24/7 Phone support
Quarterly Meetings with Engineering and Product
Management
Prioritized enhancement requests
For details of what is covered by each level of support see the Support page on the OPSWAT website
Questions?