OPSWAT Presentation for XXX

Month Date, Year

OPSWAT & ____________

Agenda

Overview of OPSWAT

Multi-scanning with Metascan

Controlling Data Workflow with Metadefender

Questions

OPSWAT at a Glance

Company Established 2002 Private, profitable and growing Head office in San Francisco, California

Products Multi-scanning – Metascan® and Metadefender®

Security Application Manageability – OESIS® & AppRemover Secure Virtual Desktop Isolation Technology GEARS – Network Manageability

Customers Governments, CERTs, Finance, Utilities, [esp. Nuclear],

Military OEM s – SSL VPN, NAC Management services, Support Tools

SSL VPN and NAC

Customer Verticals

Network Compliance and

Vulnerability Assessment

Support Tools Government

Higher Ed and Corporations

Managed Services

MetascanScan Files with Multiple Antivirus

Engines

Why Multi-scanning?Too much malware, insufficient

detection

Over 220,000 new malware variants appear every day

http://www.av-test.org/en/statistics/malware/

“Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.”

http://www.csmonitor.com/Commentary/Opinion/2012/0808/Help-wanted-Geek-squads-for-US-cybersecurity

The rapid growth in the amount of malware continues to accelerate

No AV vendor can keep up with the number of new malware variants

The Reality MetascanMultiple engine malware scanning technologyInsufficient detection by any one AV product

Measuring Antivirus Capabilities

Much variation between different anti-malware engines

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 1991.00%

92.00%

93.00%

94.00%

95.00%

96.00%

97.00%

98.00%

99.00%

100.00%

0

5

10

15

20

25

30

35

40

Detection RateFalse Positives

Detection Rate vs. False Positives for 19 Engines

Source: AV ComparativesSeptember 2012

This graph shows the time between malware outbreak and AV detection by six AV engines for 75 outbreaks.

No Vendor detects every outbreak.

Only by combining six engines in a multiscanning solution are outbreaks detected quickly.

By adding additional engines, zero hour detection rates increase further.

Zero hour detection

5 min to 5 days

No detection at 5 days

Illustrating The Decreased Outbreak Detection Time

Geographic Distribution of Antivirus Engines

Performance by the numbers

The scan time is much shorter than the sum of the individual scans

1 engine

3 engines

8 engines

PDF EXE JPG OTHER

Presumed Scan Time

What is Metascan?

Multi-scanning engine

A server application with a local and network programming interface that allows customers to incorporate multiple anti-malware engine scanning technologies into their security architecture

Supports 0 to 30 anti-malware engines [and growing!]

Simultaneously scans files with all engines

Scan directories, files, archives, buffers, and boot sector

Automatic online definition updates or manual offline

updates

ICAP functionality

Metascan vs Traditional Antivirus Engines

Metascan integrates multiple engines that are optimized to work together on the same system

Metascan does not provide Real Time Protection (RTP) like many traditional antivirus engines, all scanning is done on demand

What is Metascan?

Multi-scanning engine

Flexible and scalable API driven solution Many programming Interfaces –

C++ Java PHPC#/ASP.NETRESTful (Web API)/HTTPCLI[command line interface]ICAP

Analyzes files locally on a single server or remotely from Windows or Linux systems

Metascan

Who uses Metascan?

Analysts who research threats in binaries CERTs (Computer Emergency Response/Readiness Teams) Government agencies Federal and State Law enforcement agencies Computer forensic analysts

IT security managers who seek to control data flow Files from public facing sharing/upload sites Data moving across internal security domains Detect infected attachments

Independent software vendors seeking to identify threats in their binaries False positives Accidental infections

Metascan Features

Manual (Offline) Updates – ZIP file Download the package (.zip) from an Internet connected

system Transfer the file to a system in the offline network and use the

Metascan Management Console or the Metascan Management Station to “push” to multiple servers

Engine Definition updates

Metascan

Standard packages

In addition to our standard offerings, the engines listed below may be added to create custom packages

MetadefenderSecuring Data Flows into/out of

Organizations

Why Metadefender?Peripheral media cannot be trusted

Why Metadefender?Peripheral media is an easy attack vector

Surveys show that 10% to 25% of malware is spread via USB (Sources: ESET & Panda)

Autorun viruses are easy to create

Instructions to create a virus are easily found online

The US Department of Defense banned peripherals entirely in 2008 after an outbreak of the SillyFDC worm which was spread by removable media

Why Metadefender?Metadefender use cases

USBs are the most effective way to deliver malware into a company

USBs bypass network security and deliver malware directly to the endpoint

Contractors and visiting vendors accidentally bring in malware on USB

Software updates and upgrades brought into secure networks on DVDs have contained malware

Banks and other financial institutions are attacked with USBs dropped in parking lots that employees pick up and insert in their work computers. (human curiosity?)

Advanced attacks mail infected USBs to employees as gifts

What is Metadefender?

Metadefender allows customers to define data security policies for their users to prevent the introduction of malware to a corporate network through portable media

Define multiple policies for different users or groups of

users

Process files to determine if they are a threat

Take the appropriate actions on both allowed and blocked

files

Optionally include Multi-scanning by Metascan

Metadefender

Features

Multi-Step Process to Secure Network User Authentication File Type Filtering Scanning with Metascan Scan look up by SHA256 hash value File Type Conversions

Including embedded object removal Enhanced Post-Processing Metadefender System Restore after each session to

ensure system integrity

Metadefender and Metascan

The Metascan multi-scanning server can be integrated as part of the Metadefender security workflow

Metascan can be installed on the same system as

Metadefender or can be on its own dedicated system

Multiple Metadefender systems can use a single

Metascan for multi-scanning

MetadefenderWho uses Metadefender?

Highly Secure facilities that host outside visitors/contractors Government Agencies Power Plants / Nuclear Facilities

IT security managers who seek to control physical media Banks Investment companies

Any company concerned about physical media-based malware infections

How Metadefender is commonly usedData workflow controls

Create a process ( workflow ) to control data coming into and out of your organization.

Example: Scan the contents of peripherals using multiple AV

engines

Require visitors to put all content onto a provided USB – then scan the content for malware with multiple AV engines

Convert selected data types

Convert files to jpeg or png to eliminate threats in original file

Block selected file types

Block all executables and other commonly infected files [e.g., PDF]

Metadefender

Metadefender is delivered in two formats:

Software to deploy on any system that meets Metadefender’s requirements

Kiosk with Metadefender pre-installed and configured

Delivery

Metadefender Deployment OptionsChoosing the best for your security

needs

Product Deployment Options

Standalone Systems with no Network connectivity

In this deployment option, Metadefender kiosks have both the Metascan server and the Metadefender client installed and have no network connection. Virus definition updates are downloaded from a system connected to the Internet and copied to physical media to be transferred to each Metadefender kiosk.

ProsNo network connection requiredConsUpdating virus definitions requires physically bringing media (USB drive/DVD/CD) to each kiosk and applying the update on each one

Product Deployment Options

Standalone Systems with Metascan Management Station

In this deployment option, a Metascan Management Station is installed on a dedicated system that has network connection to each Metadefender kiosk. The Metadefender kiosks have both the Metascan server and the Metadefender client installed and have network connection to Metascan Management Station only. Virus definition updates are downloaded on the system with the Metascan Management Station installed, and updates are applied to the Metadefender kiosks via the Metascan Management Station.

ProsEasier to deploy than standalone systems with no network connectivityConsRequires network connectivity between each kiosk and the Metascan Management StationDefinition updates need to be transferred over the networkRequires an additional system for the Metascan Management Station

Product Deployment Options

Distributed Systems (Metascan Server Offline)

In a distributed system, Metadefender kiosks have only the Metadefender client installed. The Metascan server is installed on a dedicated system. In this deployment option, the Metascan server does not have access to the Internet, and Metadefender kiosks have network connection to the Metascan server only. Virus definition updates are downloaded on a system with connection to the Internet and manually transferred and applied to the Metascan server.

ProsOnly requires deploying virus definition updates to a single Metascan serverThe Metascan server can be higher powered to allow for higher scan throughputConsRequires network connectivity between each kiosk and the Metascan serverAll files being scanned will be transferred over the network

Product Deployment Options

Distributed Systems (Metascan Server Online)

In a distributed system, Metadefender kiosks have only the Metadefender client installed. The Metascan server is installed on a dedicated system. In this deployment option, the Metascan server has access to the Internet, and Metadefender kiosks have network connection to the Metascan server only. Because of Internet connectivity, virus definitions automatically update on the Metascan server.

ProsVirus definition updates are applied automatically to the Metascan serverThe Metascan server can be higher powered to allow for higher scan throughputConsRequires network connectivity between each kiosk and the Metascan serverAll files being scanned will be transferred over the networkRequires Internet connection for the Metascan server

Support

OPSWAT provides three levels of support

Basic Support - Free

Premium Support – 18% of license cost

Platinum Support – 25% of license cost

SupportPremium Support

What is covered by Premium support?

Phone support, 9 am to 6 pm PST Monday – Friday

Support Account Manager

Quarterly Conference call reviews

For details of what is covered by each level of support see the Support page on the OPSWAT website

SupportPlatinum Support

What is covered by Platinum support?

(Everything in Premium support)

24/7 Phone support

Quarterly Meetings with Engineering and Product

Management

Prioritized enhancement requests

For details of what is covered by each level of support see the Support page on the OPSWAT website

Questions?