OPSWAT MetadefenderSuperior Malware Threat Prevention and Analysis

• Threat prevention and analysis

• 30+ anti-malware engines

• 90+ data sanitization engines

• Vulnerability Engine

• 1,000+ direct customers

• SDK for endpoint posture

• Security, compliance and removal

• 50+ OEM customers

• 200M+ endpoints

Threat protection and security

OPSWAT Products

• Threat intelligence platform

• Over 1 billion hashes

• 1 patent pending

Metadefender Product Family

Known threats• Threats that are detected by at least one antivirus engine’s signatures

• The largest majority of threats are known threats

• The more engines, the more known threats can be detected

Types of threats

Protecting Against Threats

Unknown threats • Threats that are not currently detected by any antivirus engine’s signatures

• Use many engines to reduce exposure from weeks to hours

• Heuristics can detect malware variations and malicious code

• Remove embedded scripts & macros to reduce exposure

Signature and heuristic scanning with

30+ embedded anti-malware engines

Removal of potentially harmfulmacros and scripts with

90+ data sanitization engines

The Vulnerability Engine supports

over a million binaries and 15,000

applications with support for version

checks and reported known

vulnerabilities

and many more….

SIGNATURES & HEURISTICS DATA SANITIZATION VULNERABILITY ENGINE

Metadefender3 Distinct Technologies

The Workflow Engine

The Workflow Engine

Identifying application vulnerabilities

What is the Vulnerability Engine?

Scans many files from any operating system

Over 1M binaries, 15K vulnerabilities

Detect vulnerabilities in installers and offline machines

Detect vulnerabilities before they are targeted by malware

Detection faster than some other 3rd party methods

* Patent Pending

Prevent threats

Scan any OS

Big data

Unique

Very fast

• 250+ top vulnerable applications

• 15,000+ associated CVE with severity information

• 1,000,000+ identified vulnerable hashes

• 30+ times faster than existing solutions on the market

Assesses vulnerabilities on the system or in the data that is being brought to the network

How Does it Work?

How Does it Work?

Comparing Metadefender’sVulnerability Engine to Competitors

Product name OPSWAT Competition

7-Zip v x

ActivePerl v x

Adobe AIR v v

Adobe Flash Player v v

Beyond Compare v x

Cisco AnyConnect VPN Client v v

ESET Endpoint Security v x

FileZilla v x

Google Chrome v v

Internet Explorer v v

Microsoft AutoRuns x v

Microsoft Excel v v

Microsoft Filemon x v

Microsoft Lync v v

Microsoft OneNote v v

Microsoft Outlook v x

Microsoft PowerPoint v v

Microsoft Process Explorer x v

Microsoft Publisher v v

Microsoft Regmon x v

Microsoft Visio v v

Microsoft Word v v

Microsoft XML Core Services (MSXML) x v

Mozilla Firefox v v

Notepad++ v x

Oracle Java JRE v v

Paint.NET v x

PuTTY v v

QQ v x

Secunia PSI v v

Silverlight v v

Skype v x

TeamViewer v x

TortoiseGit v x

TortoiseSVN v x

VLC media player v v

vSphere Client v x

Windows Defender v x

Windows Firewall v x

Windows Media Player v x

Windows Update Agent v v

Windows VPN Client v x

WinPcap v x

WinRAR v v

WinSCP v v

Wireshark v v

Zoom v x

30 times faster in reporting product version gaps, known vulnerabilities and severity level

Significantly better on detection accuracy

More product coverage and focus on real world target applications

https://www.opswat.com/products/metadefender/core/vulnerability-engine

Over 1,000,000 hashes!

Use Cases

Systems can be scanned when they are offline

Hard drives can be removed and scanned by connected systems

Metadefender Client can be booted off of a USB to scan a system before it has been started

Use Cases

Applications can be scanned before they are installed

Metadefender Core’s archive handling extracts application installers and scans all files within

Vulnerabilities can be identified so that vulnerable versions of applications are not installed on systems

Use Cases

Scan software updates on physical media before they are applied in a secure environment

Metadefender’s Vulnerability Engine can be used in conjunction with a Metadefender Kiosk deployment

Application installers and operating system updates are often brought into secure networks on physical media, which can be scanned for vulnerabilities before they are applied

How to Use the Vulnerability Engine

Licensed as additional engine in Metadefender Core

How to Use the Vulnerability Engine

Scan result within Metadefender Core

How to Use the Vulnerability Engine

Scan result on Metadefender.com

How to Use the Vulnerability Engine

REST API (available both in Metadefender Core and Metadefender.com

Real Life Example

Vulnerability in Firefox, one of the most common web browser applications

• Altering the internal file structure

• Removing embedded objects (scripts, macros, etc.)

• Converting the file format

• 90+ Data Sanitization Engines

• 15+ Supported file types

Why you need data sanitization

Data Sanitization

Did you know?

Macro malware quadrupled

in 2015 - McAfee

Original File Type Supported Conversion Types

doc doc, pdf

xls xls, pdf

ppt ppt, pdf

rtf rtf

docx docx, txt, html, pdf, ps, jpg, bmp, png, tiff, svg

xlsx xlsx, csv, html, tiff, pdf, ps, jpg, bmp, png, svg

pptx pptx, pdf

htm/html pdf, ps, jpg, bmp, png, svg

pdf pdf, bmp, tiff, txt, html, svg, jpg, png

jpg Jpg, bmp, png, tiff, svg, gif, ps, eps, pdf

bmp bmp, jpg, png, tiff, svg, gif, ps, eps, pdf

png png, jpg, bmp, tiff, svg, gif, ps, eps, pdf

tiff tiff, jpg, bmp, png, tiff, svg, gif, ps, eps

svg jpg, bmp, png, tiff, gif, ps, eps

gif jpg, bmp, png, tiff, svg, ps, eps, pdf

Supported File Types

Data Sanitization

How it works

Metadefender Data Sanitization

Assumes all files are bad

Removes embedded scripts and macros

Rebuilds files, retaining usability and formatting

https://www.opswat.com/products/metadefender/core/data-sanitization

www.opswat.com

Live Demo

A sample of:

JS/IFrame

Trojan:JS/BlacoRef

...

Example of document with malware

Data Sanitization

Before data sanitization, malware is found

Data Sanitization

After data sanitization, file is clean

Data Sanitization

Example of PDF > PDF sanitization

Data Sanitization

Original File Sanitized File

PDF PDF

Example of DOC > DOCX sanitization

Data Sanitization

Original File Sanitized File

DOC DOCX

Up to 31 engines in different packages

Metadefender Core On-Premises

For Windows

For Linux

Windows Custom Engines

• Metadefender can block certain file types due to higher risk (e.g. exe)

• Attackers can rename file extensions and get past filters

• Metadefender uses file type verification to prevent spoofed files

Preventing spoofed files

File Type Verification

Deep archive scanning

Archive Extraction

If not extracted, malware may be missed

Archive is extracted only once, for all engines

Specify maximum recursion and extraction size

Scan individual files of 31 supported archive formats Extract archives

Prevent hidden malware

High performance

Customizable

Archive Extraction

Compare scanning speeds

Metadefender Scan Speed

With Metadefender optimization, total scanning time of all 7 engines is greatly reduced

Multi-scanning with 7 single AV engines

What is our conclusion:

1 + 1 < 2

Metadefender Scan Speed

https://onlinehelp.opswat.com

Online Documentation

APIs for Metadefender on-premises and endpoint

• REST APIs

• Robust & easy to use

• Well documented with sample code

• Fast performance

Easy integration with your applications

Metadefender APIs

Thank You!