opswat’s metadefender - storage.googleapis.com · • threat prevention and analysis ......
TRANSCRIPT
• Threat prevention and analysis
• 30+ anti-malware engines
• 90+ data sanitization engines
• Vulnerability Engine
• 1,000+ direct customers
• SDK for endpoint posture
• Security, compliance and removal
• 50+ OEM customers
• 200M+ endpoints
Threat protection and security
OPSWAT Products
• Threat intelligence platform
• Over 1 billion hashes
• 1 patent pending
Known threats• Threats that are detected by at least one antivirus engine’s signatures
• The largest majority of threats are known threats
• The more engines, the more known threats can be detected
Types of threats
Protecting Against Threats
Unknown threats • Threats that are not currently detected by any antivirus engine’s signatures
• Use many engines to reduce exposure from weeks to hours
• Heuristics can detect malware variations and malicious code
• Remove embedded scripts & macros to reduce exposure
Signature and heuristic scanning with
30+ embedded anti-malware engines
Removal of potentially harmfulmacros and scripts with
90+ data sanitization engines
The Vulnerability Engine supports
over a million binaries and 15,000
applications with support for version
checks and reported known
vulnerabilities
and many more….
SIGNATURES & HEURISTICS DATA SANITIZATION VULNERABILITY ENGINE
Metadefender3 Distinct Technologies
Identifying application vulnerabilities
What is the Vulnerability Engine?
Scans many files from any operating system
Over 1M binaries, 15K vulnerabilities
Detect vulnerabilities in installers and offline machines
Detect vulnerabilities before they are targeted by malware
Detection faster than some other 3rd party methods
* Patent Pending
Prevent threats
Scan any OS
Big data
Unique
Very fast
• 250+ top vulnerable applications
• 15,000+ associated CVE with severity information
• 1,000,000+ identified vulnerable hashes
• 30+ times faster than existing solutions on the market
Assesses vulnerabilities on the system or in the data that is being brought to the network
How Does it Work?
How Does it Work?
Comparing Metadefender’sVulnerability Engine to Competitors
Product name OPSWAT Competition
7-Zip v x
ActivePerl v x
Adobe AIR v v
Adobe Flash Player v v
Beyond Compare v x
Cisco AnyConnect VPN Client v v
ESET Endpoint Security v x
FileZilla v x
Google Chrome v v
Internet Explorer v v
Microsoft AutoRuns x v
Microsoft Excel v v
Microsoft Filemon x v
Microsoft Lync v v
Microsoft OneNote v v
Microsoft Outlook v x
Microsoft PowerPoint v v
Microsoft Process Explorer x v
Microsoft Publisher v v
Microsoft Regmon x v
Microsoft Visio v v
Microsoft Word v v
Microsoft XML Core Services (MSXML) x v
Mozilla Firefox v v
Notepad++ v x
Oracle Java JRE v v
Paint.NET v x
PuTTY v v
QQ v x
Secunia PSI v v
Silverlight v v
Skype v x
TeamViewer v x
TortoiseGit v x
TortoiseSVN v x
VLC media player v v
vSphere Client v x
Windows Defender v x
Windows Firewall v x
Windows Media Player v x
Windows Update Agent v v
Windows VPN Client v x
WinPcap v x
WinRAR v v
WinSCP v v
Wireshark v v
Zoom v x
30 times faster in reporting product version gaps, known vulnerabilities and severity level
Significantly better on detection accuracy
More product coverage and focus on real world target applications
Use Cases
Systems can be scanned when they are offline
Hard drives can be removed and scanned by connected systems
Metadefender Client can be booted off of a USB to scan a system before it has been started
Use Cases
Applications can be scanned before they are installed
Metadefender Core’s archive handling extracts application installers and scans all files within
Vulnerabilities can be identified so that vulnerable versions of applications are not installed on systems
Use Cases
Scan software updates on physical media before they are applied in a secure environment
Metadefender’s Vulnerability Engine can be used in conjunction with a Metadefender Kiosk deployment
Application installers and operating system updates are often brought into secure networks on physical media, which can be scanned for vulnerabilities before they are applied
How to Use the Vulnerability Engine
REST API (available both in Metadefender Core and Metadefender.com
• Altering the internal file structure
• Removing embedded objects (scripts, macros, etc.)
• Converting the file format
• 90+ Data Sanitization Engines
• 15+ Supported file types
Why you need data sanitization
Data Sanitization
Did you know?
Macro malware quadrupled
in 2015 - McAfee
Original File Type Supported Conversion Types
doc doc, pdf
xls xls, pdf
ppt ppt, pdf
rtf rtf
docx docx, txt, html, pdf, ps, jpg, bmp, png, tiff, svg
xlsx xlsx, csv, html, tiff, pdf, ps, jpg, bmp, png, svg
pptx pptx, pdf
htm/html pdf, ps, jpg, bmp, png, svg
pdf pdf, bmp, tiff, txt, html, svg, jpg, png
jpg Jpg, bmp, png, tiff, svg, gif, ps, eps, pdf
bmp bmp, jpg, png, tiff, svg, gif, ps, eps, pdf
png png, jpg, bmp, tiff, svg, gif, ps, eps, pdf
tiff tiff, jpg, bmp, png, tiff, svg, gif, ps, eps
svg jpg, bmp, png, tiff, gif, ps, eps
gif jpg, bmp, png, tiff, svg, ps, eps, pdf
Supported File Types
Data Sanitization
How it works
Metadefender Data Sanitization
Assumes all files are bad
Removes embedded scripts and macros
Rebuilds files, retaining usability and formatting
https://www.opswat.com/products/metadefender/core/data-sanitization
www.opswat.com
Live Demo
Up to 31 engines in different packages
Metadefender Core On-Premises
For Windows
For Linux
Windows Custom Engines
• Metadefender can block certain file types due to higher risk (e.g. exe)
• Attackers can rename file extensions and get past filters
• Metadefender uses file type verification to prevent spoofed files
Preventing spoofed files
File Type Verification
Deep archive scanning
Archive Extraction
If not extracted, malware may be missed
Archive is extracted only once, for all engines
Specify maximum recursion and extraction size
Scan individual files of 31 supported archive formats Extract archives
Prevent hidden malware
High performance
Customizable
Compare scanning speeds
Metadefender Scan Speed
With Metadefender optimization, total scanning time of all 7 engines is greatly reduced
Multi-scanning with 7 single AV engines
APIs for Metadefender on-premises and endpoint
• REST APIs
• Robust & easy to use
• Well documented with sample code
• Fast performance
Easy integration with your applications
Metadefender APIs