OPSWAT Metadefender Superior Malware Threat Prevention and Analysis
Agenda What is Metadefender How Metadefender Protects Metadefender Core Features Metadefender Product Family What s New in Metadefender Metadefender Product Roadmap Additional Resources Q & A
OPSWAT Products Threat prevention and analysis 30+ anti-malware engines 90+ data sanitization engines Vulnerability Engine 1,000+ direct customers 1 Patent Granted Threat intelligence platform Over 1 billion hashes 1 Patent Pending SDK for endpoint posture Security, compliance, and removal 50+ OEM customers 200M+ endpoints 1 Patent Granted
Metadefender 3 Distinct Technologies SIGNATURES & HEURISTICS DATA SANITIZATION VULNERABILITY ENGINE Signature and heuristic scanning with 30+ embedded anti-malware engines Removal of potentially harmful macros and scripts with 90+ data sanitization engines The Vulnerability Engine supports over a million binaries and 15,000 applications with support for version checks and reported known vulnerabilities and many more.
OPSWAT Metadefender Superior malware threat prevention and analysis Detects known threats Uses 30+ embedded anti-virus engines Prevents unknown threats Utilizes data sanitization and heuristics Vulnerability Engine Detects application vulnerabilities Fast multi-scanning Includes fastest engine available in the industry Customizable Balances security with productivity
Detecting Known Threats Why multiple anti-malware engines Higher detection rates The more engines, the higher the detection Stop outbreaks faster Only one of the engines needs to detect the outbreak Increase resilience Prevent malware trying to evade individual AV engines Better coverage Geographically diverse engines detect different threats
Multiscanning Engine Metadefender Core packages Core 4 Core 8 Core 12 Cor 16 Core 20 Core 20+ 86.75 92.74 97.45 98.85 99.75 99.87 80% 82% 84% 86% 88% 90% 92% 94% 96% 98% 100% Detection of top 10,000 threats
Metadefender Outbreak Detection Average detection times of 50 outbreaks Metadefender package Metadefender 4 Metadefender 8 Metadefender 12 Metadefender 16 Metadefender 20 Average outbreak detection time 4 days, 1 hour, 58 minutes 3 days, 9 hours, 42 minutes 1 day, 10 hours, 34 minutes 0 days, 17 hours, 11 minutes 0 days, 8 hours, 52 minutes Metadefender 30 0 days, 0 hours, 10 minutes The more engines, the faster the detection times
Metadefender Outbreak Detection Data available for 50 outbreaks Metadefender package Average outbreak detection time
Metadefender Core On Premises Up to 31 engines in different packages For Windows For Linux Windows custom engines
Data Sanitization Why you need data sanitization Macros in files used in spear phishing (e.g. Office, PDF) Not always detected by anti-malware engines Once opened, entire systems can be compromised Prevent infection by removing embedded macros and scripts Did you know? Macro malware quadrupled in 2015 - McAfee
Metadefender Data Sanitization How it works Assumes all files are bad Removes embedded scripts and macros Rebuilds files, retaining usability and formatting
Data Sanitization Before data sanitization, malware is found
Data Sanitization After data sanitization, file is clean
Data Sanitization Example of PDF > PDF sanitization Original File Sanitized File PDF PDF
File Type Verification Preventing spoofed files Metadefender can block certain file types due to higher risk (e.g. exe) Attackers can rename file extensions and get past filters Metadefender uses file type verification to prevent spoofed files
Archive Extraction Deep archive scanning Extract archives Scan files within 31 supported archive formats Improve performance Archive is extracted only once, for all engines Prevent Archive Bombs Specify maximum recursion and extraction size
Vulnerability Engine* Identifying application vulnerabilities Prevent threats Detect vulnerabilities before they are targeted by malware Scan any endpoint Work in both online and offline environments Big data Over 1M binaries, 15K vulnerabilities Unique Detect vulnerabilities in installers and offline machines Very fast Hash lookup faster than other detection methods * Patent Pending
Granular Workflow Profiles Balance security and productivity Apply granular security policies according to source and user Define archive handling (recursion, file size, etc.) Enable/disable file type verification and specify actions Enable/disable heuristics for certain engines Apply data sanitization for selected file types Specify simultaneous scan settings
Metadefender Product Family
Metadefender Core Features Deploy on premises or in private cloud Available on Windows and Linux Up to 30 embedded anti-malware engines Data sanitization and heuristics Vulnerability engine Archive extraction and file type verification Online and offline anti-virus updates Customizable workflow engine Load balancing Central management for multiple servers
Metadefender APIs Easy integration with your applications APIs for Metadefender on premises and endpoint REST APIs Robust and easy to use Well documented with sample code Fast performance Integrating Metadefender with our product RSA ECAT was refreshingly easy. Metadefender's APIs are well-documented and straightforward to implement, making our integration effortless and seamless. Ioana Sundius, Senior Product Manager, RSA
Malware Analysis, Forensics, and Incident Response Metadefender malware analysis Improve coverage, speed, and efficiency of malware analysis Fast analysis Fastest, most comprehensive static file analysis Robust APIs Automate analysis with easy-to-use APIs Analyze offline Deploy on premise with up to 30 engines Private scanning Keep all files and scan results private
Security Application Providers Metadefender integrations for ISV partners Empower your security solution with Metadefender Superior detection Improve threat detection and prevention Fast scan results Fastest multi-scanning engine in the industry Online and offline Online and offline deployment Robust APIs Easy to integrate with security applications
Metadefender Kiosk Secure data workflow for high-security networks Portable media checkpoint for high-security networks Remove embedded threats with data sanitization Prevent vulnerabilities with the Vulnerability Engine Scan files with more than 30+ anti-malware engines Detect threats targeting IOT devices Apply user-based file and media policies Copy allowed files to new portable media Send allowed files with secure file transfer
Metadefender Secure File Transfer Improve efficiency & security Files are sent securely through a one-way data diode Kiosk scans & sanitizes files, processes user policies Files are made available on the secure portal User inserts portable media into kiosk User receives scan receipt EXTERNAL NETWORK INTERNAL NETWORK User retrieves files with ID from scan receipt
Metadefender Email Security Stop spear phishing and targeted attacks Block more (spear phishing) attacks with malicious email attachments Use multi-scanning to increase detection rates Prevent unknown threats with data sanitization Reduce chance that threats go undetected with additional defense layer Supports MS Exchange, SMTP, and hosted e-mail like Office365 and Google Apps
Metadefender ICAP Server Ensure files are threat free Scan all files uploaded or downloaded through proxy server Use multi-scanning to get the highest detection rate Sanitize files to remove any possible embedded threats View scan history and details Integrate with ICAP Supports ARA Networks, F5 BIG-IP, BlueCoat Proxy SG, Squid, and more
Metadefender Endpoint Endpoint scanning and compliancy Prevent infected endpoints connecting to the network Metadefender Client Deep scan of endpoints for malware, no installation on endpoint required Metadefender Endpoint Management Check device security and compliance status and detect infections Centrally manage devices from the cloud
What s New in Metadefender Core Recent releases and developments Built-in Load Balancing Available on Windows and Linux Improved Data Sanitization Vulnerability Engine OESIS Update Engine
What s Coming in Metadefender Core Product roadmap Metadefender Core Remote configuration of multiple Metadefender Core instances More engines on Linux Hybrid (Windows and Linux) deployments Detection of vulnerabilities for additional operating systems and more IoT device firmware Android/Linux/etc based Additional Data Sanitization engines, including additional file types (such as AutoCAD) Metadefender Client Updated user interface with session log export and support for both 32 and 64 bit Windows environments USB Access Control Bringing Metadefender Kiosk functionality to the endpoint Boot sector scanning
What s Coming in the Vulnerability Engine Example IoT Devices Apple Watch Apple TV Android Wear Amazon Echo Dot Logitech Pop: Smart button controller Nest Cam Ray Super Remote: Touchscreen universal AWS IoT Button: Programmable dash button Prodigio: Connected Nespresso machine Samsung Gear VR: Virtual reality headset Amazon Tap: Portable voice controlled speaker Sugr Cube: Smart wifi speaker Samsung Galaxy View: Connected screen August: Smart Keypad Solu: Smallest general-purpose computer Misfit Wearables Google Chromecast Singlecue: Gesture control for connected home Ivee Voice: Voice control for the home
How you can use Metadefender Flexible options End users can integrate Metadefender into their data security policies Technical partners can integrate Metadefender into their products to provide additional functionality
Metadefender Additional resources Webinars: https://www.opswat.com/resources/webinars Product demo videos: https://www.opswat.com/resources/videos/ Scan a file with 40+ anti-malware engines: metadefender.com Download 15-day trial version: https://portal.opswat.com
Tony Berning Senior Product Manager Thank You! O 415.590.7300 F 415.590.7399 E aberning@opswat.com 398 Kansas St. San Francisco, CA 94103 www.opswat.com