SlideShare uma empresa Scribd logo

Metascan Multi-scanning Technology

Transferir como PPTX, PDF
OPSWAT
OPSWAT

The evolving threat landscape, why multi-scanning is needed, and OPSWAT's Metascan technology

Tecnologia
1 de 19
Metascan® Multi-scanning Technology Tony Berning March 2013 Product Manager aberning@opswat.com
Agenda Introduction to Multi-scanning  The evolving threat landscape  Why multi-scanning?  Metascan  Additional Uses of Metascan  Getting started with Metascan
The Evolving Threat Landscape From hacking for fun to cracking for profit
The Evolving Threat Landscape Cyber warfare … Virus/Worm Era Spyware and Adware E-Crime … 1998 2002 2006 2010 2012 Motivation Opportunity Methods  15 minutes of fame  Improved connectivity  Quiet Attacks  Borderline legal  Increase in users, web  Primary vectors ways of making traffic & searches. web & mobile money  More time on  Phishing attacks  Make money fast Facebook, Twitter and  Attacks focused by exploiting YouTube on specific sites  Stuxnet , DuQu  Easier to find personal  Targeted Attacks and Flame details -> used to infiltrate organizations  Cyber warfare
The problem: Too much malware, insufficient detection
The Problem Insufficient Detection by any one Anti-Malware Product Over 130,000 new malicious The rapid growth in the amount of malware continues to programs appear accelerate every day No AV vendor can keep up with the number of new malware variants “Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.” http://www.csmonitor.com/Commentary/Opini on/2012/0808/Help-wanted-Geek-squads-for- US-cybersecurity
The Solution Multiple Anti-Malware Engines
Why Use Multiple Anti-Malware Engines?  Increase malware zero hour detection rates  Decrease malware detection time after an outbreak  Increase resiliency to anti-malware engines’ vulnerabilities
The Solution Every engine misses something No anti-malware product is perfect but together they have a greater rate of detection due to their unique features 100% Engine 1 Detection Rate: Engine 2 Detection Rate:
Improve Detection Using Multiple Anti-Malware Engines This graph shows the time between malware outbreak and detection by six anti-malware engines for 75 outbreaks over three months. No vendor detects every outbreak. Only by combining six engines in a multi- scanning solution are outbreaks detected quickly. By adding additional engines, zero hour detection rates increase further. Zero hour * Source: av-test.org detection 5 min to 5 days No detection at 5 days
Multiple Engines Increase Resiliency to Anti-Malware Engine Vulnerabilities Anti-malware product vulnerabilities from the National Vulnerability Database 70 60 Number of Vulnerabilities in Antivirus products [CVEs] 50 40 30 20 10 0 2005 2006 2007 2008 2009 2010 2011 2012 Year
Metascan Multi-scanning solution
What is Metascan? Multi-scanning engine A server application with a local and network programming interface that allows customers to incorporate multiple anti- malware engine scanning technologies into their security architecture  Supports 0 to 30 anti-malware engines [and growing!]  Simultaneously scans files with all engines  Scan directories, files, archives, buffers, and boot sector  Automatic online definition updates or manual offline updates
What is Metascan? Multi-scanning engine  Flexible and scalable API driven solution  Many programming Interfaces – C++ Java PHP C#/ASP.NET RESTful (Web API)/HTTP CLI[command line interface]  Analyzes files locally on a single server or remotely accesses files from Windows, Macintosh, or Linux systems
Metascan Who uses Metascan?  Analysts who research threats in binaries  CERTs (Computer Emergency Response/Readiness Teams)  Government agencies  Federal and State Law enforcement agencies  Computer forensic analysts  IT security managers who seek to control data flow  Files from public facing sharing/upload sites  Data moving across internal security domains  Detect infected attachments  Independent software vendors seeking to identify threats in their binaries  False positives  Accidental infections
Metascan Standard packages Metascan is available in preconfigured packages that include 0-16 embedded engines  Best performance from fully embedded engines  Easy to use – engines update automatically or as a single offline package
Metascan Custom packages Create your own custom packages  Add engines to any standard package –  For example; create Metascan 20 by adding McAfee, Symantec, Kaspersky and Sophos to the Metascan 16 standard package  Pick and choose from our custom engine list to create your own custom package (currently up to 30 engines)
Additional Uses of Metascan Metascan Online (www.metascan-online.com) • Online implementation of Metascan with 40+ engines • Upload and Scan files • Lookup by file hash • Web Interface and REST API Metadefender • Metascan client that examines the content on physical media such as USB flash drives, CDs and DVDs. • Available as standalone software or as a physical kiosk
Getting Started with Metascan  For more information on Metascan and Metadefender go to: http://www.opswat.com/metascan  For a free 30 day trial of Metascan and Metadefender go to: http://portal.opswat.com  If you would like more information about purchasing Metascan or Metadefender please contact OPSWAT Sales at: sales@opswat.com  If you have feedback or questions about Metascan or Metadefender contact OPSWAT Product Management at: pm@opswat.com

Recomendados

Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown ThreatsOPSWAT
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation SummitOPSWAT
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanningOPSWAT
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 

Recomendados

Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown ThreatsOPSWAT
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation SummitOPSWAT
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanningOPSWAT
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-riskКомсс Файквэе
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
 
Antivirus
AntivirusAntivirus
AntivirusPankaj Kumawat
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...Alexander Leonov
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesUltraUploader
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...Lumension
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overviewMarusya Maruzhenko
 

Mais conteúdo relacionado

Mais procurados

IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...Alexander Leonov
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesUltraUploader
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...Lumension
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 

Mais procurados (20)

IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cns
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
 
Antivirus
AntivirusAntivirus
Antivirus
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Manage...
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer viruses
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirus
 

Semelhante a Metascan Multi-scanning Technology

Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 
Online Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelOnline Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelEoin Keary
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Aditya K Sood
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And RiskChandrashekhar B
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Ingram Micro Cloud
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown StoryImperva
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 

Semelhante a Metascan Multi-scanning Technology (20)

Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited Ressources
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
 
Malware
MalwareMalware
Malware
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
 
Online Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat ModelOnline Gaming Cyber security and Threat Model
Online Gaming Cyber security and Threat Model
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown Story
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 

Mais de OPSWAT

How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsOPSWAT
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine ConfirgurationsOPSWAT
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftOPSWAT
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data BreachesOPSWAT
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxOPSWAT
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data WorkflowOPSWAT
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees OPSWAT
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS FrameworkOPSWAT
 

Mais de OPSWAT (11)

How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted Applications
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data Breaches
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for Linux
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data Workflow
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS Framework
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Metascan Multi-scanning Technology

  • 1. Metascan® Multi-scanning Technology Tony Berning March 2013 Product Manager aberning@opswat.com
  • 2. Agenda Introduction to Multi-scanning  The evolving threat landscape  Why multi-scanning?  Metascan  Additional Uses of Metascan  Getting started with Metascan
  • 3. The Evolving Threat Landscape From hacking for fun to cracking for profit
  • 4. The Evolving Threat Landscape Cyber warfare … Virus/Worm Era Spyware and Adware E-Crime … 1998 2002 2006 2010 2012 Motivation Opportunity Methods  15 minutes of fame  Improved connectivity  Quiet Attacks  Borderline legal  Increase in users, web  Primary vectors ways of making traffic & searches. web & mobile money  More time on  Phishing attacks  Make money fast Facebook, Twitter and  Attacks focused by exploiting YouTube on specific sites  Stuxnet , DuQu  Easier to find personal  Targeted Attacks and Flame details -> used to infiltrate organizations  Cyber warfare
  • 5. The problem: Too much malware, insufficient detection
  • 6. The Problem Insufficient Detection by any one Anti-Malware Product Over 130,000 new malicious The rapid growth in the amount of malware continues to programs appear accelerate every day No AV vendor can keep up with the number of new malware variants “Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.” http://www.csmonitor.com/Commentary/Opini on/2012/0808/Help-wanted-Geek-squads-for- US-cybersecurity
  • 8. Why Use Multiple Anti-Malware Engines?  Increase malware zero hour detection rates  Decrease malware detection time after an outbreak  Increase resiliency to anti-malware engines’ vulnerabilities
  • 9. The Solution Every engine misses something No anti-malware product is perfect but together they have a greater rate of detection due to their unique features 100% Engine 1 Detection Rate: Engine 2 Detection Rate:
  • 10. Improve Detection Using Multiple Anti-Malware Engines This graph shows the time between malware outbreak and detection by six anti-malware engines for 75 outbreaks over three months. No vendor detects every outbreak. Only by combining six engines in a multi- scanning solution are outbreaks detected quickly. By adding additional engines, zero hour detection rates increase further. Zero hour * Source: av-test.org detection 5 min to 5 days No detection at 5 days
  • 11. Multiple Engines Increase Resiliency to Anti-Malware Engine Vulnerabilities Anti-malware product vulnerabilities from the National Vulnerability Database 70 60 Number of Vulnerabilities in Antivirus products [CVEs] 50 40 30 20 10 0 2005 2006 2007 2008 2009 2010 2011 2012 Year
  • 13. What is Metascan? Multi-scanning engine A server application with a local and network programming interface that allows customers to incorporate multiple anti- malware engine scanning technologies into their security architecture  Supports 0 to 30 anti-malware engines [and growing!]  Simultaneously scans files with all engines  Scan directories, files, archives, buffers, and boot sector  Automatic online definition updates or manual offline updates
  • 14. What is Metascan? Multi-scanning engine  Flexible and scalable API driven solution  Many programming Interfaces – C++ Java PHP C#/ASP.NET RESTful (Web API)/HTTP CLI[command line interface]  Analyzes files locally on a single server or remotely accesses files from Windows, Macintosh, or Linux systems
  • 15. Metascan Who uses Metascan?  Analysts who research threats in binaries  CERTs (Computer Emergency Response/Readiness Teams)  Government agencies  Federal and State Law enforcement agencies  Computer forensic analysts  IT security managers who seek to control data flow  Files from public facing sharing/upload sites  Data moving across internal security domains  Detect infected attachments  Independent software vendors seeking to identify threats in their binaries  False positives  Accidental infections
  • 16. Metascan Standard packages Metascan is available in preconfigured packages that include 0-16 embedded engines  Best performance from fully embedded engines  Easy to use – engines update automatically or as a single offline package
  • 17. Metascan Custom packages Create your own custom packages  Add engines to any standard package –  For example; create Metascan 20 by adding McAfee, Symantec, Kaspersky and Sophos to the Metascan 16 standard package  Pick and choose from our custom engine list to create your own custom package (currently up to 30 engines)
  • 18. Additional Uses of Metascan Metascan Online (www.metascan-online.com) • Online implementation of Metascan with 40+ engines • Upload and Scan files • Lookup by file hash • Web Interface and REST API Metadefender • Metascan client that examines the content on physical media such as USB flash drives, CDs and DVDs. • Available as standalone software or as a physical kiosk
  • 19. Getting Started with Metascan  For more information on Metascan and Metadefender go to: http://www.opswat.com/metascan  For a free 30 day trial of Metascan and Metadefender go to: http://portal.opswat.com  If you would like more information about purchasing Metascan or Metadefender please contact OPSWAT Sales at: sales@opswat.com  If you have feedback or questions about Metascan or Metadefender contact OPSWAT Product Management at: pm@opswat.com

Notas do Editor

  1. 1 min
  2. <why multiscanning>Growth of MalwareMore engines are better than 1OutbreaksVulnerabilities in engines <technology overview of Metascan>What is Metascanwhy use MetascanCurrent feature set <different implementations of Metascan>Out of box solution: MDTADemo of metascanonline.com (local box with wireless access point)Endpoint client (MD4SA)Demo of MD4SA <Managing Metascan>Introduction to the management station
  3. AV-Test.org registers over 55,000 new malicious programs every day.
  4. Green is zero hour detectionYellow is 2 min to 5 daysRed is more than 5 days
  5. Taken from the National Vulnerability DatabaseNumber of CVS found with a search of ‘antivirus’ – results were from various AV products
  6. What is Metascan online? It is just slightly customized version of Metascan. Of course, it is not all of Metascan and lets dig into further to know more about MetascanOnMetascan is multiscanning solution with different layers and various API which overcome the challenge of using multiple antivirous. Flexible integration options from low level integration to out-of-box solution such as slightly modified version of Metascan.