Transcript Document

OPSWAT Presentation
for XXX
Month Date, Year
OPSWAT & ____________
Agenda
 Overview of OPSWAT
 Multi-scanning with Metascan
 Controlling Data Workflow with Metadefender
 Questions
OPSWAT at a Glance
Company
 Established 2002
 Private, profitable and growing
 Head office in San Francisco, California
Products
 Multi-scanning – Metascan® and Metadefender®
 Security Application Manageability – OESIS® & AppRemover
 Secure Virtual Desktop Isolation Technology
 GEARS – Network Manageability
Customers
 Governments, CERTs, Finance, Utilities, [esp. Nuclear], Military
 OEM s – SSL VPN, NAC Management services, Support Tools
Customer Verticals
Network
Compliance and
Vulnerability
Assessment
Support
Tools
SSL VPN and NAC
Government
Managed
Services
Higher Ed and
Corporations
Metascan
Scan Files with Multiple
Antivirus Engines
Why Multi-scanning?
Too much malware, insufficient
detection
The Reality
Insufficient detection by any one AV product
Metascan
Multiple engine malware scanning technology
Over 220,000 new malware
variants appear every day
The rapid growth in the amount of malware
continues to accelerate
No AV vendor can keep up with the number of new
malware variants
http://www.av-test.org/en/statistics/malware/
“Cyber attacks on
America’s critical
infrastructure
increased 17-fold
between 2009 and
2011.”
http://www.csmonitor.com/Commentary/Opini
on/2012/0808/Help-wanted-Geek-squads-forUS-cybersecurity
Measuring Antivirus Capabilities
Much variation between different anti-malware engines
Detection Rate vs. False Positives for 19 Engines
100.00%
40
99.00%
35
98.00%
30
97.00%
25
96.00%
20
Detection Rate
False Positives
95.00%
15
94.00%
10
93.00%
5
92.00%
91.00%
0
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16 17 18 19
Source: AV Comparatives
September 2012
Illustrating The Decreased Outbreak
Detection Time
This graph shows the time
between malware outbreak and
AV detection by six AV engines
for 75 outbreaks.
No Vendor detects every
outbreak.
Only by combining six engines
in a multiscanning solution
are outbreaks detected
quickly.
By adding additional engines,
Zero hour detection
zero
hour detection rates
5 min to 5 days
increase
further.
No detection at 5 days
Geographic Distribution of Antivirus Engines
Performance by the numbers
The scan time is much shorter than
the sum of the individual scans
Presumed Scan Time
1 engine
3 engines
8 engines
PDF
EXE
JPG
OTHER
What is Metascan?
Multi-scanning engine
A server application with a local and
network programming interface that allows
customers to incorporate multiple antimalware engine scanning technologies into
their security architecture
 Supports 0
to 30 anti-malware engines [and
growing!]
 Simultaneously scans files with all engines
 Scan directories, files, archives, buffers, and
boot sector
 Automatic online definition updates or manual
offline updates
Metascan vs Traditional Antivirus Engines
 Metascan integrates multiple engines that are optimized to work together on the same
system
 Metascan does not provide Real Time Protection (RTP) like many traditional antivirus
engines, all scanning is done on demand
Metascan
Who uses Metascan?
 Analysts




who research threats
in binaries
CERTs (Computer Emergency Response/Readiness Teams)
Government agencies
Federal and State Law enforcement agencies
Computer forensic analysts
 IT security managers who seek to control data flow
 Files from public facing sharing/upload sites
 Data moving across internal security domains
 Detect infected attachments
 Independent software vendors seeking to identify
threats in their binaries
 False positives
 Accidental infections
Metascan Online API
Programmatic File Scanning with
40+ Engines
Metascan Online Overview
www.metascan-online.com
 Online Implementation of Metascan with 40+
engines
 Upload and Scan files
 Look up scan results by file hash (MD5,
SHA1, SHA256)
 Web Interface and REST API Available
Metascan Online Overview
www.metascan-online.com
Metascan Online API
How does it work?
 Metascan Online Public API allows for the
following functionality
 File scanning
 Hash lookups
 Scan Result Lookup
 Utilizes same Metascan engines and same
database as web front end
Licensing for Metascan Online API
 All OPSWAT Portal users can activate their Metascan Online API key for free through the OPSWAT Portal
Licensing for Metascan Online API
 Free Metascan Online API keys allow up to 25 file scans and 1000 file hash lookups per hour
 Scan and hash lookup limits can be raised by purchasing premium Metascan Online API access
 Private file scanning (no sharing of files) is also available by purchasing premium Metascan Online API
access
 Premium access to the Metascan Online API can be purchased through OPSWAT Sales ([email protected])
Support
 OPSWAT provides three levels of support
 Basic Support - Free
 Premium Support – 18% of license cost
 Platinum Support – 25% of license cost
Support
Premium Support
 What is covered by Premium support?
 Phone support, 9 am to 6 pm PST Monday – Friday
 Support Account Manager
 Quarterly Conference call
reviews
 For details of what is covered by each
level of support see the Support page on
the OPSWAT website
Support
Platinum Support
 What is covered by Platinum support?
 (Everything in Premium support)
 24/7 Phone support
 Quarterly Meetings with Engineering and Product
Management
 Prioritized enhancement requests
 For details of what is covered by each
level of support see the Support page on
the OPSWAT website
Questions?