Transcript Document
OPSWAT Presentation
for XXX
Month Date, Year
OPSWAT & ____________
Agenda
Overview of OPSWAT
Multi-scanning with Metascan
Controlling Data Workflow with Metadefender
Questions
OPSWAT at a Glance
Company
Established 2002
Private, profitable and growing
Head office in San Francisco, California
Products
Multi-scanning – Metascan® and Metadefender®
Security Application Manageability – OESIS® & AppRemover
Secure Virtual Desktop Isolation Technology
GEARS – Network Manageability
Customers
Governments, CERTs, Finance, Utilities, [esp. Nuclear], Military
OEM s – SSL VPN, NAC Management services, Support Tools
Customer Verticals
Network
Compliance and
Vulnerability
Assessment
Support
Tools
SSL VPN and NAC
Government
Managed
Services
Higher Ed and
Corporations
Metascan
Scan Files with Multiple
Antivirus Engines
Why Multi-scanning?
Too much malware, insufficient
detection
The Reality
Insufficient detection by any one AV product
Metascan
Multiple engine malware scanning technology
Over 220,000 new malware
variants appear every day
The rapid growth in the amount of malware
continues to accelerate
No AV vendor can keep up with the number of new
malware variants
http://www.av-test.org/en/statistics/malware/
“Cyber attacks on
America’s critical
infrastructure
increased 17-fold
between 2009 and
2011.”
http://www.csmonitor.com/Commentary/Opini
on/2012/0808/Help-wanted-Geek-squads-forUS-cybersecurity
Measuring Antivirus Capabilities
Much variation between different anti-malware engines
Detection Rate vs. False Positives for 19 Engines
100.00%
40
99.00%
35
98.00%
30
97.00%
25
96.00%
20
Detection Rate
False Positives
95.00%
15
94.00%
10
93.00%
5
92.00%
91.00%
0
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16 17 18 19
Source: AV Comparatives
September 2012
Illustrating The Decreased Outbreak
Detection Time
This graph shows the time
between malware outbreak and
AV detection by six AV engines
for 75 outbreaks.
No Vendor detects every
outbreak.
Only by combining six engines
in a multiscanning solution
are outbreaks detected
quickly.
By adding additional engines,
Zero hour detection
zero
hour detection rates
5 min to 5 days
increase
further.
No detection at 5 days
Geographic Distribution of Antivirus Engines
Performance by the numbers
The scan time is much shorter than
the sum of the individual scans
Presumed Scan Time
1 engine
3 engines
8 engines
PDF
EXE
JPG
OTHER
What is Metascan?
Multi-scanning engine
A server application with a local and
network programming interface that allows
customers to incorporate multiple antimalware engine scanning technologies into
their security architecture
Supports 0
to 30 anti-malware engines [and
growing!]
Simultaneously scans files with all engines
Scan directories, files, archives, buffers, and
boot sector
Automatic online definition updates or manual
offline updates
Metascan vs Traditional Antivirus Engines
Metascan integrates multiple engines that are optimized to work together on the same
system
Metascan does not provide Real Time Protection (RTP) like many traditional antivirus
engines, all scanning is done on demand
Metascan
Who uses Metascan?
Analysts
who research threats
in binaries
CERTs (Computer Emergency Response/Readiness Teams)
Government agencies
Federal and State Law enforcement agencies
Computer forensic analysts
IT security managers who seek to control data flow
Files from public facing sharing/upload sites
Data moving across internal security domains
Detect infected attachments
Independent software vendors seeking to identify
threats in their binaries
False positives
Accidental infections
Metascan Online API
Programmatic File Scanning with
40+ Engines
Metascan Online Overview
www.metascan-online.com
Online Implementation of Metascan with 40+
engines
Upload and Scan files
Look up scan results by file hash (MD5,
SHA1, SHA256)
Web Interface and REST API Available
Metascan Online Overview
www.metascan-online.com
Metascan Online API
How does it work?
Metascan Online Public API allows for the
following functionality
File scanning
Hash lookups
Scan Result Lookup
Utilizes same Metascan engines and same
database as web front end
Licensing for Metascan Online API
All OPSWAT Portal users can activate their Metascan Online API key for free through the OPSWAT Portal
Licensing for Metascan Online API
Free Metascan Online API keys allow up to 25 file scans and 1000 file hash lookups per hour
Scan and hash lookup limits can be raised by purchasing premium Metascan Online API access
Private file scanning (no sharing of files) is also available by purchasing premium Metascan Online API
access
Premium access to the Metascan Online API can be purchased through OPSWAT Sales ([email protected])
Support
OPSWAT provides three levels of support
Basic Support - Free
Premium Support – 18% of license cost
Platinum Support – 25% of license cost
Support
Premium Support
What is covered by Premium support?
Phone support, 9 am to 6 pm PST Monday – Friday
Support Account Manager
Quarterly Conference call
reviews
For details of what is covered by each
level of support see the Support page on
the OPSWAT website
Support
Platinum Support
What is covered by Platinum support?
(Everything in Premium support)
24/7 Phone support
Quarterly Meetings with Engineering and Product
Management
Prioritized enhancement requests
For details of what is covered by each
level of support see the Support page on
the OPSWAT website
Questions?