Your SlideShare is downloading. ×
0
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Metascan Multi-scanning Technology
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Metascan Multi-scanning Technology

820

Published on

The evolving threat landscape, why multi-scanning is needed, and OPSWAT's Metascan technology

The evolving threat landscape, why multi-scanning is needed, and OPSWAT's Metascan technology

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
820
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 1 min
  • <why multiscanning>Growth of MalwareMore engines are better than 1OutbreaksVulnerabilities in engines <technology overview of Metascan>What is Metascanwhy use MetascanCurrent feature set <different implementations of Metascan>Out of box solution: MDTADemo of metascanonline.com (local box with wireless access point)Endpoint client (MD4SA)Demo of MD4SA <Managing Metascan>Introduction to the management station
  • AV-Test.org registers over 55,000 new malicious programs every day.
  • Green is zero hour detectionYellow is 2 min to 5 daysRed is more than 5 days
  • Taken from the National Vulnerability DatabaseNumber of CVS found with a search of ‘antivirus’ – results were from various AV products
  • What is Metascan online? It is just slightly customized version of Metascan. Of course, it is not all of Metascan and lets dig into further to know more about MetascanOnMetascan is multiscanning solution with different layers and various API which overcome the challenge of using multiple antivirous. Flexible integration options from low level integration to out-of-box solution such as slightly modified version of Metascan.
  • Transcript

    • 1. Metascan® Multi-scanning TechnologyTony Berning March 2013Product Manageraberning@opswat.com
    • 2. Agenda Introduction to Multi-scanning The evolving threat landscape Why multi-scanning? Metascan Additional Uses of Metascan Getting started with Metascan
    • 3. The Evolving Threat LandscapeFrom hacking for fun to cracking for profit
    • 4. The Evolving Threat Landscape Cyber warfare… Virus/Worm Era Spyware and Adware E-Crime … 1998 2002 2006 2010 2012 Motivation Opportunity Methods  15 minutes of fame  Improved connectivity  Quiet Attacks  Borderline legal  Increase in users, web  Primary vectors ways of making traffic & searches. web & mobile money  More time on  Phishing attacks  Make money fast Facebook, Twitter and  Attacks focused by exploiting YouTube on specific sites  Stuxnet , DuQu  Easier to find personal  Targeted Attacks and Flame details -> used to infiltrate organizations  Cyber warfare
    • 5. The problem:Too much malware, insufficient detection
    • 6. The Problem Insufficient Detection by any one Anti-Malware Product Over 130,000 new maliciousThe rapid growth in the amount of malware continues to programs appearaccelerate every dayNo AV vendor can keep up with the number of new malwarevariants “Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.” http://www.csmonitor.com/Commentary/Opini on/2012/0808/Help-wanted-Geek-squads-for- US-cybersecurity
    • 7. The SolutionMultiple Anti-Malware Engines
    • 8. Why Use Multiple Anti-Malware Engines? Increase malware zero hour detection rates Decrease malware detection time after an outbreak Increase resiliency to anti-malware engines’ vulnerabilities
    • 9. The Solution Every engine misses somethingNo anti-malware product is perfect but together they have a greater rateof detection due to their unique features 100% Engine 1 Detection Rate: Engine 2 Detection Rate:
    • 10. Improve Detection Using Multiple Anti-Malware Engines This graph shows the time between malware outbreak and detection by six anti-malware engines for 75 outbreaks over three months. No vendor detects every outbreak. Only by combining six engines in a multi- scanning solution are outbreaks detected quickly. By adding additional engines, zero hour detection rates increase further. Zero hour * Source: av-test.org detection 5 min to 5 days No detection at 5 days
    • 11. Multiple Engines Increase Resiliency to Anti-Malware Engine Vulnerabilities Anti-malware product vulnerabilities from the National Vulnerability Database 70 60Number of Vulnerabilities in Antivirus products [CVEs] 50 40 30 20 10 0 2005 2006 2007 2008 2009 2010 2011 2012 Year
    • 12. MetascanMulti-scanning solution
    • 13. What is Metascan? Multi-scanning engineA server application with a local and network programminginterface that allows customers to incorporate multiple anti-malware engine scanning technologies into their securityarchitecture  Supports 0 to 30 anti-malware engines [and growing!]  Simultaneously scans files with all engines  Scan directories, files, archives, buffers, and boot sector  Automatic online definition updates or manual offline updates
    • 14. What is Metascan? Multi-scanning engine Flexible and scalable API driven solution  Many programming Interfaces – C++ Java PHP C#/ASP.NET RESTful (Web API)/HTTP CLI[command line interface] Analyzes files locally on a single server or remotely accesses files from Windows, Macintosh, or Linux systems
    • 15. Metascan Who uses Metascan? Analysts who research threats in binaries  CERTs (Computer Emergency Response/Readiness Teams)  Government agencies  Federal and State Law enforcement agencies  Computer forensic analysts IT security managers who seek to control data flow  Files from public facing sharing/upload sites  Data moving across internal security domains  Detect infected attachments Independent software vendors seeking to identify threats in their binaries  False positives  Accidental infections
    • 16. Metascan Standard packagesMetascan is available inpreconfigured packages thatinclude 0-16 embeddedengines Best performance from fully embedded engines Easy to use – engines update automatically or as a single offline package
    • 17. Metascan Custom packagesCreate your own custom packages Add engines to any standard package –  For example; create Metascan 20 by adding McAfee, Symantec, Kaspersky and Sophos to the Metascan 16 standard package Pick and choose from our custom engine list to create your own custom package (currently up to 30 engines)
    • 18. Additional Uses of MetascanMetascan Online (www.metascan-online.com)• Online implementation of Metascan with 40+ engines• Upload and Scan files• Lookup by file hash• Web Interface and REST APIMetadefender• Metascan client that examines the content on physical media such as USB flash drives, CDs and DVDs.• Available as standalone software or as a physical kiosk
    • 19. Getting Started with Metascan For more information on Metascan and Metadefender go to: http://www.opswat.com/metascan For a free 30 day trial of Metascan and Metadefender go to: http://portal.opswat.com If you would like more information about purchasing Metascan or Metadefender please contact OPSWAT Sales at: sales@opswat.com If you have feedback or questions about Metascan or Metadefender contact OPSWAT Product Management at: pm@opswat.com

    ×