SlideShare a Scribd company logo

Securing data flow to and from organizations

Download as PPTX, PDF
OPSWAT
OPSWAT

Presented by Benny Czarny, OPSWAT CEO, at INSS Workshop 2013

Technology
1 of 25
Securing data workflow to and from organizations Benny Czarny CEO OPSWAT,Inc.
Introduction to OPSWAT  Founded 2002  Based in San Francisco  Employees, contractors and interns: 115  Over 50 OEM customers  Over 500 direct customers  100+ certified technical partners  1000+ certified applications
OPSWAT Technologies Secure Manage Control Company Development tools  OESIS®, AppRemover and Secure Virtual Desktop  Secure Data workflow  Metascan and Metadefender  Automated Testing platform and Cloud Sandboxing  Nexperior  Device manageability and security  GEARS Cloud
SSL VPN and NAC Some Customers by Vertical Network Compliance and Vulnerability Assessment Support Tools Government Managed Services Antivirus Vendors
How to secure the data workflow ? What type of threats are we up against ? How many threats are we up against ? What are the capabilities of the security solutions ? Questionsto ask ourselves
What type of threats are we up against?  Computer Viruses are an NP-complete problem  NP complete problems cannot be solved in an easy to measure time in any known way http://www.dmst.aueb.gr/dds/pubs/jrnl/2002-ieeetit- npvirus/html/npvirus.pdf
What type of threats are we up against?  Ways to solve NP complete problems include  Approximation: -an "almost" optimal solution.  Randomization: allow the algorithm to fail with some small probability.  Heuristic: An algorithm that works "reasonably well".
What type of threats are we up against?  Known threats  Unknown threats
How many threats are we up against ?
How many threats are we up against? Source: McAfee Source: Av-Test.org Differencesin reporting the total amount of threats
How many threats are we up against? Source: McAfee Source: Av-Test.org Differencesin detection rates for new malware
What are the capabilities of the security solutions? Measuring the quality of antimalware engines How can we measure the quality of antivirus engines  Detection coverage  Response time  Operating system compatibility  Amount of False positives  Certification by
What are the capabilities of the security solutions? November 2010 February 2011 August 2011 AV Comparatives 97.6 % 95.8 % 92.1 % AV Test 97 % 99 % 96 % Measuring the quality of antimalware engines AMTSO’s mission is to develop and publish standards and best practices for testing of antimalware products
What are the capabilities of the security solutions? Antivirus productvulnerabilitiesfrom the National VulnerabilityDatabase 0 10 20 30 40 50 60 70 2005 2006 2007 2008 2009 2010 2011 2012 NumberofVulnerabilitiesinAntivirusproducts[CVEs] Year
What are the capabilities of the security solutions ? Antivirus  Tested 30 known malware files (Disguised as documents or embedded within documents)  Fewest number of engines detecting the threat was 10 (out of 43)  Highest number of engines detecting the threat was 30 (out of 43)
What are the capabilities of the security solutions ? Sandbox?  Tested 30 known malware files (Disguised as documents or embedded within documents)  Lowest number of threats detected was 3  Highest number of threats detected was 23
What are the capabilities of the security solutions Sandboxing X1% Protection level : 100% Multiscannin g X2% Protection level: Measuring detection coverage
Conclusion  Viruses and vulnerabilities are very hard to detect  No current answer about the amount of threats  No clear answer about the quality of the security solutions
Conclusion What can we do  Use many antivirus engines to protect against known and unknown threats using heuristics and sandboxes  Sanitize the data to protect against unknown threats  Protect the security system
Use many antimalware engines This graph shows the time between malware outbreakandAntivirus detection by sixAntivirus engines for 75 outbreaks over three months. No Vendor detects every outbreak. Only by combining six engines in a multiscanningsolution are outbreaks detected quickly. By adding additional engines,zero hour detection rates increase further. Zero hour detection 5 min to 5 days No detection at 5 days
What are the capabilities of the security solutions Sandboxing X1% Protection level : 100% Multiscannin g X2% Protection level: Measuring detection coverage
Sanitize the data to protect against unknown threats Sanitize the data in a well defined process 1. User Authentication 2. Input Policy Based on User Privileges 3. File Type Policy 4. Scan by Many Antivirus engines 5. Embedded Object and Macro Removal via File Type Conversion 6. File and Media Signature Verification 7. Notification to the user data is ready 8. File and Media Deletion Keep a healthy tradeoff between security and usability
Protect the security system  Execute sensitive tasks in an isolated virtualized environments  Revert your system on an ongoing basis  Check the memory integrity and the disk integrity of your system  Patch the system and its components  Constantly review the security architecture
Questions
References Av-test.com Av-comparatives.com www.metascan-online.com Amtso Software system defect content prediction from development process and product characteristics - Harris institute McAfee

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Sakib Sami
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
Hakan Yüksel
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
yennhi2812
 
Cyber security
Cyber securityCyber security
Cyber security
Shaibal Ahmed
 
Cyber security
Cyber securityCyber security
Cyber security
colebassett
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information security
AYESHA JAVED
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Sakib Sami
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
Hakan Yüksel
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
yennhi2812
 
Cyber security
Cyber securityCyber security
Cyber security
Shaibal Ahmed
 
Cyber security
Cyber securityCyber security
Cyber security
colebassett
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information security
AYESHA JAVED
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
Sandip Juthani
 
Cyber security
Cyber securityCyber security
Cyber security
abithajayavel
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
Jim Kaplan CIA CFE
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Morakinyo Animasaun
 
Cyber Threat Simulation
Cyber Threat SimulationCyber Threat Simulation
Cyber Threat Simulation
Tonex
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
cyber security,need,security problem and types of cyber security
cyber security,need,security problem and types of cyber securitycyber security,need,security problem and types of cyber security
cyber security,need,security problem and types of cyber security
Vansh Bathla
 
Masters in cyber security
Masters in cyber securityMasters in cyber security
Masters in cyber security
VihaanBajaj
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
PranjalShah18
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
Avantika University
 
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Brock Craft
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanning
OPSWAT
 

More Related Content

What's hot

Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
Jim Kaplan CIA CFE
 
Cyber Threat Simulation
Cyber Threat SimulationCyber Threat Simulation
Cyber Threat Simulation
Tonex
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 

What's hot (20)

Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
Cyber Threat Simulation
Cyber Threat SimulationCyber Threat Simulation
Cyber Threat Simulation
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
cyber security
cyber securitycyber security
cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
cyber security,need,security problem and types of cyber security
cyber security,need,security problem and types of cyber securitycyber security,need,security problem and types of cyber security
cyber security,need,security problem and types of cyber security
 
Masters in cyber security
Masters in cyber securityMasters in cyber security
Masters in cyber security
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber security
Cyber securityCyber security
Cyber security
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
 

Viewers also liked

Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Brock Craft
 

Viewers also liked (8)

Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
Tel It to the People: Technology Enhanced Learning and the Making and Hacking...
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanning
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Sketch ins- a tel design technique
Sketch ins- a tel design techniqueSketch ins- a tel design technique
Sketch ins- a tel design technique
 
TEL it to the People
TEL it to the PeopleTEL it to the People
TEL it to the People
 
Of Bikes & Bits
Of Bikes & BitsOf Bikes & Bits
Of Bikes & Bits
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
Notes on visual representation
Notes on visual representationNotes on visual representation
Notes on visual representation
 

Similar to Securing data flow to and from organizations

Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
tswong
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
baoyin
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
guest609a5ed
 

Similar to Securing data flow to and from organizations (20)

Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
Measuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersMeasuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to Customers
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Security testing
Security testingSecurity testing
Security testing
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
IKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet ENIKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet EN
 
Capability presentation app security Entersoft
Capability presentation app security EntersoftCapability presentation app security Entersoft
Capability presentation app security Entersoft
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
Vulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaVulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq Hanaysha
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 

More from OPSWAT

Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
OPSWAT
 

More from OPSWAT (13)

Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown Threats
 
How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted Applications
 
3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations3 Cases for Quarantine Confirgurations
3 Cases for Quarantine Confirgurations
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation Summit
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data Breaches
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for Linux
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data Workflow
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS Framework
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning Technology
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Securing data flow to and from organizations

  • 1. Securing data workflow to and from organizations Benny Czarny CEO OPSWAT,Inc.
  • 2. Introduction to OPSWAT  Founded 2002  Based in San Francisco  Employees, contractors and interns: 115  Over 50 OEM customers  Over 500 direct customers  100+ certified technical partners  1000+ certified applications
  • 3. OPSWAT Technologies Secure Manage Control Company Development tools  OESIS®, AppRemover and Secure Virtual Desktop  Secure Data workflow  Metascan and Metadefender  Automated Testing platform and Cloud Sandboxing  Nexperior  Device manageability and security  GEARS Cloud
  • 4. SSL VPN and NAC Some Customers by Vertical Network Compliance and Vulnerability Assessment Support Tools Government Managed Services Antivirus Vendors
  • 5. How to secure the data workflow ? What type of threats are we up against ? How many threats are we up against ? What are the capabilities of the security solutions ? Questionsto ask ourselves
  • 6. What type of threats are we up against?  Computer Viruses are an NP-complete problem  NP complete problems cannot be solved in an easy to measure time in any known way http://www.dmst.aueb.gr/dds/pubs/jrnl/2002-ieeetit- npvirus/html/npvirus.pdf
  • 7. What type of threats are we up against?  Ways to solve NP complete problems include  Approximation: -an "almost" optimal solution.  Randomization: allow the algorithm to fail with some small probability.  Heuristic: An algorithm that works "reasonably well".
  • 8. What type of threats are we up against?  Known threats  Unknown threats
  • 9. How many threats are we up against ?
  • 10. How many threats are we up against? Source: McAfee Source: Av-Test.org Differencesin reporting the total amount of threats
  • 11. How many threats are we up against? Source: McAfee Source: Av-Test.org Differencesin detection rates for new malware
  • 12. What are the capabilities of the security solutions? Measuring the quality of antimalware engines How can we measure the quality of antivirus engines  Detection coverage  Response time  Operating system compatibility  Amount of False positives  Certification by
  • 13. What are the capabilities of the security solutions? November 2010 February 2011 August 2011 AV Comparatives 97.6 % 95.8 % 92.1 % AV Test 97 % 99 % 96 % Measuring the quality of antimalware engines AMTSO’s mission is to develop and publish standards and best practices for testing of antimalware products
  • 14. What are the capabilities of the security solutions? Antivirus productvulnerabilitiesfrom the National VulnerabilityDatabase 0 10 20 30 40 50 60 70 2005 2006 2007 2008 2009 2010 2011 2012 NumberofVulnerabilitiesinAntivirusproducts[CVEs] Year
  • 15. What are the capabilities of the security solutions ? Antivirus  Tested 30 known malware files (Disguised as documents or embedded within documents)  Fewest number of engines detecting the threat was 10 (out of 43)  Highest number of engines detecting the threat was 30 (out of 43)
  • 16. What are the capabilities of the security solutions ? Sandbox?  Tested 30 known malware files (Disguised as documents or embedded within documents)  Lowest number of threats detected was 3  Highest number of threats detected was 23
  • 17. What are the capabilities of the security solutions Sandboxing X1% Protection level : 100% Multiscannin g X2% Protection level: Measuring detection coverage
  • 18. Conclusion  Viruses and vulnerabilities are very hard to detect  No current answer about the amount of threats  No clear answer about the quality of the security solutions
  • 19. Conclusion What can we do  Use many antivirus engines to protect against known and unknown threats using heuristics and sandboxes  Sanitize the data to protect against unknown threats  Protect the security system
  • 20. Use many antimalware engines This graph shows the time between malware outbreakandAntivirus detection by sixAntivirus engines for 75 outbreaks over three months. No Vendor detects every outbreak. Only by combining six engines in a multiscanningsolution are outbreaks detected quickly. By adding additional engines,zero hour detection rates increase further. Zero hour detection 5 min to 5 days No detection at 5 days
  • 21. What are the capabilities of the security solutions Sandboxing X1% Protection level : 100% Multiscannin g X2% Protection level: Measuring detection coverage
  • 22. Sanitize the data to protect against unknown threats Sanitize the data in a well defined process 1. User Authentication 2. Input Policy Based on User Privileges 3. File Type Policy 4. Scan by Many Antivirus engines 5. Embedded Object and Macro Removal via File Type Conversion 6. File and Media Signature Verification 7. Notification to the user data is ready 8. File and Media Deletion Keep a healthy tradeoff between security and usability
  • 23. Protect the security system  Execute sensitive tasks in an isolated virtualized environments  Revert your system on an ongoing basis  Check the memory integrity and the disk integrity of your system  Patch the system and its components  Constantly review the security architecture
  • 25. References Av-test.com Av-comparatives.com www.metascan-online.com Amtso Software system defect content prediction from development process and product characteristics - Harris institute McAfee

Editor's Notes

  1. Hello Everybody my name is Benny Czarny CEO of OPSWAT the Manufacture of Thank west coast labs you for the opportunity to sponser West coast  OESIS – Managability technology Metascan - Multiscanning technologies On demand desktop isolation technology AppRemover – technology to Uninstall Security applications I am sure that many if not all What I am going to talk about is trying to quantify multiscanning measurements
  2. Before we begin lets quickly discuss Why Mutliscanning What is the trade off Lets try to simplify whyWhen you are trying to protect yourselves against any threat It does not have to be a virus What type of threat you are trying what is the capability of our solution For example you protect against Data loss – by implementing back up If you are trying to protect against an army –How many soldiers are planning to attack How many soldiers do we have , how they are equipped , How many threats we are against ?What is the capability of an antivirus to detect a threat
  3. http://www.cknow.com/cms/vtutor/number-of-viruses.html
  4. So what is the total number of threats ?Here are numbers I pulled from you from 2 different resources Mcafee and av-test.org There are many more resources such as Virus encyclopedias of multiple vendors This was simple to findSimple google image amount of malware IT is very clear to see that over a course of a year and a halfMfafee and AV-test did not reprt the same numberSYes I know that some would argue
  5. Even more Total numbers of new threats is also inconclusiveHow can you check who detects 100% when you do not know what is 100%
  6. Now lets see what is the capability of our antimalware engines We have antimalware engines How can you measure the quality of antimalware engines ?Detection coverageResponse time Operating system compatibility Amount of False positiveCompanies such as ICSA Labs AV comparatives west coast Labs AV test Virus Builtin came with their own metrics , and keep publish their research and testing results
  7. In this example I outlined here for you how 2 different companies publish reports of quality of antimalware reports different numbers Each company has a different criteria's to measure the quality of the engines and different rating system I’d like to mention that the organization AMTSO ( founded at 2008 by Richard develop testing standards for antimalware ) We still see inconsistent numbers
  8. Taken from the National Vulnerability DatabaseNumber of CVS found with a search of ‘antivirus’ – results were from various Antivirus products
  9. The assumption that antiviurs engines are events that are not mutually exclusive So if we have the global amount of threats an antivirus can detect we should expect :Threats detected only by Antiviurs A Threats Detected only by Antivirus B Threats detected by Antivirus A and Antivirus B
  10. The conclusion is obvious When you do not know what you are up against , When you can’t really measure the quality of the tools you are working with Multiscanining is a trivial choice
  11. The conclusion is obvious When you do not know what you are up against , When you can’t really measure the quality of the tools you are working with Multiscanining is a trivial choice
  12. Green is zero hour detectionYellow is 2 min to 5 daysRed is more than 5 days
  13. The assumption that antiviurs engines are events that are not mutually exclusive So if we have the global amount of threats an antivirus can detect we should expect :Threats detected only by Antiviurs A Threats Detected only by Antivirus B Threats detected by Antivirus A and Antivirus B