Securing data flow to and from organizations
-
Upload
opswat -
Category
Technology
-
view
104 -
download
0
description
Transcript of Securing data flow to and from organizations
![Page 1: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/1.jpg)
Securing data workflow to and from organizations
Benny CzarnyCEO OPSWAT, Inc.
![Page 2: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/2.jpg)
Introduction to OPSWAT
Founded 2002
Based in San Francisco
Employees, contractors and interns: 115
Over 50 OEM customers
Over 500 direct customers
100+ certified technical partners
1000+ certified applications
![Page 3: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/3.jpg)
OPSWAT TechnologiesSecure Manage Control
Company Development tools
OESIS®, AppRemover and Secure Virtual Desktop
Secure Data workflow
Metascan and Metadefender
Automated Testing platform and Cloud Sandboxing
Nexperior
Device manageability and security
GEARS Cloud
![Page 4: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/4.jpg)
SSL VPN and NAC
Some Customers by Vertical
Network Compliance and
Vulnerability Assessment
Support Tools Government
Managed Services
Antivirus Vendors
![Page 5: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/5.jpg)
How to secure the data workflow ?
What type of threats are we up against ?
How many threats are we up against ?
What are the capabilities of the security solutions ?
Questions to ask ourselves
![Page 6: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/6.jpg)
What type of threats are we up against?
Computer Viruses are an NP-complete problem
NP complete problems cannot be solved in an easy to measure time in any known way
http://www.dmst.aueb.gr/dds/pubs/jrnl/2002-ieeetit-npvirus/html/npvirus.pdf
![Page 7: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/7.jpg)
What type of threats are we up against?
Ways to solve NP complete problems include
Approximation: -an "almost" optimal solution. Randomization: allow the algorithm to fail with some small
probability. Heuristic: An algorithm that works "reasonably well".
![Page 8: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/8.jpg)
What type of threats are we up against?
Known threats
Unknown threats
![Page 9: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/9.jpg)
How many threats are we up against ?
![Page 10: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/10.jpg)
How many threats are we up against?
Source: McAfee
Source: Av-Test.org
Differences in reporting the total amount of threats
![Page 11: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/11.jpg)
How many threats are we up against?
Source: McAfee
Source: Av-Test.org
Differences in detection rates for new malware
![Page 12: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/12.jpg)
What are the capabilities of the security solutions?Measuring the quality of antimalware engines
How can we measure the quality of antivirus engines Detection coverage Response time Operating system compatibility Amount of False positives Certification by
![Page 13: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/13.jpg)
What are the capabilities of the security solutions?
November 2010
February 2011 August 2011
AV Comparatives 97.6 % 95.8 % 92.1 %
AV Test 97 % 99 % 96 %
Measuring the quality of antimalware engines
AMTSO’s mission is to develop and publish standards and best practices for testing of antimalware products
![Page 14: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/14.jpg)
What are the capabilities of the security solutions?Antivirus product vulnerabilities from the National Vulnerability
Database
2005 2006 2007 2008 2009 2010 2011 20120
10
20
30
40
50
60
70
Year
Num
ber o
f Vul
nera
biliti
es i
n An
tiviru
s pr
oduc
ts [C
VEs]
![Page 15: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/15.jpg)
What are the capabilities of the security solutions ?Antivirus
Tested 30 known malware files (Disguised as documents or embedded within documents) Fewest number of engines detecting the threat was 10 (out of 43) Highest number of engines detecting the threat was 30 (out of 43)
![Page 16: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/16.jpg)
What are the capabilities of the security solutions ?Sandbox ?
Tested 30 known malware files (Disguised as documents or embedded within documents) Lowest number of threats detected was 3 Highest number of threats detected was 23
![Page 17: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/17.jpg)
What are the capabilities of the security solutions
Sandboxing
X1%Protection level :
100%
Multiscanning
X2%Protection level:
Measuring detection coverage
![Page 18: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/18.jpg)
Conclusion
Viruses and vulnerabilities are very hard to detect
No current answer about the amount of threats
No clear answer about the quality of the security solutions
![Page 19: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/19.jpg)
Conclusion What can we do
Use many antivirus engines to protect against known and unknown threats using heuristics and sandboxes
Sanitize the data to protect against unknown threats
Protect the security system
![Page 20: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/20.jpg)
Use many antimalware engines
This graph shows the time between malware outbreak and Antivirus detection by six Antivirus engines for 75 outbreaks over three months.
No Vendor detects every outbreak.
Only by combining six engines in a multiscanning solution are outbreaks detected quickly.
By adding additional engines, zero hour detection rates increase further.
Zero hour detection
5 min to 5 days
No detection at 5 days
![Page 21: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/21.jpg)
What are the capabilities of the security solutions
Sandboxing
X1%Protection level :
100%
Multiscanning
X2%Protection level:
Measuring detection coverage
![Page 22: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/22.jpg)
Sanitize the data to protect against unknown threats
Sanitize the data in a well defined process
1. User Authentication2. Input Policy Based on User Privileges3. File Type Policy4. Scan by Many Antivirus engines 5. Embedded Object and Macro Removal via File Type
Conversion6. File and Media Signature Verification7. Notification to the user data is ready 8. File and Media Deletion
Keep a healthy tradeoff between security and usability
![Page 23: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/23.jpg)
Protect the security system
Execute sensitive tasks in an isolated virtualized environments
Revert your system on an ongoing basis Check the memory integrity and the disk integrity
of your system Patch the system and its components Constantly review the security architecture
![Page 24: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/24.jpg)
Questions
![Page 25: Securing data flow to and from organizations](https://reader036.fdocuments.net/reader036/viewer/2022062617/54c5df644a79598a118b45ea/html5/thumbnails/25.jpg)
References
Av-test.com
Av-comparatives.com
www.metascan-online.com
Amtso
Software system defect content prediction from development
process and product characteristics - Harris institute
McAfee