OPSWAT Presentation for XXX Month Date, Year

OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow with Metadefender  Questions

OPSWAT at a Glance Company  Established 2002  Private, profitable and growing  Head office in San Francisco, California Products  Multi-scanning – Metascan ® and Metadefender ®  Security Application Manageability – OESIS ® & AppRemover  Secure Virtual Desktop Isolation Technology  GEARS – Network Manageability Customers  Governments, CERTs, Finance, Utilities, [esp. Nuclear], Military  OEM s – SSL VPN, NAC Management services, Support Tools

SSL VPN and NAC Customer Verticals Network Compliance and Vulnerability Assessment Support Tools Government Higher Ed and Corporations Managed Services

Metascan Scan Files with Multiple Antivirus Engines

Why Multi-scanning? Too much malware, insufficient detection

Over 220,000 new malware variants appear every day test.org/en/statistics/malware/ “Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.” on/2012/0808/Help-wanted-Geek-squads-for- US-cybersecurity The rapid growth in the amount of malware continues to accelerate No AV vendor can keep up with the number of new malware variants The Reality Metascan Multiple engine malware scanning technology Insufficient detection by any one AV product

Measuring Antivirus Capabilities Much variation between different anti-malware engines Detection Rate vs. False Positives for 19 Engines Source: AV Comparatives September 2012

This graph shows the time between malware outbreak and AV detection by six AV engines for 75 outbreaks. No Vendor detects every outbreak. Only by combining six engines in a multiscanning solution are outbreaks detected quickly. By adding additional engines, zero hour detection rates increase further. Zero hour detection 5 min to 5 days No detection at 5 days Illustrating The Decreased Outbreak Detection Time

Geographic Distribution of Antivirus Engines

Performance by the numbers The scan time is much shorter than the sum of the individual scans 1 engine 3 engines 8 engines PDF EXEJPG OTHER Presumed Scan Time

What is Metascan? Multi-scanning engine A server application with a local and network programming interface that allows customers to incorporate multiple anti- malware engine scanning technologies into their security architecture  Supports 0 to 30 anti-malware engines [and growing!]  Simultaneously scans files with all engines  Scan directories, files, archives, buffers, and boot sector  Automatic online definition updates or manual offline updates  ICAP functionality

Metascan vs Traditional Antivirus Engines  Metascan integrates multiple engines that are optimized to work together on the same system  Metascan does not provide Real Time Protection (RTP) like many traditional antivirus engines, all scanning is done on demand

What is Metascan? Multi-scanning engine  Flexible and scalable API driven solution  Many programming Interfaces – C++ Java PHP C#/ASP.NET RESTful (Web API)/HTTP CLI[command line interface] ICAP  Analyzes files locally on a single server or remotely from Windows or Linux systems

Metascan Who uses Metascan?  Analysts who research threats in binaries  CERTs (Computer Emergency Response/Readiness Teams)  Government agencies  Federal and State Law enforcement agencies  Computer forensic analysts  IT security managers who seek to control data flow  Files from public facing sharing/upload sites  Data moving across internal security domains  Detect infected attachments  Independent software vendors seeking to identify threats in their binaries  False positives  Accidental infections

Metascan Features  Manual (Offline) Updates – ZIP file  Download the package (.zip) from an Internet connected system  Transfer the file to a system in the offline network and use the Metascan Management Console or the Metascan Management Station to “push” to multiple servers Engine Definition updates

Metascan Standard packages In addition to our standard offerings, the engines listed below may be added to create custom packages

Metascan ICAP Server How does it work?  Proxy traffic sent to ICAP server  Scans all HTTP traffic over the network  Scans incoming and/or outgoing traffic  Incoming traffic for file and web content downloads  Outgoing traffic for file uploads  Blocks contents containing threats  Configurable through the Metascan Management Console

Metascan ICAP Server Deployment All endpoints within an organization are connected to the Internet through a proxy server All traffic going through the proxy can be scanned by Metascan

Metascan Client Easy endpoint scanning with multiple engines

What is Metascan Client? Endpoint scanning A simple executable for scanning Windows or Linux systems  Nothing is installed on the endpoint  Can be run from a USB, CD or DVD or local hard drive  No coding required  Scan files, folders, drives, and active processes in memory and files associated with active processes  Requires a Metascan server

Metascan Client Features – Technical details File processing sequence:

Metascan Client Features Online Deployment Multiple Metascan Clients connected to a single Metascan server The client is run from a USB, CD or DVD, or local drive. It connects to the Metascan server and scans the contents of the endpoint Updates are automatically downloaded from the internet

Metascan Client Features Offline Deployment Multiple Metascan Clients connected to a single Metascan server. The client is run on the endpoints. It connects to the Metascan server and scans the contents of the endpoint. The Metascan server is offline [not connected to the internet] and updated manually

Metascan Client Features Bootable USB Solution for scanning laptops that are brought into a facility. System boots into OS on Metascan Client USB. Allows entire system to be scanned (including boot sector) without booting into system OS Windows and Linux versions available

How should you use Metascan Client?  IT Administrators managing endpoints in their network  VPN Authentication Process  Schedule Scans  IT Troubleshooting  Independent software vendors seeking to proactively address issues with new binaries  False positives  Accidental infections from open source or third party libraries  Bootable USB to scan systems (e.g. laptops) before they are brought into secure facilities

Metascan Client Packages  Metascan Client USB  Windows or Linux  Metascan Client  Windows or Linux  Standalone Executable  File or Process Scanning  GUI (Windows Only) or CLI (Windows and Linux)  Metascan Client Connector  Windows or Linux  File Scanning Functionality  API and CLI  Metascan Client SDK  Windows Only  Process Scanning Functionality

Support  OPSWAT provides three levels of support  Basic Support - Free  Premium Support – 18% of license cost  Platinum Support – 25% of license cost

Support Premium Support  What is covered by Premium support?  Phone support, 9 am to 6 pm PST Monday – Friday  Support Account Manager  Quarterly Conference call reviews  For details of what is covered by each level of support see the Support page on the OPSWAT website

Support Platinum Support  What is covered by Platinum support?  (Everything in Premium support)  24/7 Phone support  Quarterly Meetings with Engineering and Product Management  Prioritized enhancement requests  For details of what is covered by each level of support see the Support page on the OPSWAT website

Questions?