1. OPSWAT Presentation for XXX Month Date, Year

2. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow with Metadefender  Questions

3. OPSWAT at a Glance Company  Established 2002  Private, profitable and growing  Head office in San Francisco, California Products  Multi-scanning – Metascan ® and Metadefender ®  Security Application Manageability – OESIS ® & AppRemover  Secure Virtual Desktop Isolation Technology  GEARS – Network Manageability Customers  Governments, CERTs, Finance, Utilities, [esp. Nuclear], Military  OEM s – SSL VPN, NAC Management services, Support Tools

4. SSL VPN and NAC Customer Verticals Network Compliance and Vulnerability Assessment Support Tools Government Higher Ed and Corporations Managed Services

5. Metascan Scan Files with Multiple Antivirus Engines

6. Why Multi-scanning? Too much malware, insufficient detection

7. Over 220,000 new malware variants appear every day http://www.av- test.org/en/statistics/malware/ “Cyber attacks on America’s critical infrastructure increased 17-fold between 2009 and 2011.” http://www.csmonitor.com/Commentary/Opini on/2012/0808/Help-wanted-Geek-squads-for- US-cybersecurity The rapid growth in the amount of malware continues to accelerate No AV vendor can keep up with the number of new malware variants The Reality Metascan Multiple engine malware scanning technology Insufficient detection by any one AV product

8. Measuring Antivirus Capabilities Much variation between different anti-malware engines Detection Rate vs. False Positives for 19 Engines Source: AV Comparatives September 2012

9. This graph shows the time between malware outbreak and AV detection by six AV engines for 75 outbreaks. No Vendor detects every outbreak. Only by combining six engines in a multiscanning solution are outbreaks detected quickly. By adding additional engines, zero hour detection rates increase further. Zero hour detection 5 min to 5 days No detection at 5 days Illustrating The Decreased Outbreak Detection Time

10. Geographic Distribution of Antivirus Engines

11. Performance by the numbers The scan time is much shorter than the sum of the individual scans 1 engine 3 engines 8 engines PDF EXEJPG OTHER Presumed Scan Time

12. What is Metascan? Multi-scanning engine A server application with a local and network programming interface that allows customers to incorporate multiple anti- malware engine scanning technologies into their security architecture  Supports 0 to 30 anti-malware engines [and growing!]  Simultaneously scans files with all engines  Scan directories, files, archives, buffers, and boot sector  Automatic online definition updates or manual offline updates  ICAP functionality

13. Metascan vs Traditional Antivirus Engines  Metascan integrates multiple engines that are optimized to work together on the same system  Metascan does not provide Real Time Protection (RTP) like many traditional antivirus engines, all scanning is done on demand

14. What is Metascan? Multi-scanning engine  Flexible and scalable API driven solution  Many programming Interfaces – C++ Java PHP C#/ASP.NET RESTful (Web API)/HTTP CLI[command line interface] ICAP  Analyzes files locally on a single server or remotely from Windows or Linux systems

15. Metascan Who uses Metascan?  Analysts who research threats in binaries  CERTs (Computer Emergency Response/Readiness Teams)  Government agencies  Federal and State Law enforcement agencies  Computer forensic analysts  IT security managers who seek to control data flow  Files from public facing sharing/upload sites  Data moving across internal security domains  Detect infected attachments  Independent software vendors seeking to identify threats in their binaries  False positives  Accidental infections

16. Metascan Features  Manual (Offline) Updates – ZIP file  Download the package (.zip) from an Internet connected system  Transfer the file to a system in the offline network and use the Metascan Management Console or the Metascan Management Station to “push” to multiple servers Engine Definition updates

17. Metascan Standard packages In addition to our standard offerings, the engines listed below may be added to create custom packages

18. Metadefender Securing Data Flows into/out of Organizations

19. Why Metadefender? Peripheral media cannot be trusted

20. Why Metadefender? Peripheral media is an easy attack vector  Surveys show that 10% to 25% of malware is spread via USB (Sources: ESET & Panda)  Autorun viruses are easy to create  Instructions to create a virus are easily found online  The US Department of Defense banned peripherals entirely in 2008 after an outbreak of the SillyFDC worm which was spread by removable media

21. Why Metadefender? Metadefender use cases  USBs are the most effective way to deliver malware into a company  USBs bypass network security and deliver malware directly to the endpoint  Contractors and visiting vendors accidentally bring in malware on USB  Software updates and upgrades brought into secure networks on DVDs have contained malware  Banks and other financial institutions are attacked with USBs dropped in parking lots that employees pick up and insert in their work computers. (human curiosity?)  Advanced attacks mail infected USBs to employees as gifts

22. What is Metadefender? Metadefender allows customers to define data security policies for their users to prevent the introduction of malware to a corporate network through portable media  Define multiple policies for different users or groups of users  Process files to determine if they are a threat  Take the appropriate actions on both allowed and blocked files  Optionally include Multi-scanning by Metascan

23. Metadefender Features  Multi-Step Process to Secure Network  User Authentication  File Type Filtering  Scanning with Metascan  Scan look up by SHA256 hash value  File Type Conversions  Including embedded object removal  Enhanced Post-Processing  Metadefender System Restore after each session to ensure system integrity

24. Metadefender and Metascan The Metascan multi-scanning server can be integrated as part of the Metadefender security workflow  Metascan can be installed on the same system as Metadefender or can be on its own dedicated system  Multiple Metadefender systems can use a single Metascan for multi-scanning

25. Metadefender Who uses Metadefender?  Highly Secure facilities that host outside visitors/contractors  Government Agencies  Power Plants / Nuclear Facilities  IT security managers who seek to control physical media  Banks  Investment companies  Any company concerned about physical media-based malware infections

26. How Metadefender is commonly used Data workflow controls  Create a process ( workflow ) to control data coming into and out of your organization.  Example:  Scan the contents of peripherals using multiple AV engines  Require visitors to put all content onto a provided USB – then scan the content for malware with multiple AV engines  Convert selected data types  Convert files to jpeg or png to eliminate threats in original file  Block selected file types  Block all executables and other commonly infected files [e.g., PDF]

27. Metadefender Metadefender is delivered in two formats:  Software to deploy on any system that meets Metadefender’s requirements  Kiosk with Metadefender pre-installed and configured Delivery

28. Metadefender Deployment Options Choosing the best for your security needs

29. Product Deployment Options Standalone Systems with no Network connectivity In this deployment option, Metadefender kiosks have both the Metascan server and the Metadefender client installed and have no network connection. Virus definition updates are downloaded from a system connected to the Internet and copied to physical media to be transferred to each Metadefender kiosk. Pros No network connection required Cons Updating virus definitions requires physically bringing media (USB drive/DVD/CD) to each kiosk and applying the update on each one

30. Product Deployment Options Standalone Systems with Metascan Management Station In this deployment option, a Metascan Management Station is installed on a dedicated system that has network connection to each Metadefender kiosk. The Metadefender kiosks have both the Metascan server and the Metadefender client installed and have network connection to Metascan Management Station only. Virus definition updates are downloaded on the system with the Metascan Management Station installed, and updates are applied to the Metadefender kiosks via the Metascan Management Station. Pros Easier to deploy than standalone systems with no network connectivity Cons Requires network connectivity between each kiosk and the Metascan Management Station Definition updates need to be transferred over the network Requires an additional system for the Metascan Management Station

31. Product Deployment Options Distributed Systems (Metascan Server Offline) In a distributed system, Metadefender kiosks have only the Metadefender client installed. The Metascan server is installed on a dedicated system. In this deployment option, the Metascan server does not have access to the Internet, and Metadefender kiosks have network connection to the Metascan server only. Virus definition updates are downloaded on a system with connection to the Internet and manually transferred and applied to the Metascan server. Pros Only requires deploying virus definition updates to a single Metascan server The Metascan server can be higher powered to allow for higher scan throughput Cons Requires network connectivity between each kiosk and the Metascan server All files being scanned will be transferred over the network

32. Product Deployment Options Distributed Systems (Metascan Server Online) In a distributed system, Metadefender kiosks have only the Metadefender client installed. The Metascan server is installed on a dedicated system. In this deployment option, the Metascan server has access to the Internet, and Metadefender kiosks have network connection to the Metascan server only. Because of Internet connectivity, virus definitions automatically update on the Metascan server. Pros Virus definition updates are applied automatically to the Metascan server The Metascan server can be higher powered to allow for higher scan throughput Cons Requires network connectivity between each kiosk and the Metascan server All files being scanned will be transferred over the network Requires Internet connection for the Metascan server

33. Support  OPSWAT provides three levels of support  Basic Support - Free  Premium Support – 18% of license cost  Platinum Support – 25% of license cost

34. Support Premium Support  What is covered by Premium support?  Phone support, 9 am to 6 pm PST Monday – Friday  Support Account Manager  Quarterly Conference call reviews  For details of what is covered by each level of support see the Support page on the OPSWAT website

35. Support Platinum Support  What is covered by Platinum support?  (Everything in Premium support)  24/7 Phone support  Quarterly Meetings with Engineering and Product Management  Prioritized enhancement requests  For details of what is covered by each level of support see the Support page on the OPSWAT website

36. Questions?