With advancing technology and the ever-evolving landscape of cybercrime, it is more important today than ever to reduce file-borne attacks, secure encrypted traffic, and protect your networks.
In this webinar, we discuss the latest developments in the threat landscape, why shared responsibility matters for critical infrastructure, and how you can mitigate future threat vectors with the F5 NGINX Plus Certified Module from OPSWAT.
3. 20 Years of Cybersecurity
Innovation and Growth
Critical Infrastructure Protection
Professional Services OEM Enterprise
4. Best Solution – Web Application Security
"OPSWAT embodies three
major features we judges
look for to become
winners: understanding
tomorrow’s threats, today,
providing a cost-effective
solution and innovating in
unexpected ways that can
help mitigate cyber risk
and get one step ahead of
the next breach."
5. OPSWAT and F5 Partnership
https://www.opswat.com/videos/how-to-integrate-
metadefender-icap-with-f5
OEM Partner since 2005 (OESIS)
ICAP Integration Partner since 2017
John Wagnon
Pete Silva
8. Notables CIP Incidents – 2021/2022
Data courtesy: Industrial Cyber, Takepoint Research
Oldsmar water
treatment plant hack
Water & Waste
Colonial
Pipeline targeted
by DarkSide ransomwar
e hackers
Pipelines
Cyberattack Disrupts
Operations At Molson
Coors
Food & Agriculture
KIA core systems were
shut down by a
suspected
DoppelPaymer
ransomware attack
Automotive
Elekta was hit by a
ransomware attack
Healthcare
10. Application Security – Shared Responsibility
Same as with a CSP, cybersecurity responsibilities exist between
various security solutions and vendors
11. Application Security: The Blind Spots
1/3 of organizations with a web application for file uploads do not scan all file uploads to
detect malicious files.
1/5 of these organizations scan with just one anti-virus engine.
2/3 of organizations with a file upload web portal do not sanitize file uploads with Content
Disarm and Reconstruct (CDR) to prevent unknown malware and Zero-day attacks.
32%
18%
65%
13. Blind Spot: Data Sanitization (prevent zero-day)
Does your company use CDR (Content Disarm and Reconstruction) for data sanitization to
disarm embedded threats (e.g., macros in word documents or scripts in pdfs)?
35%
37%
16%
12% Yes
No
I’ve never heard of CDR
I've heard of CDR, but don't know if my
company uses it
17. MetaDefender Core™
Technology Platform
Challenges
File-based evasive malware and zero-day attacks
Sensitive data leakage and staying compliant
Too many security tools and technologies
Complex systems, few qualified professionals
Solution
Inspect all incoming files for malware
Data sanitization to prevent zero-day attacks
Detect and manage sensitive information in files
Multiple security technologies in a single platform
Application Security
18. MetaDefender Core™
Technology Platform
Benefits
Malware protection and data breach prevention
Protect sensitive data in files
Comprehensive, easy-to-integrate platform
Features
Multiscanning with 30+ AV engines
Deep CDR (Content Disarm and Reconstruction)
Proactive DLP (Data Loss Prevention)
Wide file type support including nested archives
Application Security
19. MetaDefender ICAP™
Benefits
Out-of-the-box integration into
existing infrastructure, fast setup and POC
Comprehensive security and data
protection technologies, additive security
Low overhead maintenance
Features
All MetaDefender Core platform technologies
Integrates with any ICAP-enabled
device (secure gateway, proxies, WAF, SSL
inspectors)
Native integration with NGINX Plus and NGINX
Open Source
Application Security
20. Why NGINX?
What is NGINX?
§ Fastest web server available
§ Started open source, now part of F5
§ HA, health monitoring, DNS system
discovery
§ RESTful API, cloud native
§ Load balancer, reverse proxy
§ API gateway, media streaming
Use Cases:
§ Follows traditional ICAP use cases
§ Custom web apps with file upload capability
§ Migrating to the cloud
§ Cloud-native, containers, k8s
21. Multiscanning
• Combine 30+ commercial anti-
malware engines into one
platform for faster detection
• Combine analysis
mechanisms/techniques
(Signatures, Heuristics, AI/ML,
Emulation, etc.) to increase
detection ratio
• Detection optimization and
normalization
• Complements AV on endpoint
Multiple layers of defense
How It Works
22. OPSWAT Metascan
Simultaneous analysis with multiple anti-malware engines
• 30+ commercial anti-malware engines in one solution
• Combined analysis based on signatures, heuristics, AI/ML,
algorithms, emulation, and NGAV accelerates detection of
new and evolving malware
• Improved malware detection rate ~100%
• Faster outbreak detection- proactive defense-in-depth
dramatically reduces Mean Time to Detect (MTTD)
• Lower false positives
24. Deep CDR
How It Works
Verify file type and identify all
active embedded content in
file
IDENTIFY & SCAN
Remove all the potentially malicious
content and reconstruct the file with
only legitimate components
SANITIZE (DEEP CDR)
Generate a threat-free file
with full functionality and
quarantine the original file
USE
25. Deep CDR
• Supports 120+ file types (including
many regional-specific Office Suites,
such as Hancom and Ichitaro)
• 200+ conversion options
• Verify 4,500+ file types
• 50+ detailed configuration for
different file types
• Maintains file usability
• Achieves fast sanitization without
impacting performance
How It Works
26. Recursive Sanitization
• Embedded documents in a document
• Archives inside an archive
• Attachments in an email
• Real Archives
• TAR / ZIP / RAR / CAB
• Common files
• Office Suite (docx, xlsx, pptx, etc.)
• PDF
• Images (jpg, png, bmp, etc.)
How CDR Works
27. Examples
Deep CDR
Malware Features Solution Result
BLINDINGCAN
North Korea
• Reported by FBI/CISA in Aug 2020,
• use Attached Template to link to a malicious file
Deep CDR removes
all linked files
No malware
downloaded
Locky
ransomware
attack
• Delivered by email with an attached MS Word file containing
malicious macro
• Enabled macro drops the malware
• The malware detects whether it is running within a virtual
machine or a physical machine and relocate of instruction code.
Deep CDR removes
Macros
No malware
downloaded
Cobalt Strike
Backdoor
• Exploited MS vulnerabilities CVE-2021-40444
• Docx file contains an ActiveX object to download an HTML file
• HTML file downloads several files and Cobalt Strike malware
payload
Deep CDR removes
OLE objects
No shellcode
dropped
29. Proactive DLP
Highlights
• Supported sensitive information:
• Social Security Numbers
• Credit Card Numbers
• IPv4 addresses
• Classless Inter-Domain Routing (CIDR)
• Custom Regular Expressions (RegEx)
• Optical Character Recognition (OCR)
• Recursive detection
• More than 70 supported file types
• Individualized certainty level for each type of
sensitive information
• Advanced detection policy
How It Works
30. MetaDefender Core™
Deployment Options
Deployments
MetaDefender Core integrates with your
existing security architecture via REST API
MetaDefender Core Container deploys in
your containerization environments such as
Docker and Kubernetes
MetaDefender Cloud integrates with
IaaS environments like AWS, or with your existing
SaaS products like Salesforce for cloud-based
analysis.
MetaDefender ICAP Server integrates with
web apps (via Ingress, WAF, LB or API Gateway) or
Storage (NAS)
Application Security
31. Zero Trust
It’s a journey, not a destination
Technology
Better together! The F5/NGINX/OPSWAT
combination moves the needle when
implementing zero trust