With advancing technology and the ever-evolving landscape of cybercrime, it is more important today than ever to reduce file-borne attacks, secure encrypted traffic, and protect your networks. In this webinar, we discuss the latest developments in the threat landscape, why shared responsibility matters for critical infrastructure, and how you can mitigate future threat vectors with the F5 NGINX Plus Certified Module from OPSWAT.

1. ©2023 OPSWAT, Inc. Proprietary and Confidential
OPSWAT and F5/NGINX:
Layered Security to
Protect Web Applications
OPSWAT / F5/NGINX Webinar
Wednesday, January 25, 2023
Adam Rocker & Damian Curry
Prepared for:
Prepared by:

2. ©2023 OPSWAT, Inc. Proprietary and Confidential
We Protect the World’s
Critical Infrastructure
OUR MISSION

3. 20 Years of Cybersecurity
Innovation and Growth
Critical Infrastructure Protection
Professional Services OEM Enterprise

4. Best Solution – Web Application Security
"OPSWAT embodies three
major features we judges
look for to become
winners: understanding
tomorrow’s threats, today,
providing a cost-effective
solution and innovating in
unexpected ways that can
help mitigate cyber risk
and get one step ahead of
the next breach."

5. OPSWAT and F5 Partnership
https://www.opswat.com/videos/how-to-integrate-
metadefender-icap-with-f5
OEM Partner since 2005 (OESIS)
ICAP Integration Partner since 2017
John Wagnon
Pete Silva

6. App Security:
Risks and Challenges

7. Application Security: Growth, Needs, and Challenges

8. Notables CIP Incidents – 2021/2022
Data courtesy: Industrial Cyber, Takepoint Research
Oldsmar water
treatment plant hack
Water & Waste
Colonial
Pipeline targeted
by DarkSide ransomwar
e hackers
Pipelines
Cyberattack Disrupts
Operations At Molson
Coors
Food & Agriculture
KIA core systems were
shut down by a
suspected
DoppelPaymer
ransomware attack
Automotive
Elekta was hit by a
ransomware attack
Healthcare

9. Application Security – Shared Concerns
© Copyright OPSWAT 2021. All rights reserved.
34%
28%
40%
46%
54%
66%
54%
38%
45%
50%
59%
62%
66%
73%
0% 20% 40% 60% 80%
Post outbreak
mitigation expenses
Lawsuits
Regulatory fines
Ransomware payouts
Denial of
service/infrastructure
Reputation damage
Loss in business or
revenue
By Location of Corporate Headquarters
United States
Other Countries

10. Application Security – Shared Responsibility
Same as with a CSP, cybersecurity responsibilities exist between
various security solutions and vendors

11. Application Security: The Blind Spots
1/3 of organizations with a web application for file uploads do not scan all file uploads to
detect malicious files.
1/5 of these organizations scan with just one anti-virus engine.
2/3 of organizations with a file upload web portal do not sanitize file uploads with Content
Disarm and Reconstruct (CDR) to prevent unknown malware and Zero-day attacks.
32%
18%
65%

12. Blind Spots galore!
Please rate your organization’s level of implementation for each of the following file
upload security best practices.
30%
32%
46%
52%
53%
54%
61%
61%
64%
71%
32%
33%
37%
31%
31%
33%
27%
25%
27%
22%
27%
31%
12%
12%
13%
12%
11%
9%
7%
6%
10%
4%
5%
5%
3%
1%
2%
4%
2%
1%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Remove embedded threats with Content Disarm and
Reconstruction Technology (CDR)
Randomize uploaded file names
Verify actual file type versus relying on the extension
Use simple error messages – e.g., excluding information like
directory paths that can be used to gain system entry
Set a maximum file name length and size
Check files for vulnerabilities
Limit the specific types of files that can be uploaded
Store uploaded files outside the web root folder
Scan all files for malware
Authenticate users
Fully implemented
Partially implemented
Not implemented
I don't know
© Copyright OPSWAT 2021. All rights reserved.

13. Blind Spot: Data Sanitization (prevent zero-day)
Does your company use CDR (Content Disarm and Reconstruction) for data sanitization to
disarm embedded threats (e.g., macros in word documents or scripts in pdfs)?
35%
37%
16%
12% Yes
No
I’ve never heard of CDR
I've heard of CDR, but don't know if my
company uses it

14. Application Security Compliance Mandates
© Copyright OPSWAT 2021. All rights reserved.
ISO 27001
Applies nearly universally
• Annex: A.12.2 Scan for malware before
using any files received via networks or
any storage device
PCI DSS
Payment Card Industry Data
Security Standard
Applies to any company handling
payment data
• PCI DSS Requirement 5: Protect all
systems against malware and update
anti-virus software or programs regularly
HIPAA
The Health Insurance Portability and
Accountability Act of 1996
Applies to Healthcare and insurance
providers and their business
associates, or any partner entity
accessing patient health information
(PHI)
§ 164.308(a)(5)(ii)(B) Protection from
Malicious Software
NERC CIP
North American Electric Reliability
Critical Infrastructure Protection
Applies to all US energy providers
• CIP-007-6 – Malicious Code Prevention
NIST 800-53
Applies to all U.S. Federal
information systems
• SI-3 Malicious Code Protection
Others:
GDPR
General Data Protection
Regulation
FISMA
Federal Information Security
Management Act of 2002

15. Security Infrastructure & Platform Integrations
Which deployment stack would you like to have plug-and-play security integrations for?
n = would benefit from plug and play solutions
Google, Oracle, Java,
Zscaler, Netscope
Other
2%
6%
8%
35%
37%
48%
74%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other. Please specify:
A10
Envoy
Nginx
F5
Citrix
VMware
61% choose one of
F5 or Nginx
(16% choose both)
© Copyright OPSWAT 2021. All rights reserved.

16. App Security:
Technologies

17. MetaDefender Core™
Technology Platform
Challenges
File-based evasive malware and zero-day attacks
Sensitive data leakage and staying compliant
Too many security tools and technologies
Complex systems, few qualified professionals
Solution
Inspect all incoming files for malware
Data sanitization to prevent zero-day attacks
Detect and manage sensitive information in files
Multiple security technologies in a single platform
Application Security

18. MetaDefender Core™
Technology Platform
Benefits
Malware protection and data breach prevention
Protect sensitive data in files
Comprehensive, easy-to-integrate platform
Features
Multiscanning with 30+ AV engines
Deep CDR (Content Disarm and Reconstruction)
Proactive DLP (Data Loss Prevention)
Wide file type support including nested archives
Application Security

19. MetaDefender ICAP™
Benefits
Out-of-the-box integration into
existing infrastructure, fast setup and POC
Comprehensive security and data
protection technologies, additive security
Low overhead maintenance
Features
All MetaDefender Core platform technologies
Integrates with any ICAP-enabled
device (secure gateway, proxies, WAF, SSL
inspectors)
Native integration with NGINX Plus and NGINX
Open Source
Application Security

20. Why NGINX?
What is NGINX?
§ Fastest web server available
§ Started open source, now part of F5
§ HA, health monitoring, DNS system
discovery
§ RESTful API, cloud native
§ Load balancer, reverse proxy
§ API gateway, media streaming
Use Cases:
§ Follows traditional ICAP use cases
§ Custom web apps with file upload capability
§ Migrating to the cloud
§ Cloud-native, containers, k8s

21. Multiscanning
• Combine 30+ commercial anti-
malware engines into one
platform for faster detection
• Combine analysis
mechanisms/techniques
(Signatures, Heuristics, AI/ML,
Emulation, etc.) to increase
detection ratio
• Detection optimization and
normalization
• Complements AV on endpoint
Multiple layers of defense
How It Works

22. OPSWAT Metascan
Simultaneous analysis with multiple anti-malware engines
• 30+ commercial anti-malware engines in one solution
• Combined analysis based on signatures, heuristics, AI/ML,
algorithms, emulation, and NGAV accelerates detection of
new and evolving malware
• Improved malware detection rate ~100%
• Faster outbreak detection- proactive defense-in-depth
dramatically reduces Mean Time to Detect (MTTD)
• Lower false positives

23. Adding more anti-malware engines increases detection rates to nearly 100% and reduces Mean Time to Detect (MTTD) by 25%
4 Engines 8 Engines 12 Engines 16 Engines 20 Engines Max Engines
Detection 88.70% 90.70% 92.70% 95.20% 95.70% 99.40%
MTTD (hours) 132.32 115.2 107.76 102.48 100.54
88.70%
90.70%
92.70%
95.20% 95.70%
99.40%
132.32
115.2
107.76
102.48 100.54
0
20
40
60
80
100
120
140
60.00%
65.00%
70.00%
75.00%
80.00%
85.00%
90.00%
95.00%
100.00%
Detection of top 10000 threats
Source: https://metadefender.opswat.com, September 2021
© Copyright OPSWAT 2021. All rights reserved.
• Proactive defense-in-depth dramatically reduces Mean Time to Detect (MTTD)
• Combined application of proprietary technologies (heuristics, AI/ML, algorithms per vendor accelerates discovery of new and evolving
malware
Improved Malware Detection through Multiscanning

24. Deep CDR
How It Works
Verify file type and identify all
active embedded content in
file
IDENTIFY & SCAN
Remove all the potentially malicious
content and reconstruct the file with
only legitimate components
SANITIZE (DEEP CDR)
Generate a threat-free file
with full functionality and
quarantine the original file
USE

25. Deep CDR
• Supports 120+ file types (including
many regional-specific Office Suites,
such as Hancom and Ichitaro)
• 200+ conversion options
• Verify 4,500+ file types
• 50+ detailed configuration for
different file types
• Maintains file usability
• Achieves fast sanitization without
impacting performance
How It Works

26. Recursive Sanitization
• Embedded documents in a document
• Archives inside an archive
• Attachments in an email
• Real Archives
• TAR / ZIP / RAR / CAB
• Common files
• Office Suite (docx, xlsx, pptx, etc.)
• PDF
• Images (jpg, png, bmp, etc.)
How CDR Works

27. Examples
Deep CDR
Malware Features Solution Result
BLINDINGCAN
North Korea
• Reported by FBI/CISA in Aug 2020,
• use Attached Template to link to a malicious file
Deep CDR removes
all linked files
No malware
downloaded
Locky
ransomware
attack
• Delivered by email with an attached MS Word file containing
malicious macro
• Enabled macro drops the malware
• The malware detects whether it is running within a virtual
machine or a physical machine and relocate of instruction code.
Deep CDR removes
Macros
No malware
downloaded
Cobalt Strike
Backdoor
• Exploited MS vulnerabilities CVE-2021-40444
• Docx file contains an ActiveX object to download an HTML file
• HTML file downloads several files and Cobalt Strike malware
payload
Deep CDR removes
OLE objects
No shellcode
dropped

28. Proactive DLP
How It Works
Detect and Redact Watermark Remove Metadata

29. Proactive DLP
Highlights
• Supported sensitive information:
• Social Security Numbers
• Credit Card Numbers
• IPv4 addresses
• Classless Inter-Domain Routing (CIDR)
• Custom Regular Expressions (RegEx)
• Optical Character Recognition (OCR)
• Recursive detection
• More than 70 supported file types
• Individualized certainty level for each type of
sensitive information
• Advanced detection policy
How It Works

30. MetaDefender Core™
Deployment Options
Deployments
MetaDefender Core integrates with your
existing security architecture via REST API
MetaDefender Core Container deploys in
your containerization environments such as
Docker and Kubernetes
MetaDefender Cloud integrates with
IaaS environments like AWS, or with your existing
SaaS products like Salesforce for cloud-based
analysis.
MetaDefender ICAP Server integrates with
web apps (via Ingress, WAF, LB or API Gateway) or
Storage (NAS)
Application Security

31. Zero Trust
It’s a journey, not a destination
Technology
Better together! The F5/NGINX/OPSWAT
combination moves the needle when
implementing zero trust

32. ©2023 OPSWAT, Inc. Proprietary and Confidential
Thank You!