Embed Size (px)
Citation preview
Boaz Litai, Regional Director - EMEAMarch 2018
Data Sanitization (CDR): Stripping Threats out of Your Organization
Søren Elnegaard Petersen – Sales Director, Arbit Security March 2018
Show casing:
How to protect high security networks with integrated OPSWAT Metadefender & Arbit Arbit Cross Domain Solution
&
Boaz Litai
I have 15 years of experience in cyber security addressing verticals such
as telecommunications, mobile, large enterprises, and governments.
I joined OPSWAT in April 2017 with the goal of developing an aggressive,
proactive go-to-market and outbound sales operation across EMEA, via
channel partners and building a direct sales organization.
Why OPSWAT?
OPSWAT is an exciting, growing security software company
headquartered in San Francisco with offices around the world.
It is a place where I can make my mark while improving safety and
helping make organizations secure around Europe.
Agenda
Who is OPSWAT?
State of Cyber Security Today
What is Content Disarm & Reconstruction (CDR)?
How is CDR implemented?
2002 Founded
5 Global Offices
1,000+ Direct Customers
6 Patents granted
24/7 Global Support
300 Technology Partners
175+ Worldwide Employees
Protecting Organizations from Advanced Threats3 synergistic technologies
Stops known and unknown threats
Consists of: Multi-scanning Data Sanitization App Vulnerability Scanning
Large and Loyal Customer BaseMarket leadership validated by marquee customer base across multiple critical infrastructure industries
GOVERNMENT DEFENSE ENERGY FINANCE MANUFACTURING TECHNOLOGY
Agenda
Who is OPSWAT?
State of Cyber Security Today
What is Content Disarm & Reconstruction (CDR)?
How is CDR implemented?
Five Primary Sources of ThreatsState of Cyber Security Today
State Sponsored Government-Funded Espionage
Cyber Criminals Well-Funded Criminals
Terrorists Zealots with Strong Views
Hacktivists Protesters with an Axe to Grind
Insider Threats Employees
Increasing ”Mega” Hacks/BreachesState of Cyber Security Today
Year 2013 and 2014
Number of Records
Data at Risk
Company
2015 2017
3 billion 78.8 million 143 million
Names DOB Email addresses Phone numbers Encrypted/unencrypted security questions and answers
Names DOB Email addresses SSN Addresses Employment information
Names DOB SSN Driver’s license numbers Credit card numbers
• Iran nuclear facilities were attacked by Stuxnet malware in 2010
• Saudi Aramco was attacked by Shamoon malware in 2012
• Ukraine power grid was attacked by BlackEnergy malware in 2015
• More than 80 Ukrainian and Russian companies initially were attacked by Petya malware
in 2017
• Early 2017 – US nuclear facilities hacked by nation/state
• Current – discussion of N. Korean nuclear plans for EMG pulse to knock out electrical
Increasing Prevalence of Critical Infrastructure AttacksState of Cyber Security Today
1. Phishing for credentials
2. Ransomware
3. Malvertising
4. Fraud targeting CEO
5. Vishing (phone phishing)
Top TacticsState of Cyber Security Today
6. Web application attacks
7. Disclosure by 3rd Parties
8. Data loss through email
9. Data loss through unauthorized cloud usage
10. Sabotage
The Cost of Data BreachesPer Capita Cost by Industry Classification Chart Title
Public sectorResearch
MediaTransportation
HospitalityEntertainment*
ConsumerEnergy
IndustrialCommunications
RetailTechnologyLife science
EducationServices
FinancialHealth
US$0 US$100 US$200 US$300 US$400
FY 2017 (USD$)4-year average (USD$)
*Historical data is not available for all yearsSource: Ponemon Institute
Agenda
Who is OPSWAT?
State of Cyber Security Today
What is Content Disarm & Reconstruction (CDR)?
How is CDR implemented?
What Is Data Sanitization (CDR)?The underlying technology has been around for a while
ExeFilter developed by French MoD for NATO, with goals of: To protect sensitive networks against attacks involving files, e-mails and active content. To ensure that only known and controlled file formats enter the system To filter all unwanted active content from external sources”
Certification requirement from NISA for portable solution vendors
Content Disarm & Reconstruct” used in NISA certification guidelines dated 2012 for deployment of stand-alone Kiosks “to scan files from an external source in order to find, block and disrupt malware before it can penetrate the corporate network.”
2004
2012
What Is Data Sanitization (CDR)?The technology becomes popular in 2015 – or at least gets a popular name…
Gartner recommends CDR to protect against phishing attacks (Fighting Phishing: Optimize Your Defense)
About 1,520,000 articles, 1,410 under “News,” on Google
2016
March, 2018
What Is Data Sanitization (CDR)?Synonyms
CDR Gartner Data Sanitization OPSWAT
Disarm feature
Symantec
Threat Extraction Check Point
Clean Content Oracle
Safe File Mimecast
DvC Solebit
Advanced CDR Votiro
* January 2018, USA Department of homeland security performed a Data Sanitization penetration test comparing OPSWAT Data Sanitization as well as 4 other solutions. OPSWAT achieved the best result among the select vendors!!
What Is Data Sanitization?Content Disarm and Reconstruction
It’s like boiling water
What Is Data Sanitization (CDR)?Content definition in Wikipedia
Removes potentially malicious code from files
It’s not malware analysis
Does not determine or detect malware's functionality
Removes all file components that are not approved within the system's definitions and policies
Why Is Data Sanitization Important?Block file types
.adp .fxp .mag .msc .prf .tmp .class
.app .gadget .mam .msh .prg .url .grp
.asp .hlp .maq .msh1 .pst .vb .jar
.bas .hpj .mar .msh2 .reg .vbe .mcf
.bat .hta .mas .mshxml .scf .vbp .ocx
.cer .inf .mat .msh1xml .scr .vbs .pl.chm .ins .mau .msh2xml .sct .vsmacros .xbap.cmd .isp .mav .msi .shb .vsw.cnt .its .maw .msp .shs .ws.com .js .mda .mst .ps1 .wsc.cpl .jse .mdb .ops .ps1xml .wsf.crt .ksh .mde .osd .ps2 .wsh.csh .lnk .mdt .pcd .ps2xml .xnk.der .mad .mdw .pif .psc1 .ade.exe .maf .mdz .plg .psc2 .cla
Symantec Recommends
Why Is Data Sanitization Important?Block file types
But probably not these if productivity is to be maintained:
Documents (DOC, DOCX, PDF, etc.)
Images (TIFF, JPG, PNG, etc.)
HTML files
Archive files (RAR, ZIP, etc.)
Other productivity files (CAD, SketchUp, XML, etc.)
Agenda
Who is OPSWAT?
State of Cyber Security Today
What is Content Disarm & Reconstruction (CDR)?
How is CDR implemented?
Data Sanitization ImplementationAn example with a Microsoft Office document
• Embedded objects
• OLE objects
• Attachments
• Embedded binary files
• Script-enabled ActiveX controls
• Macros
• Hyperlinks
Data SanitizationExample of PDF > PDF sanitization
Original File
Sanitized File
Data SanitizationExample of DOCX > DOCX sanitization
Original File
DOCX
Sanitized File
DOCX
MetadefenderProtecting Organizations from Advanced Threats
Søren Elnegaard Petersen – Sales Director, Arbit Security March 2018
Show casing:
How to protect high security networks with integrated OPSWAT Metadefender & Arbit Arbit Cross Domain Solution
© Arbit Security ApS 2018 – All rights reserved
Internet Company Isolated Network
© Arbit Security ApS 2018 – All rights reserved
© Arbit Security ApS 2018 – All rights reserved
Case OK:
© Arbit Security ApS 2018 – All rights reserved
Case OK:
© Arbit Security ApS 2018 – All rights reserved
© Arbit Security ApS 2018 – All rights reserved
Case REJECT: User file rejected
© Arbit Security ApS 2018 – All rights reserved
© Arbit Security ApS 2018 – All rights reserved
Thank You
