Ad
More Related Content
What's hot (20)
Similar to Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX (20)
Ad
More from NGINX, Inc. (20)
Ad
Recently uploaded (20)
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
- 1. ©2023 OPSWAT, Inc. Proprietary and Confidential OPSWAT and F5/NGINX: Layered Security to Protect Web Applications OPSWAT / F5/NGINX Webinar Wednesday, January 25, 2023 Adam Rocker & Damian Curry Prepared for: Prepared by:
- 2. ©2023 OPSWAT, Inc. Proprietary and Confidential We Protect the World’s Critical Infrastructure OUR MISSION
- 3. 20 Years of Cybersecurity Innovation and Growth Critical Infrastructure Protection Professional Services OEM Enterprise
- 4. Best Solution – Web Application Security "OPSWAT embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach."
- 5. OPSWAT and F5 Partnership https://www.opswat.com/videos/how-to-integrate- metadefender-icap-with-f5 OEM Partner since 2005 (OESIS) ICAP Integration Partner since 2017 John Wagnon Pete Silva
- 6. App Security: Risks and Challenges
- 7. Application Security: Growth, Needs, and Challenges
- 8. Notables CIP Incidents – 2021/2022 Data courtesy: Industrial Cyber, Takepoint Research Oldsmar water treatment plant hack Water & Waste Colonial Pipeline targeted by DarkSide ransomwar e hackers Pipelines Cyberattack Disrupts Operations At Molson Coors Food & Agriculture KIA core systems were shut down by a suspected DoppelPaymer ransomware attack Automotive Elekta was hit by a ransomware attack Healthcare
- 9. Application Security – Shared Concerns © Copyright OPSWAT 2021. All rights reserved. 34% 28% 40% 46% 54% 66% 54% 38% 45% 50% 59% 62% 66% 73% 0% 20% 40% 60% 80% Post outbreak mitigation expenses Lawsuits Regulatory fines Ransomware payouts Denial of service/infrastructure Reputation damage Loss in business or revenue By Location of Corporate Headquarters United States Other Countries
- 10. Application Security – Shared Responsibility Same as with a CSP, cybersecurity responsibilities exist between various security solutions and vendors
- 11. Application Security: The Blind Spots 1/3 of organizations with a web application for file uploads do not scan all file uploads to detect malicious files. 1/5 of these organizations scan with just one anti-virus engine. 2/3 of organizations with a file upload web portal do not sanitize file uploads with Content Disarm and Reconstruct (CDR) to prevent unknown malware and Zero-day attacks. 32% 18% 65%
- 12. Blind Spots galore! Please rate your organization’s level of implementation for each of the following file upload security best practices. 30% 32% 46% 52% 53% 54% 61% 61% 64% 71% 32% 33% 37% 31% 31% 33% 27% 25% 27% 22% 27% 31% 12% 12% 13% 12% 11% 9% 7% 6% 10% 4% 5% 5% 3% 1% 2% 4% 2% 1% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Remove embedded threats with Content Disarm and Reconstruction Technology (CDR) Randomize uploaded file names Verify actual file type versus relying on the extension Use simple error messages – e.g., excluding information like directory paths that can be used to gain system entry Set a maximum file name length and size Check files for vulnerabilities Limit the specific types of files that can be uploaded Store uploaded files outside the web root folder Scan all files for malware Authenticate users Fully implemented Partially implemented Not implemented I don't know © Copyright OPSWAT 2021. All rights reserved.
- 13. Blind Spot: Data Sanitization (prevent zero-day) Does your company use CDR (Content Disarm and Reconstruction) for data sanitization to disarm embedded threats (e.g., macros in word documents or scripts in pdfs)? 35% 37% 16% 12% Yes No I’ve never heard of CDR I've heard of CDR, but don't know if my company uses it
- 14. Application Security Compliance Mandates © Copyright OPSWAT 2021. All rights reserved. ISO 27001 Applies nearly universally • Annex: A.12.2 Scan for malware before using any files received via networks or any storage device PCI DSS Payment Card Industry Data Security Standard Applies to any company handling payment data • PCI DSS Requirement 5: Protect all systems against malware and update anti-virus software or programs regularly HIPAA The Health Insurance Portability and Accountability Act of 1996 Applies to Healthcare and insurance providers and their business associates, or any partner entity accessing patient health information (PHI) § 164.308(a)(5)(ii)(B) Protection from Malicious Software NERC CIP North American Electric Reliability Critical Infrastructure Protection Applies to all US energy providers • CIP-007-6 – Malicious Code Prevention NIST 800-53 Applies to all U.S. Federal information systems • SI-3 Malicious Code Protection Others: GDPR General Data Protection Regulation FISMA Federal Information Security Management Act of 2002
- 15. Security Infrastructure & Platform Integrations Which deployment stack would you like to have plug-and-play security integrations for? n = would benefit from plug and play solutions Google, Oracle, Java, Zscaler, Netscope Other 2% 6% 8% 35% 37% 48% 74% 0% 10% 20% 30% 40% 50% 60% 70% 80% Other. Please specify: A10 Envoy Nginx F5 Citrix VMware 61% choose one of F5 or Nginx (16% choose both) © Copyright OPSWAT 2021. All rights reserved.
- 17. MetaDefender Core™ Technology Platform Challenges File-based evasive malware and zero-day attacks Sensitive data leakage and staying compliant Too many security tools and technologies Complex systems, few qualified professionals Solution Inspect all incoming files for malware Data sanitization to prevent zero-day attacks Detect and manage sensitive information in files Multiple security technologies in a single platform Application Security
- 18. MetaDefender Core™ Technology Platform Benefits Malware protection and data breach prevention Protect sensitive data in files Comprehensive, easy-to-integrate platform Features Multiscanning with 30+ AV engines Deep CDR (Content Disarm and Reconstruction) Proactive DLP (Data Loss Prevention) Wide file type support including nested archives Application Security
- 19. MetaDefender ICAP™ Benefits Out-of-the-box integration into existing infrastructure, fast setup and POC Comprehensive security and data protection technologies, additive security Low overhead maintenance Features All MetaDefender Core platform technologies Integrates with any ICAP-enabled device (secure gateway, proxies, WAF, SSL inspectors) Native integration with NGINX Plus and NGINX Open Source Application Security
- 20. Why NGINX? What is NGINX? § Fastest web server available § Started open source, now part of F5 § HA, health monitoring, DNS system discovery § RESTful API, cloud native § Load balancer, reverse proxy § API gateway, media streaming Use Cases: § Follows traditional ICAP use cases § Custom web apps with file upload capability § Migrating to the cloud § Cloud-native, containers, k8s
- 21. Multiscanning • Combine 30+ commercial anti- malware engines into one platform for faster detection • Combine analysis mechanisms/techniques (Signatures, Heuristics, AI/ML, Emulation, etc.) to increase detection ratio • Detection optimization and normalization • Complements AV on endpoint Multiple layers of defense How It Works
- 22. OPSWAT Metascan Simultaneous analysis with multiple anti-malware engines • 30+ commercial anti-malware engines in one solution • Combined analysis based on signatures, heuristics, AI/ML, algorithms, emulation, and NGAV accelerates detection of new and evolving malware • Improved malware detection rate ~100% • Faster outbreak detection- proactive defense-in-depth dramatically reduces Mean Time to Detect (MTTD) • Lower false positives
- 23. Adding more anti-malware engines increases detection rates to nearly 100% and reduces Mean Time to Detect (MTTD) by 25% 4 Engines 8 Engines 12 Engines 16 Engines 20 Engines Max Engines Detection 88.70% 90.70% 92.70% 95.20% 95.70% 99.40% MTTD (hours) 132.32 115.2 107.76 102.48 100.54 88.70% 90.70% 92.70% 95.20% 95.70% 99.40% 132.32 115.2 107.76 102.48 100.54 0 20 40 60 80 100 120 140 60.00% 65.00% 70.00% 75.00% 80.00% 85.00% 90.00% 95.00% 100.00% Detection of top 10000 threats Source: https://metadefender.opswat.com, September 2021 © Copyright OPSWAT 2021. All rights reserved. • Proactive defense-in-depth dramatically reduces Mean Time to Detect (MTTD) • Combined application of proprietary technologies (heuristics, AI/ML, algorithms per vendor accelerates discovery of new and evolving malware Improved Malware Detection through Multiscanning
- 24. Deep CDR How It Works Verify file type and identify all active embedded content in file IDENTIFY & SCAN Remove all the potentially malicious content and reconstruct the file with only legitimate components SANITIZE (DEEP CDR) Generate a threat-free file with full functionality and quarantine the original file USE
- 25. Deep CDR • Supports 120+ file types (including many regional-specific Office Suites, such as Hancom and Ichitaro) • 200+ conversion options • Verify 4,500+ file types • 50+ detailed configuration for different file types • Maintains file usability • Achieves fast sanitization without impacting performance How It Works
- 26. Recursive Sanitization • Embedded documents in a document • Archives inside an archive • Attachments in an email • Real Archives • TAR / ZIP / RAR / CAB • Common files • Office Suite (docx, xlsx, pptx, etc.) • PDF • Images (jpg, png, bmp, etc.) How CDR Works
- 27. Examples Deep CDR Malware Features Solution Result BLINDINGCAN North Korea • Reported by FBI/CISA in Aug 2020, • use Attached Template to link to a malicious file Deep CDR removes all linked files No malware downloaded Locky ransomware attack • Delivered by email with an attached MS Word file containing malicious macro • Enabled macro drops the malware • The malware detects whether it is running within a virtual machine or a physical machine and relocate of instruction code. Deep CDR removes Macros No malware downloaded Cobalt Strike Backdoor • Exploited MS vulnerabilities CVE-2021-40444 • Docx file contains an ActiveX object to download an HTML file • HTML file downloads several files and Cobalt Strike malware payload Deep CDR removes OLE objects No shellcode dropped
- 28. Proactive DLP How It Works Detect and Redact Watermark Remove Metadata
- 29. Proactive DLP Highlights • Supported sensitive information: • Social Security Numbers • Credit Card Numbers • IPv4 addresses • Classless Inter-Domain Routing (CIDR) • Custom Regular Expressions (RegEx) • Optical Character Recognition (OCR) • Recursive detection • More than 70 supported file types • Individualized certainty level for each type of sensitive information • Advanced detection policy How It Works
- 30. MetaDefender Core™ Deployment Options Deployments MetaDefender Core integrates with your existing security architecture via REST API MetaDefender Core Container deploys in your containerization environments such as Docker and Kubernetes MetaDefender Cloud integrates with IaaS environments like AWS, or with your existing SaaS products like Salesforce for cloud-based analysis. MetaDefender ICAP Server integrates with web apps (via Ingress, WAF, LB or API Gateway) or Storage (NAS) Application Security
- 31. Zero Trust It’s a journey, not a destination Technology Better together! The F5/NGINX/OPSWAT combination moves the needle when implementing zero trust
- 32. ©2023 OPSWAT, Inc. Proprietary and Confidential Thank You!