OPSWAT’s portable media security solution Metadefender now offers a secure file transfer add-on to safely move threat-free data from portable devices to high-security networks.

OPSWAT, provider of solutions to secure and manage IT infrastructure, today announced the release of Metadefender Secure File Transfer, an add-on to their portable media security solution Metadefender. With the Secure File Transfer add-on, Metadefender can transfer allowed files to a secure portal, eliminating the need to bring removable media such as USBs or DVDs into a secure network, and providing a more complete secure data workflow for high security organizations.

Metadefender protects corporate networks from the risk of removable media devices, such as USB drives and CDs/DVDs, by scanning files with up to 30 anti-malware engines and allowing organizations to configure detailed content filters. With Metadefender Secure File Transfer, high security organizations such as banks, military institutions, and public utilities, can now safely transfer processed files into separated networks (optionally with the use of a data diode), ensuring that only authenticated users are allowed access to the files.

Click to Enlarge

“Metadefender Secure File Transfer improves the portable media scanning process and provides a secure and efficient workflow,” said George Prichici, Product Manager of Metadefender SFT at OPSWAT. “After users scan their portable media on the Metadefender kiosk, the allowed files are automatically encrypted and transferred to the secure portal, eliminating the need to bring any portable media into the secure area.  In addition, Metadefender Secure File Transfer includes extensive auditing that records each transfer and download, providing companies with more insight and control over their data flow.”

About Metadefender
Metadefender helps protect networks by enabling control over the flow of data into and out of the organization and is commonly used as a checkpoint to protect infrastructure and industrial control systems (ICS) from the risk of removable media devices. Metadefender is powered by Metascan, a powerful multi-scanning solution that can quickly scan files with multiple anti-malware engines to detect and block advanced threats. 

About OPSWAT
OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and help organizations protect against zero day attacks by using multiple antivirus engine scanning and document sanitization. 

Although USB flash drives are extremely useful devices for transferring data, they do come with security risks. Employees using USB drives at home and then plugging them back into the corporate network is a security concern for any IT Administrator. But with all the news about malware and data breaches, surely employees realize that USB drives can be infected and will be careful before plugging them in, right? Wrong. According to technology certificate provider CompTIA, employees still practice unsafe cyber security habits. In their recent experiment, CompTIA found that nearly one in five people picked up USB drives found in public locations and plugged them into their devices. 

Malware and Booby-Trapped USBs

Not only can USB devices contain malware and spread infection as soon as they are connected to a network, they can also be booby-trapped and take over keyboards all while running in the background without the user ever realizing that their computer has been hijacked. For instance, a booby-trapped USB drive was the origin of the infamous Stuxnet worm that infected Iranian nuclear facilities, and has since been billed as the most sophisticated computer virus ever created. Earlier this year, a researcher created a USB stick dubbed USB Killer that is capable of delivering a 220-volt charge to the attached computer within seconds of being connected. The USB stick looks like a normal USB drive and there are no other signs that it is malicious. Microsoft also recently revealed a Windows vulnerability that could allow an attacker to execute malicious code from a booby-trapped USB. 

We know USB devices are important for the efficiency of an organization, and that the only way to move data between low-security networks and high-security networks is often through portable USBs. That being said, USB devices should not be banned outright. Instead, organizations need to implement a USB security system to allow the use of USB drives, while at the same time protecting against the inherent threats. These systems should address USB threats in the following ways:

1. Protect Against Malware: Ensure that all USB devices are checked for malware before they are connected to the network. This can be accomplished by deploying a malware scanning kiosk or station where USB drives are thoroughly scanned for any malware before they can be connected to the corporate network.

2. Control and Limit: In addition to malware scanning, limits can be set on allowed USB devices and file types based on the user’s role at the organization. For instance, if an employee has no need to use executable files at work, these types of files should be blocked. To avoid file types being spoofed and getting past filters, it is also important to perform file type verification. In addition, since PDFs and Office files are commonly used as attack vectors, it is advisable to sanitize files and remove any possible embedded scripts. In this way unknown threats, such as zero-day threats and targeted threats, can be prevented.

3. Avoid Direct Plug-Ins: In order to avoid connecting USB drives directly to the network, the USB security system can securely transfer the allowed files from the USB drive to a corporate portal from where the user can download the files. This removes the need to have USB drives connected directly to the network, eliminating the risk of booby-trapped USBs altogether.

In addition to a USB Security system, it is also important that employees are regularly trained on the importance of adhering to strict USB security practices. This allows employees and companies to take advantage of the benefits of USB drives without compromising security.

OPSWAT's Metadefender product can be used to scan USB devices quickly and reliably by utilizing multiple, built-in anti-malware engines (up to 30 engines) that work simultaneously to detect malicious code. Metadefender can further bolster USB security by applying user-based file policies, verifying file types and sanitizing files. In addition, secure file transfer can be used to transfer allowed files and avoid the need for USB drives to be plugged into the corporate network.

I'm proud to announce that OPSWAT is changing our identity provider for all of our web products from an in-house solution to Salesforce SSO. While our current identity management system served us well over the years, the time required to maintain it detracted from our core mission of protecting organizations from known and unknown threats. We chose Salesforce because of their robust user administration features, numerous cloud integrations and improved flexibility for our users. Our customers will enjoy enhanced security, easier account registration, faster response time, and cleaner integrations to other cloud providers. This change will also enable us to support new features, such as a social login and community forums. Stay tuned for more information over the next few weeks! 

This month's release includes support for customized authentication modules, and allows Metadefender to use Metascan workflows. Both new features are now available with Metadefender 3.2.0.

Metadefender Now Supports Custom Authentication

Metadefender, often used as a security checkpoint, now supports custom authentication modules for badge scanners, fingerprint readers, and other identifying hardware. System administrators will no longer have to rely on the existing Windows login, and will be able to write their own custom modules so that they can install authentication hardware that matches their existing security processes.

We know that maximum security organizations such as banks, military organizations, and public utilities often enforce employee security clearances. Whether that organization uses token, biometric, or passwords for authentication, administrators will be able to integrate with Metadefender 3.2.0.

Metascan Workflows in Metadefender Management Console

In our last release, we added Metascan configurations to the Metadefender management console. We continued this integration and have enabled Metadefender to use the same workflows as Metascan. The workflows for handling archives, file conversions, and copy-to post actions allow system administrators to gain better control over the flow of data in and out of their networks. Having Metadefender use Metascan workflows makes it easier for administrators to manage policies for handling various file types. To use this functionality, make sure to upgrade your Metascan package to 3.10.1.

Click to Enlarge

The most recent version of Metadefender is now available on the OPSWAT Portal. If you need any assistance in upgrading to the latest version of Metadefender, please contact OPSWAT support.

Important Announcement for Metascan and Metadefender Admins:

OPSWAT encourages all users to upgrade their systems to the latest versions of Metadefender and Metascan whenever it is possible for them to do so. For any users that are using versions of Metascan older than 3.9.1, please be aware that OPSWAT will soon stop releasing offline definition update packages for Metascan versions prior to 3.9.1. If you have Metascan installed in an offline environment and do not upgrade Metascan to a recent version, you will have to use the Automatic Definition Update Download Utility to download definition updates.

Are viruses and malware getting past your email filters? If so, you are not alone. In an email security survey conducted by OPSWAT, 51% percent of IT Administrators experienced a malware breach within the last 18 months, and 50% percent had employees that clicked on phishing links. High profile data breaches, including those suffered by Target, Anthem, Sony and even the White House, all started with a spear phishing attack. Why are these spear phishing emails not being blocked by the email security and antivirus solutions that must undoubtedly be deployed by these organizations? Organizations require an additional layer of email security that can block more threats than existing email security defenses.

Metascan Mail Agent Blocks Threats Missed by your Email Security Solution

By deploying OPSWAT’s Metascan® Mail Agent in addition to your existing email security solution, you can add a second layer of email defense and block significantly more email threats. Metascan's anti-malware technology leverages the power of the different detection algorithms and heuristics of multiple engines, resulting in significantly higher malware detection rates. Metascan further protects against advanced threats, including zero-day and targeted attacks, by utilizing extensive heuristic analysis as well as data sanitization technology that removes possible embedded threats such as those utilized in spear phishing attacks.

How to Deploy Metascan Mail Agent

The Metascan Mail Agent works in conjunction with your email security solution and acts as an SMTP relay between your email security gateway and mail server, scanning all email attachments that pass through for known and unknown threats before they are delivered to your mail server. Read on to learn how to deploy Metascan Mail Agent in your network and find out how many more threats you can block.

Video: How to configure Metascan Mail Agent

Watch the configuration video and follow the steps below to integrate the Mail Agent with your Exchange Server and email security gateway. 

Configuration Steps:

1. Download the Metadefender Mail Agent from the Metascan Management Console
   1. http://<metascan server>:8008/management/#/sources-email
2. Run the Mail Agent installer on the system that will be acting as the mail relay
3. Configure the Mail Agent
   1. C:\Program Files\OPSWAT\MetadefenderEmailAgent\Metadefender.Email.Engine.Generic.Agent.dll.config

Property	Description	Value

EmailRelayOutServer	Name (or IP adress) of server to forward all email to	String
EmailRelayOutPort	SMTP Port to forward emails to. Default is 25	0~ 65535
EmailRelayInPort	Port to monitor by email relay. Default is 10025	0~ 65535
EmailRelayInDirection	Determines the direction of emails. Possible values : 0 = Incoming, 1 = Outgoing, 2 = Determine email direction using the local domain list in parameter EmailRelayInLocalDomains (If sender's email domain exists in parameter EmailRelayInLocalDomains direction is outgoing, or else incoming)	0, 1, 2
EmailRelayInLocalDomains	List of local domains. Separate multiple domains with a semi colon (;). For example opswat.com;mycompany.com. Only used when parameter EmailRelayIn is set to 2.	See description

4. Restart the Mail Agent Service
5. Configure the incoming SMTP server to send email to the Metadefender Mail Agent 

Email Infection Notifications

Metascan can be configured to send email notifications whenever an email attachment is scanned and a threat is detected. These notifications can be enabled on the Quarantine page in the Metascan Management Console. The mail server configuration must also be correctly set for email notifications to be sent.

Email Quarantine

By default, the Metadefender Mail Agent will only log email attachments where Metascan finds a threat, but will allow the email to be delivered. To quarantine those emails, select the checkbox on the Mail Agent configuration page in the Metascan Management Console.

System Requirements 

The following systems are required to set up the Metadefender Mail Agent: 

• Incoming Mail Server
• Outgoing Mail Server
• Metadefender Mail Agent
  
  • Requires Windows Server 2008, 2008 R2, 2012, or Windows SBS 2011
• Metascan Server (can be the same system as the Metadefender Mail Agent)

Gears Virginia contains bug fixes and configuration enhancements to both Gears cloud and the Gears client. Read below to learn more about the user interface changes to our Gears configuration settings, and when you’re ready, download the latest version of OPSWAT Gears.

Global Settings

Previously labeled as Account Settings, we have changed the main settings section to Global Settings, to reflect the reach of the configurations. All of the settings, now divided by Account, Device Agents, Device Data, and Device Compliance, are still located beneath Device Policy within the configuration menu. 

New Organization of Configuration Settings

Are your security products compatible with leading network technology? If you are a vendor or user of security products, you can limit chances of poor usability issues by certifying your products with OPSWAT. All products involved in our free certification program are certified compatible with leading network solutions like Juniper, Cisco, and Citrix. Submit your product today to be listed, or view our certified products list before purchasing a solution. 

	VIPRE Internet Security 9.X
	CylancePROTECT for OS X 1.X CylancePROTECT 1.X REVE Antivirus 1.X
	VIPRE Internet Security 9.X

OPSWAT Certification is a free program, and submitting products is an easy, development-free process. Become an OPSWAT Certified Partner by submitting and receiving certification badgs for your products! 

The security risks of using portable media have been increasing as the sophistication of malware have advanced over time. Read our month-in-review post to catch up on the most destructive malware of all time, the most recent media security innovations, and learn three ways to mitigate USB risks. 

Millions of Scan Results from 40+ Engines

By leveraging data from more than 40 leading antivirus engines in a pre-computed package, the Metascan Hash Database enables seamless and secure integration of fast anti-malware multi-scanning technology into your networks and applications.

Learn more about the benefits >>

Most Destructive Malware of All Time 

All malware is inherently dangerous, but there are a few threats that stand out amongst the others when it comes to inflicting damage. Here's a list of some of the most destructive malware of all time from traditional viruses, worms and Trojans to increasingly prevalent PUAs such as adware and spyware.

See the top 10 threads >> 

Enhanced Security for Portable Media Files

We just released a secure file transfer module for our portable media security solution Metadefender. With the Secure File Transfer add-on, Metadefender can transfer allowed files to a secure portal, eliminating the need to bring removable media such as USBs or DVDs into a secure network, and providing a more complete secure data workflow for high-security organizations.

Read more about Metadefender SFT >>

Three Ways to Address USB Risks

Earlier this year, a researcher created a USB stick dubbed USB Killer that is capable of delivering a 220-volt charge to the attached computer within seconds of being connected. Here's how to protect against increasingly dangerous threats such as these.

How to tackle these risks >> 

A Look Back at SCADA Security in 2015

For security purposes, SCADA and ICS systems use 'air gapping' to protect control systems. This completely disconnects them from the internet and the corporate network. While this protects these systems from online threats, this creates another avenue for cyber attack via portable media. 

Protect against portable media threats >>

OPSWAT CEO at Defense Innovation 

Benny Czarny, OPSWAT's CEO, was one of the review panelists for the Cyber Innovation Challenge earlier this month at Defense Innovation in Austin, Texas. The challenge is designed to accelerate private-sector and defense sourced technology solutions aligned with warfighter and national security problem-sets.

We had a great time presenting at the event and in February will be holding a free Cyber Security Seminar in Washington DC for those of you interested in learning about new threat protection technologies.

Read more about the event >>

Research conducted by OPSWAT, provider of solutions to secure and manage IT infrastructure, found that over 80% of IT security professionals cite their biggest fear as infected or compromised devices accessing their data or assets. 42% were also concerned about devices not being encrypted when accessing their data or assets, and a further 35% that the devices had riskware or greyware installed.

The need to have all devices secure was echoed, with 68% of respondents saying that the security of devices or endpoints accessing their networks and resources was more important to them than the security of data entering their organization. 

Despite 35% of respondents being concerned over greyware accessing their data, only 13% currently check for greyware when determining risk and compliance. Antivirus software (88%) and firewalls (81%) continue to be the leading defenses within organizations. Encryption (67%) and password protection (65%) are also popular amongst IT security professionals.

The survey also showed that the popularity of multi-scanning is on the rise, with 72% of respondents using multi-scanning software within their organization. Of that 72%, three-quarters said they use multi-scanning for email security and to scan endpoints and processes, and over half using it to scan uploads to their server.

“With over 390,000 new threats emerging daily, anti-malware engines need to detect new threats continuously, and will inevitably address different threats at different times. By using only one or two antivirus engines, companies are exposing themselves to malware threats, since no antivirus engine can be accurate 100% of the time. However, by using multiple anti-malware engines, companies can benefit from several detection algorithms and heuristics to significantly increase malware detection rates, as well as their protection against new threats. With multi-scanning, only one engine needs to detect the threat in order for a company to be protected” said Benny Czarny, CEO at OPSWAT.

The survey was conducted amongst over 100 IT professionals across the RSA Conference, Infosecurity Europe and Black Hat.

If you are interested in seeing more from our survey, please take a look at the additional survey results highlighted below:

1. Has your company experienced a malware breach in the past 12 months?

• Yes - 22.4%
• No - 77.6%

2. How does your organization use multi-scanning? (select all that apply)

• Email security for incoming and outgoing files - 77.8%
• It is built into my own application - 17.3%
• Scan endpoints and processes - 77.8%
• Scan uploads to a server - 58.0%
• Scan binaries before software release to check for false positives and/or malicious code - 35.8%
• Other - 6.2%

3. Do you know which NAC or SSL VPN solution your organization uses?

• Yes - I know which VPN we use - 36.6%
• No - I'm not sure - 63.4%

4. What is your biggest problem with your NAC or SSL VPN solution?

• Not able to check for security or compliance issues. For instance, I have no way to determine which devices are encrypted - 18.7%
• New software applications are not always detected by the current solution - 17.3%
• I am unable to check unmanaged devices to ensure that they are not infected - 40.0%
• If a user cannot connect, remediation requires time/money that my department doesn't have - 24.0%

Every organization has data flowing into and out of the organization. Along with any data comes the risk of malware. To protect against threats, most companies implement anti-malware solutions at different entry points, such as email, web, and portable media. However instead of tackling each entry point as a separate anti-malware project, organizations should treat secure data workflow as a complete process that addresses data cyber security in the company as a whole. By combining the different elements into one process, organizations obtain a complete overview, decreasing the chance of overlooking things and allowing them to benefit from synergies and increase efficiency.
 
So, how can you implement a secure data workflow in your organization? The secure data flow planning process consists of five steps:

#1. Identify the Different Data Workflows

Organizations need to determine where data is coming from and what the destinations are. For example, data that comes in through email is destined for employees or contractors. Data that comes in through the web is destined for desktops, mobile devices, USB devices, and so on. Each data flow in the company needs to be defined in this way.

#2. What File Types Are Needed by Users?

Secondly, organizations need to determine which users need which types of files. For instance does the accounting department need to receive executable or media files? Probably not. Do they need to receive PDF and Word documents? Yes. However, the IT department should have access to exe files. Similarly, the marketing department might need access to media files to complete their daily tasks.

#3. What Threats Are Possible?

Some file types are more dangerous than others. Executable files can contain viruses. PDF and Word documents can include embedded threats, whereas txt and bmp files have close to zero chance of containing a threat. For those file types that can include threats, it is important to limit their usage where possible.

#4. Define Data Scanning and Sanitization Policies

Based on the inherent file threats, more security measures should be applied for file types that are more dangerous. For instance dangerous files such as executables should be scanned with multiple anti-malware engines and should be rescanned for three days in order to decrease the chance of a zero-day attack. Any possible embedded threats in Word or PDF files should be removed with data sanitization by converting their file format. For some users, however, it may be important to use embedded objects in documents. For instance, perhaps the accounting department uses Excel spreadsheets with macros. In that case, Excel spreadsheets to or from these users should be excluded from data sanitization.

#5. Test Security of Data Flow

The final step in the process is to test your data flow protection. Send embedded objects to users that are not supposed to receive them. Ask accounting to send or receive an executable. Make sure that the correct policies are applied and that threats are removed or blocked. Retest periodically to make sure all bases are covered.
 
Just as you need a central policy for securing data workflows, you also need a central application from which you can control the protection for different data sources. Being able to consolidate threat protection from one application, allows you to scale more easily, audit the data flows centrally, increase efficiency, and benefit from synergies. An important part of a secure workflow strategy should be the use of multiple anti-malware engines. By combining multiple anti-malware engines, you can leverage the power of the different detection algorithms and heuristics of each engine and detect significantly more threats. These anti-malware engines can be leveraged across the different data entry points and create important synergies to enhance your organization’s protection against threats.

OPSWAT is pleased to announce that the company mySignaturesOnline now owns the mySignaturesOnline brand, and will be handling all sales and support of the mySignaturesOnline products. Next month the Policy Patrol Disclaimers and Policy Patrol Mail Security products will also be moved to mySignaturesOnline. mySignaturesOnline will honor all current maintenance contracts and will be managing all support tickets for these products. For more information, please contact mySignaturesOnline at (303) 420-7942 or email support@mysignaturesonline.com.

OPSWAT is also announcing that it has discontinued sales of Policy Patrol SFT, though we will continue to support existing customers who have active maintenance contracts. Policy Patrol SFT is being replaced by Metadefender SFT. Customers are encouraged to talk to an OPSWAT representative about Metadefender SFT by contacting us at sales@opswat.com.

We will be hosting our own event in the DC area on Feb. 9th at The Westin Crystal City in Arlington, VA. This event is a great opportunity to learn about our industry leading security solutions and to network with OPSWAT, our technology partners, and industry peers. There will be an opportunity to meet with OPSWAT experts along with our Washington DC partners, InQuest and Punch Cyber.

The Westin Hotel in Crystal City in Arlington

To RSVP, please click here or email securityseminar2016@opswat.com. 

Registration: 12:00 PM - 1:00 PM
Day will begin with registration and light refreshments.
 
Session 1: 1:00 PM - 2:30 PM
The first session will feature OPSWAT presentations focused on the following technologies:

• 1:00 - 1:30 PM - Benefits of Multi-scanning with Benny Czarny: Did you know that no single antivirus vendor takes the top ranking spot across the three major testing organizations each year? We take a look at various detection techniques including traditional engines and heuristics versus sandboxing and examine a few sample outbreaks.
• 1:30 - 2:00 PM - Introduction to the Threat Map with Benny Czarny: Have you ever wondered where each threat originates? See where some of the most common threats uploaded to Metascan Online are located across the world, along with how wide-spread they have recently become.
• 2:00 PM - 2:30 PM - Using Data Sanitization to prevent targeted attacks with Anthony Berning: Document-based malware exploits are becoming increasingly popular. Learn how data sanitization addresses this type of threat by altering the structure of the file, removing embedded objects or by converting the file into a different format.

Break: 2:30 PM - 3:00 PM
Coffee break with light snacks.
 
Session 2: 3:00 PM - 5:00 PM
The second session will feature OPSWAT's Metascan run down and discussions with industry professionals:

• 3:00 PM - 3:45 PM - an overview of Metascan
• 3:45 PM - 4:30 PM - Hear from Pedram Amini and Rob King of InQuest: Learn about an on-premise network-based security solution that inspects application content over the most commonly used network protocols and performs Deep File Inspection (DFI) capable of detecting malware as it passes through your traditional security defenses.
• 4:30 PM - 5:00 PM - Mike Geide Chief Technology Officer from Punch Cyber will also join us: Punch is a boutique cyber-consulting firm that provides advanced analytics and strategic support to government and commercial clients. Learn how to improve an organization's awareness of and ability to manage a growing cyber threat environment. Punch Cyber’s focus is on bolstering cyber preparedness by improving an organization's analysts and the tools at their disposal.

Happy Hour: 5:00 PM - 6:30 PM
The day will conclude with OPSWAT Demonstrations, happy hour, hors d'oeuvres and networking. 

OPSWAT Demos will include:

• Malware analysis (automated & manual) where we will discuss custom integrations, metascan client and web user interface
• Protecting portable media with Metadefender
• Email security
• Web security

We hope to see you there!

According to the ITRC (Identity Theft Resource Center), there have been 5,754 data breaches between November 2005 and November 2015 that have exposed 856,548,312 records. According to their data, there were 783 breaches in 2014, the largest number of data breaches in a single year to date. ITRC data also indicated that 29% of breaches involved hacking incidents in 2014, compared to just 14.1% in 2007. This shows an upward trend in the number of data breaches resulting from an outside cyber-attack. Although this data includes a comprehensive list of data breaches, whether large-scale or small, there are a few that stand out from the rest as some of the worst data breaches in history in terms of resulting costs and the number of records compromised. Below is a list of 8 of the worst breaches in history that highlights the cause of the breach and the effects on the public and business sectors. 

1. TJX - 2003

A hacker managed to infiltrate TJX chains, including Marshalls and TJ Maxx, and stole 45.7 million customer credit card and debit card numbers. Although not thought to be responsible for the hack itself, a group of people in Florida were charged for buying customer credit card data from the hackers and then used that data to purchase $1 million dollars' worth of electronic goods and jewelry from Walmart. This breach is still considered one of the biggest retail data breaches of all time. 

2. Hannaford Brothers - 2013

Hackers managed to steal 4.2 million credit and debit card numbers within 3 months from 300 Hannaford stores, a large supermarket retailer. Hackers collected customer data via malware uploaded to Hannaford servers. The malware could intercept customer data during transactions, which was then used in over 2,000 cases of international customer fraud. 

3. Target - 2013

In order to gain access to customer credit and debit card numbers, hackers installed malicious software on POS systems in Target stores in self-checkout lanes. The card-skimming malware compromised the identities of 70 million customers and 40 million credit and debit cards. The same malware was later found in the Home Depot breach referenced below. 

4. Home Depot - 2014

A security breach that attacked Home Depot's payment terminals affected 56 million credit and debit card numbers. The Ponemon institute estimated a loss of $194 per customer record compromised due to re-issuance costs and any resulting credit card fraud. For example, protection from identity theft through Experian is $14.95 per month. For this specific breach, that would amount in $837.2 million in costs related to fraud monitoring, which is often offered in the wake of a breach in order to protect victims from identity theft. Hackers first gained access to Home Depot's systems through stolen vendor login credentials. Once the credentials were compromised, they installed malware on Home Depot's payment systems that allowed them to collect consumer credit and debit card data. 

5. Ebay - 2014

Between February and March of 2014, Ebay requested that 145 million users change their account passwords due to a breach that compromised encrypted passwords along with other personal information. Like many of the other breaches included in this post, hackers gained access to Ebay accounts through stolen login credentials. The credentials did not come from customers themselves but instead from Ebay employees. In this particular breach, user payment information via PayPal was safe since it was encrypted; users were only asked to change their passwords as a precautionary measure. 

6. JP Morgan Chase - 2014

In 2014, a cyber-attack aimed at JP Morgan Chase compromised 83 million household and business accounts that included personal information such as names, email addresses, and phone numbers. The attack was said to impact two-thirds of all American households, making this breach one of the largest in history. A little less than a year later, four men were indicted for the attack on JP Morgan Chase as well as several other financial institutions with charges including securities and wire fraud, money laundering, and identity theft. The men made over $100 million through the scheme. In some instances, login credentials were obtained through tricking users and then used to access customer information. Hackers also exploited the Heartbleed bug in this breach, a vulnerability in OpenSSL that allowed hackers to steal information that is normally encrypted. 

7. Sony Pictures - 2014

Analysts believe that the Sony breach began with a series of phishing attacks targeted at Sony employees. These phishing attacks worked by convincing employees to download malicious email attachments or visit websites that would introduce malware to their systems. This type of attack used social engineering, where phishing emails appeared to be from someone the employees knew, thus tricking them into trusting its source. Hackers then used Sony employee login credentials to breach Sony's network. Over 100 terabytes of data was stolen and monetary damages are estimated to be over $100 million. 

8. Anthem - 2015

In February of 2015, hackers broke into Anthem's servers and stole up to 80 million records. The healthcare giant is the parent company of several well-known healthcare providers including Blue Cross and Blue Shield. The attack began with phishing emails sent to five employees who were tricked into downloading a Trojan with keylogger software that enabled the attackers to obtain passwords for accessing the unencrypted data. This breach was particularly devastating because it included the theft of millions of medical records thought to be worth 10 times the amount of credit card data. It is suspected that the stolen health records will be sold on the black market in the future. 

To find out how to prevent large-scale data breaches, you can visit our Preventing Data Breaches page. 

References

1. NBC News Reference
2. Network World Reference
3. Tripwire Reference
4. Krebs on Security Resource
5. Forbes Reference
6. USA Today Reference
7. Washington Post Reference
8. Wired Reference

This month’s Gears release contains mostly fixes and enhancements to the Gears Client, with updates to Gears tool tips to help administrators better use all of the available features.

Code Name: North Carolina

Other Fixes and Enhancements:

• Added support for installing and running the Gears client on Windows XP devices
• ​Fixed SOH thread reporting issue

You can now download the latest version of OPSWAT Gears. If you haven’t already, try the endpoint visibility tool for free on up to twenty-five devices! 

Detecting and preventing advanced threats from entering your organization's network requires scanning network traffic. By establishing a proxy server and scanning all traffic going in and out of your network with an advanced anti-malware solution, your organization can significantly eliminate openings for malware infection.

When proxy servers are combined with products to scan email and portable media, like we have with Blue Coat's Proxy SG and the Metascan ICAP server, administrators can ensure that every file entering their organization has been scanned by multiple anti-malware engines. 

Watch the video to learn how to configure Metascan with your proxy server:

Click to play video

Metascan Proxy Integration:

• Compatible with all web proxy servers, especially Squid& Blue Coat
• Compatible with all Reverse proxy Servers, especially F5

Learn more about detecting and preventing advanced threats with Metascan Proxy Integration, or contact OPSWAT Support with any configuration or compatibility questions. 

In order to protect highly sensitive data and networks, such as military networks and critical infrastructure control systems, the most commonly used security measure is to completely disconnect the system from other networks. These disconnected networks are also called isolated or air-gapped networks. This has been the use case for critical infrastructure and SCADA systems as well as military networks, but is becoming more and more problematic as the need to import and export data from the isolated networks is increasing. The manual transfer of data not only generates a security risk but also a huge work load, and is prone to human error.

Data diode: Secure one-way data transfer

A data diode solves these issues by creating a physically secure one-way communication channel from the insecure network to the secure network. The one-way channel allows data to be safely transferred into the secure network, while not allowing any data to leave. The data transmission is handled by two dedicated servers; in order to explain the principle, at Arbit Security we call the sending server the 'pitcher' and the receiving server the 'catcher'. No data can be transported from the receiving network to the transmitting network (i.e from the catcher back to the pitcher); since the data diode has a single fiber-optic cable, it is impossible to reverse transmissions due to the basic laws of physics (no covert channel is possible).

This means that data diodes can ensure the following:

• Exploited network access is not possible from outside the network
• 100% data leak prevention since no data can leave the network

Files Securely Transmitted Between Low and High-Security Networks

When comparing diode and firewall technology, it is important to note that once implemented, a data diode cannot be changed in any way. The worst-case scenario is that the diode is forced to shut down. Whereas firewalls, once breached, may still permit the transmission of data. When a diode is breached, or fails, all physical channels for transmissions are shut down with the diode.

Since data diodes can ensure security while allowing for significantly higher employee productivity, the use of data diodes, in order to protect networks, data and sensitive information, is becoming the next logical security step for many high security organizations.

How can users benefit from a data diode?

By allowing for limited and safe connectivity, users are able to complete their tasks more efficiently, including:

Forwarding email

Users on secure or even air-gapped networks often have several mail addresses referring to different networks. In order to receive mails, users are forced to log in to multiple networks to check their mail accounts. By installing a Data Diode, you will be able to forward all emails to one account on the most secure network and thereby significantly improving efficiency.

User initiated file transfers

Even working within a secure network, users often need graphs, images, and other information for the completion of reports. By using Data Diode technology, users can transfer the information they need by simply dragging and dropping the files to a dedicated transfer folder which is forwarded to the secure network.

Mirror web sites

Permitting full web access to the Internet is always a huge security issue, and with air-gapped networks, full access is simply impossible. Nevertheless, if you or the organization needs online access to pinpointed websites, there is the option to mirror the needed sites using Data Diode technology. The website will have the information sent through the data diode, creating a mirror of it for employee use.

RSS feeds

Employees often rely on RSS feeds to get the latest updates on topics in their industry or profession. High-security organizations can now allow the use of RSS feeds by having the information travel through a data diode, much like the email and website mirroring.

Streaming (video, audio)

Streaming of video and audio is now possible for high-security organizations. Since even video files can contain malware, taking precaution on the use of streaming media such as news feeds, surveillance, or video seminars is important. Using a data diode provides all of the necessary precautions, while not hindering the use of these media types at all.

Centralized print solution                

Without the use of unidirectional networking, organizations will have more separated networks and more printer pools. Every separated network would need its own set of printers to allow employees to print information from that network. With Arbit's Data Diode, it is possible to set up a centralized print solution that covers more networks and even support “follow the print”.

How can Administrators benefit from a data diode?

By allowing secure data access without requiring manual transfers, administrators are able to complete their tasks more efficiently, including:

• Running Windows server update services (WSUS)
• Antivirus updates and Software repositories
  • Diodes can be set up to retrieve downloaded updates and forward the data to the protected network, making daily operations easier and less time-consuming.
• Securing & centralizing log data
  • Unidirectional networking allows separated networks to compile log data into one comprehensive log. This makes network analysis and oversight easier for administrators.
• Securing & centralizing backup data
  • Should something happen on one of your networks, an updated backup/log data is essential for your continued business, and therefore a high-priority security and operational issue. Diode solution makes it possible to move and secure this type of data almost “online”.
• Time synchronization
  • Admins with more separated networks know the importance of the same time source on different networks, especially when it comes to comparing log data.

How can you ensure that transfers on the data diode are threat-free?

Even though no data can leave a secure network when using a data diode, it is still important to ensure that the data entering the network is threat-free. This is why it is important to use an advanced anti-malware solution to ensure that the data entering secure networks is free from malware threats.

How can a data diode improve portable media security?

Since users will also need to use portable media to bring in data to the secure network, and portable media can contain malware threats, it is important to make sure that all removable media is thoroughly checked for malware before the device is allowed to be connected to the high security network.

Click to Enlarge

After the files have been found to be clean, a data diode and secure file transfer system can be used to transfer the data into the secure area, without having to physically bring in and connect the media. This not only improves productivity, but also eliminates another possible security risk: booby-trapped devices that could go undetected by anti-malware solutions but can cause major damage when connected to the network.

The bottom line is, that maintaining data flow between separated networks is a security challenge and a time consuming operation for users and Administrators. By combining Arbit’s expertise in data diodes and unidirectional gateways with OPSWAT’s robust multi-scanning, data sanitization, and portable media security technology, customers can benefit from automated, reliable, efficient and threat-free data transfer in high-security networks. In this way, users and administrators can focus on more important tasks rather than dedicating their valuable time to manually transferring data.

About the Author:

Søren Elnegaard Petersen, is Key Account Manager at Arbit Security. Founded in 2006, Arbit Security specializes in high-end security products, including its unidirectional data diode solution. Arbit offers data diodes for one-way transfer into a secure network, as well as release of data from a secure network using Arbit Trust Gateway technology. Arbit Security is based in Denmark and helps secure high-security networks throughout the world.

2015 may just go down in history as the year of the hack. 

2015 was filled with 365 days of headlines covering everything from the OPM breach, to Anonymous' latest shenanigans, to mobile vulnerabilities. The breadth and depth of these breaches were both alarming and eye-opening. We saw how an average teenager with basic computer skills can bring down telecom giants and how CCaaS (cyber-crime as a service) has quickly become a booming business. Governments breached other governments and federal agencies had their weaknesses exposed in serious ways. Even gamers and kids weren't safe in 2015. 

At Reason Core Security, we believe that it's important to study the past in order to prepare for the future. That's why we decided to take a look at some of the vulnerabilities that made a majority of these hacks possible in order to understand how to avoid them in 2016. We also believe that to be truly secure, you need to use a multi-layered approach. Keep reading to learn our recipe for real security! 

Flash

Flash, oh, Flash! Millions scorned you, your creator and champion, Adobe, tried in earnest to save you, but in the end you were just too insecure for your own good. Adobe's Flash was the standard for delivering rich web content for years. Used in gaming, on websites and in video display, for a large chunk of the existence of the internet, Flash was everywhere - on your browser, on top 100 Alexa-ranked websites, and in those dancing e-cards grandma always sent you.

Vulnerabilities used by exploit kits in 2015

True, Flash was in every corner of the web, but it contained critical flaws that made it a hacker’s playground and was a huge resource hog, draining battery life faster than you can say “iPhone 7”. In the last few years, it seemed that there was a newly discovered Flash threat every week, and sometimes there were many more than that. The July data dump of Hacking Team's database, creators of surveillance software used by governments, brought to light three previously undiscovered zero-day vulnerabilities which hackers gleefully tested as soon as they had the chance, all within just a few days of each other. Then there were the countless times Flash was used in malvertising exploits, delivering malware via infected ads to millions of unsuspecting visitors to Yahoo, Forbes, The Huffington Post, and The LA Times. 

In December 2015, after Facebook, FireFox and Chrome all banned Flash, Adobe took the hint (although at an agonizingly slow pace) and announced that they were discontinuing Flash. It will be replaced with Adobe Animate, which uses aspects of Flash and the newer, much more secure HTML5, which is largely viewed as its successor.

Now that Flash has been discontinued, will 2016 be more secure? We’ll have to stick around to see, won’t we? 

Java

Let’s talk about Java. No, not the place, not the drink and no, not Javascript. We are talking about Java, the programming language used to create multimedia content, that was estimated to be involved in 50 percent of cyber-attacks within the last few years. To be clear, it’s not actually the language itself that isn't secure, it’s the browser plugin that accompanies Java that seems to have more holes than Swiss cheese, which allow cyber criminals to swipe sensitive information like passwords and credit card information. 

Java, purchased by Oracle in 2010, has had its ups and downs. In April 2015, Oracle disclosed that newly discovered vulnerabilities left millions of users at risk and unless they patched the program ASAP, there was a remote possibility for hackers to access highly sensitive information. In July, the Advanced Persistent Threat group or APT28, attacked members of NATO and a U.S. defense organization in a zero-day Java exploit known as Pawn Storm. 

In late 2015, Oracle came under fire from the FTC as the new versions didn't actually get rid of the buggy older versions if users had more than one version installed. Yes, the new, more secure version was as safe as apple pie, but the older, non-secure versions were still at large on 850 million PCs, putting them all at risk. Oracle was ordered to inform users of the issues and to help them uninstall buggy versions. 

Experts have long advised users to disable Java. Unless your business has custom apps built using the platform, chances are you don't really need it, so it's better to just get rid of it. 

Angler Exploit Kit

Exploit kits help cyber criminals take advantage of vulnerabilities that are already on computers or devices (and with the rise of IoT, your coffee maker and Barbie Doll too, but more about that later). So, how does this relate to those previously mentioned Flash and Java vulnerabilities? Exploit kits make them easy to find and, well, exploitable. They work like this - you search for something, like that nifty internet-connected coffee maker on your search engine of choice and rather than reaching IoTcoffeemakersRus.com, you get redirected by hackers to a website hosting an exploit kit. That kit scans your computer for vulnerabilities and then essentially “drops” the malware in those holes.

The Angler Exploit Kit, an especially down and dirty tool, has been partially responsible for over 40 percent of attacks in the first part of 2015. A good deal of its popularity comes from the fact that it’s easy to use and doesn't take much technical know-how. It’s a favorite among Dark Web forums where it is sold as CCaaS (Cyber Crime as a Service). To learn more about CCaaS, you can read one of our recent posts covering the topic. The cyber criminal doesn't have to do very much, aside from some minor configuration changes to implement the mayhem. As simple as it is to set up, it’s quite advanced in its evasion methods. It changes IP addresses and host names and its components change from victim to victim. 

Statistics on Angler Exploit Kit

Angler was a key element in many of 2015’s most damaging banking Trojans like Dridex and Vawtrak and is a perennial favorite for ransomware distributors, used in TeslaCrypt and Cryptowall which netted $30 million before it was taken down in mid-2015.

SQL Injection 

In November, British Telecom giant Talktalk got hacked by a bunch of teenage boys using SQL Injections. SQL Injections work by entering malicious code into a form on a web site, then the form spits back information that it wasn't supposed to divulge. SQL Injection attacks have been around for longer than some of the Talktalk hackers have been alive and its dangers have been known for just as long. 

SQL Injection attacks have been used against the World Health Organization, The Wall Street Journal and numerous federal agencies' websites. This attack method routinely makes it to the top spot on OWASP’s Top Ten Vulnerabilities list. SQL injection vulnerabilities put millions of WordPress and Joomla websites in jeopardy in just this past year alone. It’s a fan favorite among hackers as it’s easy, clean to pull off and it’s effective, too. SQL Injection vulnerabilities were a key element in the recent VTech hack, putting 6.3 million kid's information at risk. 

So what does all of this mean for you? 

Well, in short, it means that real security isn't as simple as some people might hope it to be. To really keep your devices and networks safe, you need to use more than one method and put in some elbow grease. In order to achieve this, at Reason Core Security we recommend a multi-layered approach to security, making sure all your bases are covered. 

“Multi-layered” means assessing all the different parts of your home network and applying individual tactics where they are needed, rather than relying on one piece of software that may (or more likely, may not) keep you fully protected. Contrary to what a lot of non-techies believe, antivirus is an imperative aspect of security but should also be used in combination with some other really important, and often overlooked ingredients in the creamy multi-layered security cake. To set up an effective, multi-layered security approach, you should do the following:

• Update and patch all software and operating systems as soon as an update or patch is released. Those older versions of software are a key starting place for hackers.
• Backup your files. Let’s say that you do get angled by Angler or another ransomware tactic. The day you decided to play it safe and backup your data will go down as your finest “I told you so” moment ever. 
• Use a strong antivirus software, something with multiple methods for detection, that doesn't only rely on updating signature databases and has a long-standing good reputation and releases regular updates. Antivirus software is good for finding known threats, so it’s effective when it comes to legacy viruses and Trojans. That being said, you will still need to keep up with more current threats, and for that you need anti-malware software. 
• Use a solid anti-malware software like Reason Core Security to detect zero-day attacks and malware samples that are still in the wild. Anti-malware uses fewer resources than antivirus and takes far less time to update and detect threats and finds threats that antivirus software can’t. Use it together with your antivirus software for a double-whammy against vulnerabilities.

Let’s take the lessons from 2015 seriously and learn from them to make 2016 the year of “real security”.

About the Author

This post was written by Batya Steinherz, a Web Content Manager at Reason Core Security. She is in charge of developing engaging content, blog management and social media marketing for Reason Core Security. Reason Core Security's Anti-malware applications are OPSWAT Silver Certified. 

Interested in writing for OPSWAT? Submit your products for certification, and contact OPSWAT for details and requirements. 

OPSWAT today announced that the US Defense Information Systems Agency (DISA) has selected its multi-scanning solution, Metascan, to be part of the Joint Regional Security Stack (JRSS), the new regional network security architecture subset of the Joint Information Environment (JIE). Deployed at the Department of Defense, U.S. Army and Air Force, OPSWAT’s multi-scanning technology will integrate [1] with InQuest’s network session inspection and analysis to increase malware detection rates and enhance the security infrastructure at numerous branches of the Department of Defense. 

OPSWAT’s Metascan has been integrated into the DISA security infrastructure to scan files transferred within the network for malware, identifying files for further analysis by InQuest. Due to the ever-changing virus landscape, no single anti-malware engine is able to detect every threat. The combination of Metascan’s signature and heuristic-based capabilities along with InQuest’s embedded content inspection and innovative post-processing techniques allows for quick and thorough file analysis, providing the US Department of Defense with the in-depth defense necessary to detect new, complex attacks.

DISA’s Joint Information Environment (JIE) is a partnership between the “Joint Chiefs of Staff (JCS), Office of the Deputy Chief Management Officer (DCMO), DoD CIO, Joint Staff J6, CYBERCOM, military services, intelligence community, and National Guard” [2]. DISA leveraged the Metascan 16 package into their network, plus 10 additional custom engines, amounting to a total of 26 anti-malware engines from industry-leading vendors such as Kaspersky, McAfee, Microsoft and Symantec. With anti-malware engines sourced from around the world, Metascan significantly increases detection rates for new virus outbreaks—identifying threats before they spread across the globe. 

“It’s an incredible honor for Metascan to be selected by the Defense Information Systems Agency,” said Benny Czarny, President and CEO at OPSWAT. “We’re very proud of all the hard work we’ve done at OPSWAT and believe that the integration between Metascan and InQuest will help DISA quickly and accurately detect known and unknown threats.”
When asked of the partnership, InQuest’s CTO Pedram Amini said, "We're honored to have been selected by DISA as the sole session and file analysis tool for defending one of the world’s most critical networks. It's a welcome challenge and we look forward to showcasing our technology."

Amini continued, "At the nucleus of our solution is a threat scoring engine capable of factoring a multitude of signals, generated from both our proprietary stack and supported third parties. We integrate with OPSWAT Metascan to add on-prem intelligence from many anti-malware engines, providing our customers with the analytics necessary to both detect and defend against new and complex attacks."

About Metascan
Metascan is already a component of many organization’s defense-in-depth solutions, including public entities, such as DISA and critical infrastructure providers, who need maximum protection from cyber-attacks. OPSWAT’s multi-scanning technology also powers the free online malware scanner, Metascan Online. The cloud-based multi-scanning solution allows security professionals to easily upload a file to be scanned for malware against 40+ commercial anti-malware engines. 

About OPSWAT
OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against zero-day attacks by using multiple antivirus engine scanning and document sanitization. OPSWAT’s intuitive applications and comprehensive development kits are deployed by SMB, enterprise and OEM customers to more than 100 million endpoints worldwide. To learn more about OPSWAT’s innovative and unique solutions, please visit http://www.opswat.com.

About InQuest:
InQuest offers an on-premise network-based security solution that inspects application content over the most commonly used network protocols and performs Deep File Inspection (DFI) capable of detecting malware as it passes through your traditional security defenses.

The InQuest team works with real-world, high profile networks on a daily basis and draws influences from actual attacks to publish new signatures and intelligence feeds on a regular weekly basis or as needed. To learn more about InQuest and their product offerings, please visit http://www.inquest.net.

Resources:
[1] Metascan Partner Snapshot: https://www.opswat.com/solutions/high-speed-network-monitoring/inquest
[2] DISA Joint Information Environment: http://www.disa.mil/About/Our-Work/JIE

Read this month-in-review to learn about the biggest problems facing IT administrators, the largest breaches of all time, and our highly anticipated security seminar on February 9th at the Westin Crystal City.

Educational Cyber Security Seminar in DC

Come join us on February 9th for a half-day educational seminar in the DC area. Learn about our industry-leading security solutions and network with OPSWAT, our technology partners, and industry peers. The event will feature presentations and a light lunch followed by drinks and appetizers. There are only a few open spots left for this event, so RSVP today. 

You can also read our latest press release for a preview of a joint solution that will be discussed at the event! 

RSVP for the event >>

The Largest Data Breaches of All Time

According to the ITRC (Identity Theft Resource Center), there have been 5,754 data breaches between November 2005 and November 2015 that have exposed 856,548,312 records. We took a look at 8 of the largest data breaches of all time. Can you guess which breaches top the list?

Discover the largest data breaches >> 

Biggest Fears of IT Security Professionals 

In a recent survey that we conducted, over 80% of IT security professionals cited their biggest fear as infected or compromised devices accessing their data or assets. 42% were also concerned about devices not being encrypted when accessing their data or assets, and a further 35% that the devices had riskware or greyware installed..

Check out the full survey results >>

5 Steps to Securing Data Workflows 

The secure data flow planning process consists of five steps including identifying different data workflows, determining what file types are needed by users, locating threats that are targeting your organization, defining data scanning and sanitization policies, and testing the security of your data flow.

Read the five steps >> 

Data Diodes Perfect for Isolated Networks

A data diode solves issues faced by offline networks by creating a physically secure one-way communication channel from an insecure network to the secure network. Our partners from Arbit Security explain why data diodes are beneficial for both users and administrators. 

Read more about data diodes >>

Getting Started with Metascan & Proxy SG

When proxy servers are combined with robust malware protection, like Blue Coat's Proxy SG and the Metascan ICAP server, administrators can ensure that every file entering their organization has been scanned by multiple anti-malware engines. 

Watch our latest video >>

We've kicked off the new year with newly certified products and partners! If you are a software vendor or user of IT security products, you can limit chances of poor usability issues by certifying your products with OPSWAT. All products involved in our free certification program are certified compatible with leading network solutions like Juniper, Cisco, and Citrix. Submit your product today to be listed, or view our certified products list before purchasing a solution. 

	Seqrite Endpoint Security 15.X eScan Anti-virus 14.X
	Deep Security Agent 8.X
	SpyHunter 4.X Rogers Online Protection Basic 16.X Deep Security Agent 8.X
	Rogers Online Protection Premium 16.X Deep Security Agent 8.X
	Rogers Online Protection Premium 16.X
	Rogers Online Protection Premium 16.X
	F-Secure PSB Workstation Security 14.X

OPSWAT Certification is a free program, and submitting products is an easy, development-free process. Become an OPSWAT Certified Partner by submitting and receiving certification badges for your products!