We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/
Blog
/
Economical, Fast, Analytical: The Revolutionary…
Against the backdrop of increasing cyber threats, OPSWAT has developed its innovative MetaDefender Sandbox system with analytical capabilities, addressing the weaknesses of traditional tools. "In fact, we offer a new way of working, designed to identify sophisticated threats targeting critical infrastructures and business, as well as national organizations," says Adir Shorka, Solution Engineers Team Leader at OPSWAT.
One of the key tools in the arsenal of the information security world is the Sandbox - an isolated environment that serves as a safe space for performing potentially dangerous operations without exposing the organization to risk. This tool allows the identification of potential threats without causing damage to the real system and is used for various purposes in the fight against cyberattacks, including malicious code analysis, software testing, and identifying bugs or security vulnerabilities that could open the door to cyberattacks.
However, this important tool is not without flaws and can be easily bypassed. The current generation of Sandbox is slow, resource-intensive, and lacks deep analytical capabilities. This is where OPSWAT comes in, at the forefront of protecting critical infrastructures and developing advanced cybersecurity solutions. The company brings a new message to the market - a revolutionary Sandbox that is economical, efficient, fast, and above all - has analytical capabilities, capable of identifying even the most sophisticated and elusive threats.
"We live in a technological arms race between attackers and defenders, and the level of threats to public, business, and national organizations is only increasing, as hackers and other attack organizations are constantly improving and refining their attack capabilities and techniques," says Adir Shorka, Solution Engineers Team Leader for OPSWAT in Israel and Romania. "Our innovative Sandbox is designed to deal precisely with these threats. It can run files the organization wants to introduce into its systems in a controlled environment, and through advanced analysis, including machine learning, it detects those malicious parts within them. It can identify threats that cannot be detected by existing traditional security solutions in the market and block them."
"For example, suppose an organization in the critical infrastructure sector needs technical drawings or legal evidence but requires the metadata and wants to ensure that no malware is introduced into the system. In such a case, we will run the files in the controlled environment of the Sandbox and ensure that there is no element that endangers its infrastructure."
Running files in a controlled environment is a well-known tool in the security market. What is unique about your Sandbox?
"Typically, traditional Sandboxes use virtual tools. That is, for each file run, a virtual machine is launched within a controlled environment. We operate in a different, much more innovative and advanced way, using an emulation method instead of virtualization. We emulate the file's working framework and can then run them and observe their behavior. This is where the analytical capability of the Sandbox we offer comes into play. After all, every time a suspicious file is run in a virtual infrastructure, it can ask the infrastructure questions and receive answers - regarding the operating system, internet network, and more. A typical question is about the runtime of the operating system; if the answer is that the system has been running for a short time, the malware understands that this is a Sandbox environment and avoids carrying out the attack. It passes the system's filter, is approved as a legitimate file, and penetrates the organization. Then, when it detects it is operating in the real organizational environment - it acts. In our method, every time the system is asked questions, it can check and diagnose the file's behavior for each answer, thereby detecting threats uncompromisingly and changing the equation. This is the Forking method, which allows us to deal with very sophisticated threats built specifically for critical infrastructure organizations and others."
OPSWAT innovative Sandbox employs advanced analysis, including machine learning, to detect and block previously undetectable threats by running files in a controlled environment.
We simulate the file framework and can then run them to observe their behavior. This allows us to deal with very sophisticated threats, specifically targeting critical infrastructure organizations and others.
Adir Shorka
Solution Engineers Team Leader at OPSWAT
What are the benefits for the organization in using this method?
"First of all, resource savings and efficiency. When you don't need to 'raise' a virtual machine for each file, you achieve efficiency. Secondly, speed. Our solution is up to ten times faster than traditional solutions. Think, for example, of email, which is a vector of attack in about 90% of cyberattacks. Instead of waiting six minutes to introduce a file into the system, you wait only a few seconds. And this is just one example of the speed dimension. The tool is flexible for use in all infrastructure protection channels and can also be implemented in file transfers between networks. And in addition, as I mentioned, the advanced analytical capability. This combination addresses the vulnerabilities of traditional Sandboxes, which can be bypassed, and creates a new way of working."
What feedback are you receiving from the market?
"We are receiving very positive feedback. The field reports that this is an excellent tool that provides value and acts as a force multiplier. It also expands our marketing scope as it is also suitable for business organizations. It can protect assets in a bank, the databases of insurance companies, the trade secrets of aviation companies, and the security secrets of states, and armies, and more. Because the tool knows how to protect critical infrastructures, it also addresses the cyber challenges we encounter in every organization. We have a large number of customers in Israel and worldwide already using the solution - from security organizations to financial organizations - as well as communication, aviation, retail, and banks."
A web of different capabilities
The innovative Sandbox is one significant component of a broad portfolio that OPSWAT develops and markets, which currently includes more than 25 products. At the core of the portfolio is a dual-use platform for threat prevention and detection: MetaDefender Core for on-premises installation and MetaDefender Cloud, the platform offered as a managed cloud service. "The platform uses sophisticated tools at the forefront of technology and is essentially a toolbox that provides very advanced security and cyber defense capabilities," clarifies Shorka, who has been specializing in high-tech for over a decade and has previously managed security projects. "One of the tools is AV Multiscanning, which gives the ability to quickly and parallelly check files with different antivirus engines. It is essentially a system for detecting and inspecting suspicious files before or after they enter the organization, which can also connect to online databases, collect information, scan files, and present a more accurate picture of the suspicious file. We know how to work with over 30 engines and recognize the strengths of each one and the collaboration agreements between the different companies. The goal is to bring our customers into as many security circles as possible."
The innovative Sandbox is one of a broad portfolio that OPSWAT develops and markets, which currently includes more than 25 products.
"Following the scan, vulnerabilities can be detected, as well as problematic code parts that may be a starting point for system attacks, authenticate and block files sent to the organization, and handle suspicious files automatically, according to the organization's security policy."
Another technology from the platform that Shorka presents is OPSWAT's Deep CDR, which was built to broadly address unknown cyber threats - Zero Day, which are not even detected by the next generation of antivirus mechanisms and dynamic analysis and analytics solutions. This technology assumes that all files are malicious, disassembles them into components, and then rebuilds the files without the elements that could pose a threat vector so that the product is both a usable and threat-free file simultaneously.
OPSWAT Deep CDR™
"What characterizes this technology is 'flattening' - the ability to get a comprehensive and extensive picture of a wide range of file types, analyze components within them that could pose a threat vector to the company or organization, and break down the files into components and rebuild them without the risks," explains Shorka, noting that each organization can define within the Deep CDR what action is required for each file and in which channels or departments. "The goal is to allow as much flexibility as possible in using the tool and give the organization 'peace of mind' that it can bring files into the organization even without knowing their level of risk," he explains.
According to him, the combination of all the solutions creates a web of different capabilities, built in layers, all intended to address threats directed at critical infrastructures. "What characterizes critical infrastructures is that they are a focused target by sophisticated threats that were not previously on the market and are not addressed by checking with antivirus engines alone," Shorka clarifies. "We know how to adapt the tools and the framework to the needs of each organization, the appropriate channels, and its security policy, just like Lego blocks."
Let's return to your expertise in protecting critical infrastructures. What is the situation in this field?
"Cyber attacks on critical infrastructure entities pose a significant threat both in Israel and globally. It's important to remember that threat actors invest substantial resources in developing advanced offensive cyber technologies, and their capabilities are becoming increasingly sophisticated. These actors have realized that all essential daily activities and indeed our entire way of life rely on critical infrastructure and technologies. This includes electricity, water, sewage, transportation, communication, education, personal security, national security, and even the internet itself. They understand that by targeting these infrastructures, they can inflict tremendous damage on a country or organization, sometimes far more than other types of attacks. The effects of cyber attacks can be devastating: disrupting essential services like power, water, and transportation; stealing sensitive information such as health or financial data; and damaging reputations and national security. They also recognize that infrastructure organizations are spread across a large and diverse space, including cloud infrastructures, IT networks (the less encrypted and more exposed lower network), and OT networks that comprise machines and controllers, both old and new systems, separate and secret networks, all regulated by a comprehensive set of regulations and standards."
"Specifically, to answer your question, in 2023, there was a 30% increase in cyber attacks on critical infrastructure entities compared to 2022, which translates to an unprecedented rate of about 13 attacks per second. This is a serious threat, and we are among the few companies focused on it.”
The guiding principle for us is to provide a comprehensive response to protect critical infrastructure, a field that requires monitoring numerous entry points and dealing with many challenges.
Adir Shorka
Solution Engineers Team Leader at OPSWAT
What is your level of investment in R&D?
"Very high. The solutions engineer team acts as an access point for our customers, supported by dozens of professional R&D teams operating in various fields. This is reflected in the breadth of our solutions, which, in addition to the mentioned platform, include kiosks for file insertion and transfer, endpoint protection, one-way communication and file transfers with diodes, email security protection, storage and server protection, supply chain security, and more, all of which we also use internally within the company."
What are your vision and goals?
"Our goal is to stay ahead of the attackers, to be ahead of them in the race. Ultimately, our responsibility to our customers takes precedence, and we strive for this to guide us. We work so that our customers, who are managers of large organizations, can sleep well at night. I left a secure job after 12 years because I wholeheartedly believe in our solutions. They provide great value to customers, based on high creativity, and every citizen in many countries, especially in Israel, relies on them in their daily lives, even if they are not aware of it. This mission brings great satisfaction."
About OPSWAT
OPSWAT's capabilities in dealing with cyber threats extend beyond incoming threats to also address outgoing files. This involves a technology within the platform called Proactive DLP, which includes OCR capabilities to identify details in images, ensuring that data leaving the organization does not involve the exposure of confidential information such as customer details, personal information, IP addresses, credit card numbers, or any other data the organization defines as confidential. Another capability, OPSWAT SBOM, pertains to open-source files, which are widely used today. Developers tend not to be cautious, leaving keys and passwords to databases in the digital space, which are appealing to hackers who constantly scan open-source libraries to find vulnerabilities. There are numerous known cases where such a vulnerability allowed cryptocurrency miners to use open-source code developed by a particular organization to penetrate its servers and mine within them. The technology ensures that open-source code leaving the organization does not leave behind database details and passwords that could be dangerous if exposed and does not expose server keys. It also ensures that the open-source code the organization uses, or its dependencies, is not hostile and, no less important, is free for use and does not expose the organization to legal claims.
Comprehensive Response for Critical Infrastructure Organizations
OPSWAT was founded in San Francisco, USA, about 20 years ago and has since greatly expanded its activities in the global market. It is currently headquartered in Tampa, FL and operates in 27 countries and specializes in cyber defense for critical infrastructures. The company focuses on 16 industry sectors, including infrastructure, finance, energy, government-public, military and security, healthcare, aviation, agriculture, and more. The company has over 1,500 corporate customers worldwide.
The Israeli branch, which began its journey in 2019 as a small office in Herzliya, has since grown into a large new office in Petah Tikva, as part of the desire to expand the response to the local market. It also includes a sophisticated cyber lab demonstrating the company's solutions, showcasing its capabilities, and allowing tests and trials for existing customers while also inviting interested parties and potential customers.
