In addition to understanding the general security measures that can be used to minimize exposure to human interface device (HID) threats, utilizing MetaDefender can allow for a solution that maintains data usability without sacrificing network security. MetaDefender can act as an entry point for the data on portable media, thus protecting less secure systems which may be vulnerable to HID threats.
How can MetaDefender block HID-based threats?
The most common methods currently in use for protecting against HID threats are either restricting the use of USB 
devices to those that are known to be safe, or blocking the usage of USB drives altogether. MetaDefender provides supporting technology for both of these methods, allowing administrators to build policies for safely bringing data from portable media into an organization through a kiosk-based scanning station.
When configuring MetaDefender for this use case, an administrator would need to create a policy that uses MetaDefender as a secure data input/transfer station, not simply as a USB drive scanning station. With such a policy in place, users would be instructed to upload their documents, files and data to MetaDefender, and then be provided with an alternative storage place outside of sensitive areas (e.g. storage locker) to keep their devices after scanning.
Once the scan is finished, only the files that MetaDefender is able to read and explicitly validate through the various configured checks (malware scanning, file type authentication and filtration, etc.) are allowed to progress through the system from scanning to post-processing. Post-processing functionality allows for actions to be performed on approved files after the scan. For instance, files can be automatically copied to a specified directory (by utilizing the username variable, its directory could even be specific to the user initiating the scan session), or copied to user-provided media like a trusted USB drive intended for internal use only, a CD or a SD card. In addition to standard post-processing methods, we also support custom post-processing scripts, which open up the possibility to leverage third party solutions such as FTP or Managed File Transfer (MFT) uploading.
How does MetaDefender protect itself against HID threats?
In the case of a dedicated system like MetaDefender, the simplicity of the HID threat is also its downfall. Because MetaDefender is designed to operate on a dedicated machine, we have taken into account that a malicious user could plug in an actual HID to try and gain access to the underlying OS and compromise the system. In building the product to be protected against such attacks (disabling ctrl+alt+del, ctrl+esc, etc.), we are able to keep all keystrokes confined to our application. This prevents the device from accessing any sensitive areas of the system, effectively rendering HID attacks like BadUSB futile on properly configured MetaDefender systems.
Detection of HID threats
While MetaDefender does offer the ability to build data workflows that prevent the proliferation of HID threats within an organization (thereby protecting the network), the ability to detect these threats and alert the administrator to their presence is a more challenging matter. Because there is limited visibility to the device, devices that present themselves as mass storage devices and delay the initialization of their HID component are extremely difficult to detect.
Although the network is already protected by MetaDefender's workflow, administrators should also be alerted to risky users who may be trying to introduce these types of threats. We are currently investigating methods to detect potential HID threats during our scanning process.
