Information security is currently a high priority at EVNHCMC. The Corporation has been well aware of potential risks associated with data transfer from unsecured sources (IT networks, the internet, data obtained from PSS and GIS systems...) to its operational technology (OT) system, including peripheral-based attacks using malicious code. To prevent malware penetration of critical systems through this route, EVNHCMC has deployed a dedicated system capable of scanning and disarming malicious code.
OPSWAT Metadefender is a cybersecurity platform solution that specializes in malware scanning, disarming, and preventing malware attacks. The platform enables businesses to detect and ward off malware threats on multiple channels, including email, web, BYOD, and Cloud. Using customizable data flows, Metadefender provides efficient protection against incoming threats. With the unique “Deep Content Disarm and Reconstruction” technology at its core, Metadefender removes harmful elements from files and outputs completely safe files to users. To support deep CDR and provide comprehensive enterprise protection, the platform is also armed with Multiscanning, Vulnerability Assessment, and Data Loss Prevention technologies.
Prominent features of OPSWAT Metadefender:
- Multiscanning: The Metadefender KIOSK supports over 30 engines that utilize malware signatures and recognition technology from multiple solution providers worldwide to improve the malicious code detection rate.
- Deep Content Disarm and Reconstruction: Metadefender KIOSK removes all potential harmful components from files, including macros, embedded Flash or JavaScript code. This feature prevents zero-day attacks, and outputs completely clean and safe files.
- File-Based Vulnerability Assessment: utilizes a hash database of over a billion data points, detecting known vulnerabilities in over 20,000 applications. This way, users can avoid installing unpatched applications with vulnerabilities exploitable by hackers.
- Proactive Data Loss Prevention: this feature detects and blocks sensitive data in over 30 file types from entering or leaving critical locations, ensuring control and prevention of both deliberate and accidental leakages of sensitive data.
Platform components are organized as follows:
+ MD Core: the central component of workflow threat control that connects other OPSWAT components (e.g., Kiosk, Vault), centralized governance, reporting, etc.
+ MD Kiosk: manages and scans files on peripheral devices
+ MD Vault: manages, scans, and stores cleaned files
OPSWAT's prominent features for malware scanning and disarming provide effective ways to prevent risks associated with data exchange between peripheral devices and EVNHCMC’s vital systems.
After MD Kiosk scans peripheral devices (USB drives, mobile devices, CDs, etc.), harmful files and sensitive data are blocked/deleted. Only verified files are imported to the MD Vault for safe storage and download within the system.
Available malware scanning scenarios:
- Malware scan of file uploads and peripheral devices (USB, CD/DVD, mobile devices...)
- Malware detection by multiscanning engines
- Malware detection by behavior engines
- Vulnerability Assessment
- Content disarm and reconstruction
- Peripheral check after Kiosk scan
- Proactive Data Loss Prevention
- Hash code whitelisting/blacklisting
- LDAP/SMTP integration
- Management of files transferred from the Kiosk to the Vault
- Approval process for data transfer from the Vault
- Reporting management
Metadefender Core dashboard
Objects processing, Processing status, Threats detected
Scanned file types
Detailed report on infected files
The deployment of OPSWAT Metadefender has reinforced the information security level of the OT system by cleaning files of external origin for internal uses. The next move is to explore the potential integration of the platform with the Email Gateway and Internet Gateway of EVNHCMC to utilize its multiscanning engines for better gateway performance.