We previously reported on OPSWAT, a provider of technologies that protect infrastructure and organizations. With this post I provide some insights into the technology of OPSWAT as well as the background of Michael Hylton, OPSWAT’s federal lead.
For those of you who may not have met Michael yet, he has a background of over 20 years in federal technology consulting with the Pentagon and other federal agencies. In addition, Michael also has international experience, as well as experience with cybersecurity startups. On top of that, we have found him to be a great explainer of tech, which will come through in the discussion below:
Bob Gourley: Michael, OPSWAT is well-known for protecting critical infrastructure, in fact 98% of US nuclear facilities use OPSWAT to protect their air-gapped networks and remote contract access to critical networks. What do you do in the nuclear industry?
Michael Hylton: We help transfer data into critical infrastructure through our data scanning kiosk and vault solution. If you have heard of “sheep-dip” as it pertains to using a dedicated computer to test incoming files before allowing them onto a network, this is the same principle. Every file brought into critical infrastructure goes through a very intense validation and auditable process. We will decompress all file contents, scanning the outer and inner archives and files in each layer, with up to 34 commercially available anti-malware engines, resulting in the highest levels of risk detection possible. Each file extension is validated to the file’s true file type. We sanitize files to prevent any active content that may be used as a zero-day attack, and we look for sensitive data, and vulnerable firmware that may inadvertently be brought in a network.
We then create a secure transfer process that includes auditing and technical enforcement of the scanning. The technical enforcement validates all portable electronic devices and removable media was in fact scanned before it be read on one of the secured nodes, or perhaps enforce the secure transfer of the files to a trusted house media, both scenarios can include our digitally signed manifest, which our media validation agent will validate before giving access to the operating system. We have customers who go media-less and transfer all files from the kiosk after scanning over a data diode to be accessed in our secure vault on the network through active directory integration.
Gourley: You are also part of the foundational DoD capability called the JRSS. Do you do a similar thing there?
Hylton: While we are still soundly detecting, analyzing and eliminating threats and zero-day attacks with powerful advanced technologies, our involvement with the JRSS takes a slightly different approach. The underlying platform of MetaDefender Core remains the same, but the use case involves leveraging the core’s capabilities through REST APIs to bring our advanced technology into the JRSS stack rather than a physical kiosk to ingest files from portable media or personal electronic devices. We are proud to help secure DISA and its mission partners through their vision of the JRSS stack.
Gourley: How do you describe your solutions to government decision-makers?
Hylton: You can think of OPSWAT as the operational special weapons and tactics of cyber security. OPSWAT helps bring a zero trust philosophy in a very flexible and customizable way to existing file-based workflows — whether it’s an extremely high number of files being uploaded through an externally facing web portal for file submissions from constituents or government employees; to transferring terabyte sized files within air-gapped/critical networks on portable media; or adding an additional layer to email security gateways, or checking downloads by integrating into a SSL gateway. We bring a zero trust architecture philosophy through industry standards that help rapid deployment such as APIs, ICAP, SMTP and integrations with well known industry technologies.
The technology on our MetaDefender Core server can support multiple use cases and offers a multifaceted approach that does not just rely on detection but prevention through all of its components which consists of multi-scanning, zero-day prevention, proactive data loss prevention (PII, confidential data), vulnerability detection, and threat intelligence.
We have newer products called MetaAccess and SafeConnect SDP which fits neatly into the DHS CDM program of Operate, Monitor and Improve capability. We help ensure unmanaged or managed devices meet security policies before allowing connection into remote access technologies such as remote desktops or cloud services, and if not we can help streamline remediation through controls or patches through our partnerships with over 300 technology companies. Our SDP offering helps ensure resources are only visible to properly authenticated users and safe devices.
Gourley: One way that government technologists would learn about companies like OPSWAT and their capabilities is through conferences. Most of those have been put on hold till at least the fall, and when they come back we have no way of knowing how many people or companies will attend. How do you plan on getting information to government decision-makers in this environment?
Hylton: We realize the mission of government continues and perhaps accelerates during times like these and we are here to help bring advanced cybersecurity technology where it’s needed. We’ve established a webinar series called “Learn from the Experts” where we have some of the brightest minds on cybersecurity share their perspectives and wisdom on securing critical infrastructure and remote access technologies. We have one coming up with our federal distributor, Carahsoft on May 13 on “Reducing Teleworking Risk with a Software Defined Perimeter: How DISA’s concept of a ‘Black Core’ is Shaping Global Best Practices in Remote Access”.
