FILE CONTENT EXTRACTION FOR MALWARE PROTECTION & DLP
Organizations of all types are facing new cyber threats due to the evolving work environment: employees now have access to social networking, file sharing applications, cloud storage, webmail, instant messaging, and SaaS applications (CRM, virtual desktop infrastructure). In addition, employees regularly work from home or remote locations. These trends increase the risk of infection by infiltration and the risk of exfiltration of sensitive information. Security vendors have responded with new solutions for malware protection, data loss prevention (DLP) and threat analysis. To be effective, these products need to dig deeper into the payload of network traffic, extract detailed information such as file content (typically decrypted payload) and expose file movements at the network level to track malware and data exfiltration.
STRENGTHENING SOLUTIONS WITH QOSMOS DPI
Qosmos ixEngine is an advanced DPI engine delivered as a Software Development Kit (SDK), composed of software libraries, modules and tools, that cyber security solution vendors can integrate into their products to gain granular visibility into traffic. Through protocol recognition, IP classification and metadata extraction, it enables the reconstruction of network traffic content and the exposure of file movements at the network level in order to detect potential malware and data exfiltration with more precision.
QOSMOS IXENGINE PROVIDES
- Recognition of over 3100 protocols and extraction of up to 5000 metadata, more than any other DPI library on the market.
- Support of over 60 protocols for file extraction, including all transport types for Server Message Block (SMB) and all generic HTTP transfers.
- Extraction of raw traffic content and metadata to reconstruct complete emails, attached files, images, videos, transferred files (uploaded or downloaded via FTP, HTTP, Dropbox), Websites, etc.
- Deep file inspection: Efficient file type detection, file hashing, and metadata extraction for file reconstruction.
File content extraction and deep file inspection capabilities are built into Qosmos DPI engine, with regular updates of the protocol library, leaving you free to focus your development resources on the core expertise of your products.
How to use Qosmos ixEngine for Malware Protection and Data Loss Prevention