Qosmos

Security

File Content Extraction for Malware Protection and DLP

“With Qosmos, expose file movements at the network level to track malware and data exfiltration”

The challenge

Organizations of all types are facing new cyber threats due to the evolving work environment: employees now have access to social networking, file sharing applications, cloud storage, webmail, instant messaging, SaaS applications (CRM, virtual desktop infrastructure). In addition, employees bring their own devices to the office and regularly work from home or remote locations. These trends increase the risk of infection by infiltration of malware and the risk of exfiltration of sensitive information.

Security vendors have responded with new solutions for malware protection, data loss prevention (DLP) and threat analysis. To be effective, these products need to dig deep into the payload of network traffic and extract detailed information such as file content (typically decrypted payload).

 

Strengthening the solution with Qosmos

Qosmos ixEngine is a Deep Packet Inspection (DPI) library which classifies protocols, and extracts metadata and file content. It provides extraction and facilitates reconstruction of network traffic content within cyber security solutions. This gives developers the ability to expose file movements at the network level to track potential malware and data exfiltration.

Qosmos software can be used to extract raw traffic content and metadata to reconstruct: complete emails, attached files, images, videos, transferred files (uploaded or downloaded via FTP, HTTP, Dropbox), Websites, etc.

Qosmos ixEngine provides:

  • Content and file extraction: The most comprehensive and mature file extraction library supporting over 60 protocols for file extraction, including all transport types for Server Message Block (SMB) and all generic HTTP transfers
  • Deep file inspection: Efficient file type detection, file hashing, and metadata extraction for file reconstruction
      

 

Benefits

File content extraction and deep file inspection capabilities are built into the Qosmos DPI engine, which means that you are free to focus your development efforts on sensors and the quality of the overall security solution.

 


Screencast MP DLP

Video
: Qosmos ixEngine for Malware Protection and DLP

“Layer 7 visibility allows a view of individual application flows and even an understanding of components of applications.”

Jeff Wilson, Research Director and Advisor, Cybersecurity, IHS

IHS Markit Logo