Secure File Uploads in Web Applications for true Zero-Trust Security

A Financial Services Case Study

Securing your Web Apps is an integral part of Critical Infrastructure Protection for a modern digitized organization. For anyone serious about zero-trust, preventing malware and data breaches requires constant vigilance and staying ahead of the modern sophisticated cyber-criminal and even high-stakes crime syndicates.

Malicious payloads can be hidden within innocuous content inside a file that is uploaded to your web apps and transferred through your network. However, these attack vectors are not addressed by SWGs (Secure Web Gateways), Proxies, WAFs (Web Application Firewalls) etc., or even the Cloud Hosting Services providers. In fact, the limitations are clearly spelled out in their respective shared responsibility models – AWS, Azure, GCP.

Organizations need a ‘plug-and-play’ solution that integrates quickly and easily with their existing infrastructure, can scale on demand, and helps them get Zero-Trust right.

We at OPSWAT, help some of the leading critical infrastructure organizations (including some of the largest banks, leading educational institutions, federal, state, and defense departments worldwide) fill the critical gap and secure their file uploads.

Here is a real-life use-case that illustrates the requirement, the threat, and the solution for one of our customers.

-------- – A Leading Financial Services Firm ensures File Upload Security by using OPSWAT MetaDefender®

For an insurance and banking services provider, cybersecurity is of paramount importance to safeguard the large amounts of client personal data that they manage. -------- needs to ensure compliance with existing and emerging Financial Services regulations and cybersecurity standards, including Know Your Customer (KYC) Rule 2090 for financial crime prevention and the General Data Protection Regulation (GDPR).

-------- uses F5, to load-balance the traffic/requests coming into their web applications to different servers. Using MetaDefender ICAP Server with the F5 BIG-IP Local Traffic Manager (LTM) load balancer, -------- was able to scan all incoming files uploaded by their customers for malware and sanitize/neutralize any potential threats hidden within.

The MetaDefender Platform provides -------- with a comprehensive, easy to deploy and maintain solution that meets regulatory compliance requirements and eliminates the risk of malware entering the organization.

Challenges - Securing Customer File Uploads on a Global Scale

To enable their customers, partners and employees to conveniently submit electronic files, -------- created web portals and applications where files could be easily uploaded. This introduced the risk of infected files entering their secure network via one of their web portals. To mitigate the security and compliance risks, -------- needed to ensure that the uploaded files were not malicious. The primary requirement was to allow incoming files from any outside source and render them 100% safe to consume without adding latency or impacting the workflow or availability of files. Additionally, the solution needed to meet regulatory requirements, be cost-effective and rapidly scalable across the enterprise.

“OPSWAT MetaDefender offered a compelling, integrated joint security solution for stopping file upload attacks, securing our web application, and keeping our networks secure,” said ---------------, IT Infrastructure Specialist at --------.

Selection Criteria

The IT Infrastructure team at -------- evaluated multiple technologies including various sandbox solutions. However, none of them met their need for a scalable, reliant, and effective solution that would provide the highest level of protection to prevent any attack.

Although sandboxes are good for a deep dive analysis of malware behavior, they take a long time to analyze the files, are resource-intensive, and could not meet the requirements for speed and the ability to neutralize threats in files. It is also a very costly solution (in terms of time, hardware requirements, and skilled personnel) to implement and maintain in production, and would be hard to scale.

Multiscanning technology scans files for malware with multiple antivirus engines to achieve the highest detection rates. Processing happens without delays (within miliseconds) and admins are alerted to potential threats real-time.

Deep CDR (Content Disarm and Reconstruction) removes any potential threats (known or unknown) and delivers safe files for your workforce.

“From functional requirements on, MetaDefender met all the checkboxes from our Security team. The content sanitization, Deep CDR technology, was one of the things our Security guys were really impressed with, especially since no other solution could provide that level of file security,” said ---------------, Architect at --------.

Solution - MetaDefender Protects --------’s Network from Malicious File Uploads

In comparison to the months of effort it took to set up a proof-of-concept with a sandbox and other solutions, it took only two hours to implement and start using MetaDefender with both Multiscanning and Deep CDR.

"The solution fit our current needs and is easily configurable as we expand. Adding the API integration allowed us to add internal services and expand our use cases. This on-demand scalability is exactly what we were looking for”, said ---------------, IT Infrastructure Specialist at --------.

-------- integrated OPSWAT MetaDefender Core ICAP Server with F5 BIG-IP LTM, which protects their systems by redirecting incoming files for analysis before they reach the servers across their network.

With MetaDefender, -------- gains:

  • Zero-Day and Advanced Malware Prevention Deep CDR (Content Disarm and Reconstruction) recursively eliminates all potential malicious code and threats from 100+ file types, while retaining the file’s usability. This zero-trust security method is highly effective in preventing both known and unknown threats.
  • Superior Malware Detection – Metascan, OPSWAT’s proprietary Multiscanning technology, scans every file for malware with multiple antivirus engines (using signatures, heuristics, NGAV, and machine learning) to achieve detection rates over 99%.
  • Rapid Deployment with F5 Integration using the OPSWAT iApp Template – a simple installation process supported by easy-to-follow documentation; the OPSWAT solution integrated with F5 seamlessly and rapidly. It took less than 2 hours to have a POC up and running.

Results - Fast Deployment, High Performance, and Scalability Resulting in Significant Overall Savings

OPSWAT’s comprehensive platform met our security requirements and was really easy to integrate with our existing infrastructure. We were able to provide a valuable and timely service to our customers that allowed them to submit documents electronically”, said ---------------, IT Infrastructure Specialist at --------.

The resulting benefits for -------- included:

  • Advanced technologies for Comprehensive Protection – MetaDefender technologies include Deep CDR (Content Disarm and Reconstruction) which provide superior detection and 100% prevention.
  • Enterprise-class Performance - MetaDefender processing is extremely fast, files are scanned in milliseconds vs. the minutes that it takes with a sandbox. Additionally, there are less false positives.
  • Cost-effective – Compared to sandboxes, MetaDefender requires far less resources and infrastructure to deliver superior functionality. You can process millions of files per day on the same server without intensive man hours (whether IT operations, administrators, or specialized developers or consultants) to deploy and maintain the platform.
  • Open APIs – Provide the flexibility to extend MetaDefender as an internal service to all other applications that need file Multiscanning and Deep CDR across the -------- organization.

“We found OPSWAT MetaDefender Core through a google search, researched their website, and eventually downloaded a free trial. The documentation was very good. We saw a lot more benefits from Multiscanning and Deep CDR than from sandboxes. We got excellent customer support and onboarding while integrating and were underway in less than a couple of hours; instead of weeks, or even months.” explains ---------------, Architect at --------.

About OPSWAT

To learn more about OPSWAT contact us today.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.