We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/ Technologies / Multiscanning
Advanced Threat Prevention: Simultaneous Analysis with Multiple Anti-Malware Engines
Multiscanning is an advanced threat detection and prevention technology that increases detection rates, decreases outbreak detection times, and provides resiliency for single vendor anti-malware solutions.
Get Started
Overview Challenges Benefits Products Resources Get Started
Overview
OPSWAT pioneered Multiscanning to deliver enhanced protection to its customers from a variety of cyber threats.
A single antivirus engine can detect 40%-80% of malware / viruses. OPSWAT Multiscanning allows you to scan files with over 30 anti-malware engines on-premises and in the cloud to achieve detection rates greater than 99%.
See our full list of AV engine partners.
01 / 03
“MetaDefender Storage Security was so easy to deploy in our cloud environment and that was a very important factor.”
Read the Blog
Tamir Ronen
Chief Information Security Officer, HiBob
“You have to control what goes onto your network, period. It's going to take holistic solutions like OPSWAT... to reduce that threat.”
Read the Blog
Brian Feucht
President, Unique Wire
“We're extremely lucky to partner with OPSWAT, especially with the MetaDefender product line...”
Read the Blog
Nick Chong
Chief Services Officer, Zoom Video Communications
“OPSWAT is a valuable partner to Zendesk. MetaDefender Core helps us test attachments and identify malware which builds customer trust. OPSWAT is a trusted partner we confidently rely upon.“
Hemant Kataria
Sr. Director of Engineering, Zendesk
Challenges
- Malware can easily bypass a single antivirus (AV) engine and put your organization at risk.
- Different AV vendors have different response times to outbreaks due to their location and focused markets.
- False positives in virus detection is a common side-effect in any malware scanning solution.
- Integrating multiple AVs into a single platform is challenging and hard to manage.
- Data privacy risks increase when uploading to a cloud detection system.
Benefits
OPSWAT Multiscanning Benefits
Improve Malware Detection
Research shows that as more anti-malware engines are added, malware detection rates improve. Each individual engine specializes in different categories and may not detect certain types of threats. Since each anti-malware engine uses different algorithms, the value of combining multiple anti-malware engines significantly increases detection. Combining the inputs from analysts located in various malware labs around the globe improves response for localized attacks.
As shown in our Multiscanning test of more than 10,000 of the most active threats, we achieved over 90 percent detection with 12 combined engines, over 95 percent detection with 16 engines, and over 99 percent detection with 20 or more engines.
Improve Outbreak Exposure Times
During malware outbreaks the time it takes to detect a new threat is critical. Even small changes in detection rates can add days, weeks or months to the time it takes for various anti-malware engines to respond to emerging threats.
AV-Test.org conducted a test that shows that the detection mechanisms used by different anti-malware engines are faster at detecting certain malware compared to others. By combining the results of multiple scanning engines, we can reduce outbreak exposure times and achieve virtually zero exposure.
These gaps in detection are cause for concern because they expose organizations that use only a single anti-malware engine that hasn't yet detected a specific threat. For example, the Nemucod.KP trojan was initially detected by three anti-malware engines on March 16th, 2016. Within two days eleven anti-malware engines had detected the threat, and after one week sixteen engines had detected it. But months later, 24 engines still had not detected the Nemucod.KP threat.
The ability for multiscanning to dramatically reduce the exposure gaps of using one or a small number of anti-malware engines makes it a valuable approach for the early detection of emerging and actual outbreaks.
Low False Positives
False positives, where files are reported as malicious when they are not, surface as a side-effect of any malware scanning solution, and can adversely affect business operations. To further complicate the issue, false positives are often only reported by a few anti-malware vendors at a time, and they are not always consistent or reproducible during testing.
False positive rates are reduced because many malware vendors work together through malware data sharing programs. This means that vendors work together to help codify true positives and false positives, so that overlapping vendor data has fewer false positives, thus improving the results of using multiscanning.
Also, vendors share allowlist (trusted file) data. Our allowlist database accumulates the data from many vendors, which also reduces false positive detection rates.
Every engine returns some false positives, but it is incorrect to assume that using two engines results in double the number of false positives. Overlap in the detection of false positives using multiscanning limits the number of new false positives added by each new engine, as our multiscanning research demonstrates. When we use more engines, the number of false positives does go up, but only by a small, fractional amount, which is outweighed by the many benefits of multiscanning.
Enhanced Performance
Scanning with multiple engines takes slightly longer than scanning with a single engine, but with our multiscanning methods, performance loss is minimized. Our methods take into account redundant tasks such as opening archives and detecting file types, and we also leverage the fact that various engines specialize in detecting threats in specific file types. This means that many multiscanning tasks can be parallelized by using methods like distributed computing, multi-core processing and scanning in memory.
Reduce Exposure from Vendor Issues
With multiscanning, you can avoid exposures caused by the potential limitations of a single vendor. This could be a technology issue, like a particular vendor being unable to detect a vulnerability because of a technical limitation, or it could be a business reason, like a vendor not being allowed to operate in certain geographic regions or government agencies.
Over-reliance on a single vendor can prove challenging, but these issues are avoided with multiscanning approaches. Multiscanning also gives you the flexibility of removing a problematic vendor from your deployment environment if vendor issues occur.
Low Total Cost of Ownership (TCO)
Because multiscanning requires multiple anti-malware engines from various vendors, cost is a factor. However, we partner with vendors to deliver optimized multiscanning engine package options to provide beneficial Total Cost of Ownership (TCO) over time. By serving as a single point of contact, we reduce complexity in multiple scanning deployments for our global client base of government entities and organizations in virtually every industry including other security firms, aerospace and defense, healthcare services, critical infrastructure, and supply chain manufacturing.
See OPSWAT Multiscanning in Action
Learn More
01 / 02
“Having MetaDefender ICAP has increased our protection. With multiple antivirus engines, the detection range for malicious files or malware is increased.”
Ronny Querfurth
Consultant on IT Solutions and Platforms, Berlin Brandenburg Airport
Read the Blog
”OPSWAT Multiscanning has enabled us not only to improve our incident response quality but also to ensure safety of customer information by allowing us to scan files with a private, on-premises solution.”
Koji Tashima
IT Security Analyst, NRI
OPSWAT Worldwide Anti-Malware Vendor Distribution
- AhnLab
- Antiy
- Avira
- Bitdefender
- BKAV Pro
- ClamAV
- CMC Internet Security
- Comodo
- CrowdStrike Falcon ML
- Cylance
- Emsisoft
- ESET
- Filseclab
- Huorong
- IKARUS
- K7
- LIONIC
- McAfee
- Microsoft Defender
- NANOAV
- NETGATE
- Quick Heal
- RocketCyber
- Scrutiny
- Sophos
- Systweak
- TACHYON
- Varist
- Vir.IT
- VirusBlokAda
- Webroot SMD
- Xvirus Anti-Malware
- Zillya!
OPSWAT Products That Use Multiscanning
01 / 10
MetaDefender Core
For integration with existing security architectures via REST APIs
View Detail
MetaDefender ICAP Server
For integration with web apps (via WAF, LB or API Gateway) to detect and prevent threats in the file transfer process
View Detail
MetaDefender Email Security
For enabling organizations to protect themselves against advanced email attacks and data breaches
View Detail
MetaDefender Kiosk
For processing files entering secure networks on portable media devices
View Detail
MetaDefender Storage Security
For integration with cloud storage and on-premises storage solutions
View Detail
MetaDefender Core AMI
For deployment in your AWS account to process received files or protect your S3 buckets
View Detail
MetaDefender Cloud
For integration in cloud and IaaS environments or with your existing SaaS products via REST APIs and leveraging our large hash database, IP reputation services, and more
View Detail
MetaDefender Managed File Transfer
For securely transferring and storing files entering networks
View Detail
MetaDefender Drive
For inspecting devices before they enter facilities and networks
View Detail
MetaDefender Access
To prevent risky devices from accessing local networks and cloud applications
View Detail
Recommended Resources
Infographic: What is Multiscanning?Blog ArticlesMetaDefender Core DatasheetLicensing Options
Learn How Multiscanning Helps Protect Your Infrastructure
Get Started
