Organizations operating in high-risk environments – government institutions, energy facilities, critical infrastructure – face a special challenge: how to enable secure file transfer between networks with different levels of trust without exposing sensitive resources to infiltration? The answer is the concept of isolated file transfer, which is implemented by MetaDefender Managed File Transfer, a product formerly known as MetaDefender Vault.
Key findings
- MetaDefender Managed File Transfer is a solution for securely transferring files between isolated networks
- Each file undergoes multi-layer verification before being released to the target network
- The solution eliminates the risk of malware transmission through external media and channels
- Implements Zero Trust philosophy – no file is considered secure without verification
- Works especially well in OT, SCADA environments and air-gapped networks
Table of contents
- What are high-risk environments and why do they require special protection?
- File transfer problem between isolated domains
- How does MetaDefender Managed File Transfer work?
- Key features and protection mechanisms
- Practical applications – critical sectors
- Integration with other OPSWAT products
- FAQ
- Summary
What are high-risk environments and why do they require special protection?
High-risk environments are networks and systems where data compromise can lead to serious consequences – operational, financial and even national security. These include industrial control systems (ICS/SCADA), military and government networks, energy and nuclear infrastructure, and financial systems that process sensitive data.
A common feature of these environments is the need for isolation – networks are often intentionally cut off from the Internet (air-gapped) or segmented in such a way as to minimize the attack surface. The problem arises when it is necessary to transfer data between such networks. Each file becomes a potential attack vector.
File transfer problem between isolated domains
Even the most secure network must accept files from the outside – software updates, documents from contractors, data from mobile devices. Traditional approaches, such as manually transferring files on USB drives or using unsecured FTP channels, create serious security vulnerabilities.
History is familiar with high-profile examples: the Stuxnet worm that infected Iran’s nuclear facilities got in just through an infected flash drive. Similar cases occur regularly in the energy sector and government institutions. The problem isn’t just malware – it’s also unintentional data leaks and a lack of control over what leaves a secure environment.
How does MetaDefender Managed File Transfer work?
MetaDefender Managed File Transfer implements secure file transfer between network domains with different levels of trust, based on the principle of multi-layered verification of each transferred file. No file reaches the destination network without passing the full inspection process.
The verification process includes multiscanning using multiple antivirus engines simultaneously, which significantly increases threat detection compared to a single-engine approach. The file then goes through the Deep CDR mechanism – deep disarmament and content reconstruction – which removes potentially malicious active elements without destroying the useful content of the document. Running in parallel is Proactive DLP, which checks the file for sensitive data that should not leave the protected network.
Key features and protection mechanisms
The solution offers a broad set of features tailored to the needs of critical environments. Central transfer policy management allows you to define detailed rules for different file types, users and transfer directions. Every operation is logged and auditable, making it easier to meet regulatory requirements.
An important feature is the support of various input channels – files can be accepted from removable media via dedicated MetaDefender Kiosk, via web interfaces, APIs or secure transfer protocols. As a result, the solution integrates with existing infrastructure without the need to rebuild it.
Practical applications – critical sectors
In the energy sector, MetaDefender Managed File Transfer protects SCADA networks from threats carried by driver software updates and technical documentation provided by third-party vendors. In government institutions, it enables the secure exchange of documents between classified and unclassified networks. In the financial sector, it controls the movement of files between DMZ zones and internal networks.
Each of these environments has different requirements for bandwidth, file formats and security policies – the solution is configurable and scalable, making it useful in both small installations and sprawling enterprise environments.
Integration with other OPSWAT products
MetaDefender Managed File Transfer is part of the broader OPSWAT ecosystem and integrates with the other components of the MetaDefender platform. Of particular value is the combination with MetaDefender Core, which provides scanning engines, and MetaDefender ICAP Server, which enables integration with existing network gateways and proxy servers.
This approach makes it possible to build a consistent security architecture in which every point of contact between networks is protected in a uniform and managed way.
FAQ
How is MetaDefender Managed File Transfer different from a regular FTP solution with antivirus? Ordinary FTP solutions with a single antivirus engine rely on detection of known threats. MetaDefender MFT uses multiscanning with dozens of engines simultaneously and Deep CDR, which removes threats even from files not marked as malicious.
Does the solution work in completely air-gapped environments? Yes. MetaDefender Managed File Transfer is designed for air-gapped environments and supports transfer via physical media via scanning kiosks.
What file formats are supported? The solution supports hundreds of formats, including Office documents, PDF, archives, images, executable files and many others. Deep CDR can reconstruct files in more than 100 formats.
Does MetaDefender MFT meet the requirements of NIS2? Yes – the ability to audit, control the flow of data and verify each file meets the NIS2 directive requirements for supply chain security and incident management.
Summary
Secure data isolation in high-risk environments requires more than a traditional antivirus. MetaDefender Managed File Transfer from OPSWAT provides multi-layered protection for every transferred file – from multiscanning to Deep CDR to Proactive DLP – putting the Zero Trust philosophy into practice. It’s a must-have solution for any organization that operates in an environment where data compromise means serious consequences.
