Multiscanning
Multiscanning
Multiscanning is an advanced threat detection and prevention technology that increases detection rates, reduces outbreak detection time, and provides resiliency for malware protection solutions from a single vendor.
Advanced threat prevention - simultaneous analysis with multiple malware protection mechanisms
OPSWAT pioneered Multiscanning to provide its customers with better protection against various cyber threats. A single antivirus engine can detect 40% -80% of malware/viruses. OPSWAT Multiscanning enables file scanning with more than 30 malware protection engines both locally and in the cloud to achieve detection rates greater than 99%.
Challenges
- Malware can easily bypass a single antivirus (AV) engine and threaten your organization.
- Different AV vendors have different response times to outbreaks due to their location and concentrated markets.
- False alarms in virus detection are a common side effect of any malware scanning solution.
- Integrating multiple AVs on a single platform is challenging and difficult to manage.
- When uploading data to a cloud-based detection system, data privacy risks increase.
Multiscanning technology demonstration
Improve malware detection
Studies show that as more malware protection engines are added, the malware detection rate increases. Each engine specializes in different categories and may not detect certain types of threats. Since each malware protection engine uses different algorithms, the value of combining multiple malware protection mechanisms greatly increases detection. Combining input from analysts located in various malware labs around the world improves response to localized attacks.
As demonstrated by our multiscanning test of more than 10,000 of the most active threats, we were able to detect more than 90% with 12 connected engines, more than 97% with 16 engines and more than 99% with 20 or more engines.
Improve malware detection
Studies show that as more malware protection engines are added, the malware detection rate increases. Each engine specializes in different categories and may not detect certain types of threats. Since each malware protection engine uses different algorithms, the value of combining multiple malware protection mechanisms greatly increases detection. Combining input from analysts located in various malware labs around the world improves response to localized attacks.
As demonstrated by our multiscanning test of more than 10,000 of the most active threats, we were able to detect more than 90% with 12 connected engines, more than 97% with 16 engines and more than 99% with 20 or more engines.
Low number of false positives
False alarms, where files are reported as malicious when they are not, occur as a side effect of any malware scanning solution and can adversely affect business operations. To further complicate the problem, false positives are often reported by only a few antivirus software vendors at a time and are not always consistent or reproducible when tested.
False-positive rates are lower because many malware vendors cooperate through malware data sharing programs. This means that vendors work together to help codify true and false alarms so that overlapping vendor data has fewer false alarms, thus improving the results of using multiscanning.
In addition, providers share whitelisted data (trusted files). Our whitelist collects data from multiple vendors, which also reduces false hit detection rates.
Each engine returns some false alarms, but it is a mistake to assume that using two engines results in a doubling of the number of false alarms. Overlap in false alarm detection with multiscanning reduces the number of new false alarms added by each new engine, our multiscanning study shows. When using more engines, the number of false alarms increases, but only by a small, fractional amount, which is outweighed by the many benefits of multiscanning.
Increased efficiency
Multi-engine scanning takes a little longer than single-engine scanning, but with our multiscanning methods, the performance loss is minimized. Our methods take into account redundant tasks such as opening archives and detecting file types, and we take advantage of the fact that different engines specialize in detecting threats in specific file types. This means that many multiscanning tasks can be parallelized using methods such as distributed processing, multicore processing and in-memory scanning.
Low total cost of ownership (TCO)
Since multiscanning requires multiple malware protection engines from different vendors, cost is an important consideration. However, we are working with vendors to provide optimized multiscanning engine suite options to ensure a favorable total cost of ownership (TCO) over time. By acting as a single point of contact, we reduce the complexity of multiple scanning deployments for our global customer base of government entities and organizations in virtually every industry, including others in security, aerospace and defense, health services, critical infrastructure and supply chain manufacturing.