SlideShare a Scribd company logo

SOFTCAMP SHIELDEX INTRODUCTION

Softcamp Co., Ltd., profile picture
Softcamp Co., Ltd.

SHIELDEXTM is a solution that uses content disarm and reconstruction (CDR) technology to sanitize incoming external files by removing potentially malicious code and reconstructing only approved contents, in order to protect against advanced persistent threats (APTs) in a way that existing security methods cannot. The solution scans file structures, applies CDR technology, and provides logging and reporting while allowing only safe documents internally through various network access points.

Technology
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
SHIELDEX™ Introduction SOFTCAMP Co., LTD. June. 2017
Contents 1. Brief APT 3. Solution Overview 2. Business Challenge 5. SHIELDEX Case 4. SHIELDEX Products 6. Customer Benefits
© SOFTCAMP Co., LTD. All rights reserved. ┃APT (Advanced Persistent Threat) ? SHIELDEX 1. Brief APT 3 Exterior Enterprise Interior Enterprise 1 2 Information leakage Incursion through Web Incursion through External devices Reconnaissance Attack & Infection Extraction (C&C Connection)4 3 5 Targeted PC Exploit Trigger Setting target & gathering information  APT(Advanced Persistent Threat) is an attack that thoroughly inspects and plans in advance in order to destroy the defense mechanism of an organization such as security technology, process, and user’s security awareness.  The APT attack is characterized by secretive and intelligent attacks over a long period of time on certain targets such as government or company and if an attack is not only highly intelligent and precise but also is secretively engaged on a certain target with consistency, it may be categorized as APT.  APT penetrates into an internal PC or server and conducts monitoring for a long period of time and modifies or replaces malicious code continuously in order to evade the high tech security detection techniques, making it difficult for security solution to analyze the pattern.
© SOFTCAMP Co., LTD. All rights reserved. ┃Can we prepare for APT attacks based on the existing security solution method? SHIELDEX 1. Brief APT 4  Countermeasures against APT have to be done using a method that is different from the existing method and the existing analysis method has the follow ing restrictions.  The Signature, Pattern Matching method can only defend known malicious codes and the Dynamic Analysis method that uses Heuristic and Sandbox requ ires a lot of investment but has a high wrong detection rate and is vulnerable to Zero-Day Exploit, Time bomb, Bypassing Sandbox and others. Static Analysis Comparison/ detection • Method that saves the malicious code’s pattern and file information in DB then compares and inspects • When an unknown malicious code that has not been updated in the DB enters, detection fails and is defenseless until the DB on the new malicious code is updated Signature /Pattern Database Dynamic Analysis Executed in Virtual environment VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 • Several Virtual environments similar to the Client environment are created and file is directly executed for detection • Environment that is perfectly equal to the Client’s cannot be created and it is impossible to detect malicious codes with time setting and VM environment detection [Operation structure]  Uses the application vulnerability that views documents  Uses the inserted shell-code to execute malicious code when viewing documents  Attack applied with Zero-Day Exploit, Time bombs virus, Bypassing Sandbox method etc… Application vulnerability Shellcode Embedded binary code (executable malware) Document disguised as work file (Decoy)
© SOFTCAMP Co., LTD. All rights reserved. ┃Against APT SHIELDEX 2. Business Challenge 5  Need to change the countermeasure method against external attack threats (Gartner.2017.02, , JAPAN Government IT Compliance .2016.06)  The existing APT response method is in a dilemma. Instead of relying on the behavior analysis method using the sandbox, companies should try new idea technology to disarm and reconstruct the contents (CDR). Unlike malware analysis , CDR technology does not determine or detect malware's functionality but removes all file components that are not approved within the system's definitions and policies. Because CDR removes all potentially malicious code, it can be effective against zero-day vulnerabilities th at rely on being an unknown threat that other security technologies would need to patch against to maint ain protection. CDR ( Content Disarm & Reconstruction ) Create maliciouscodes
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Engine - SaniTrans™ SHIELDEX 2. Business Challenge 6  SHIELDEX™ uses the Contents Structure Analysis method that is differentiated from the existing malicious code detection method, extracting only visible contents within documents to re-create the document. It is a solution that fundamentally eliminates space within the document file where malicious code can be inserted. <Structure of pptx file> • Checks the structure of document file and inspects the contents within the document file • Only safe contents that are compulsory for delivering information such as Chart, SlideLayout, Slidemaster, BodyText and others inside the document file are extracted to re-create document • Optimized to malicious code in document file format that is recently on the rise Only clean documents are allowed in 1. Format Verification 2. Structure Analysis 3. Component Extraction 4. Re-Construction Verification CDR Processing flow
© SOFTCAMP Co., LTD. All rights reserved. ┃JAPAN IT Compliance SHIELDEX 2. Business Challenge 7 Security reinforcement guideline of Japanese Ministry of Internal Affairs and Communications (2017.10)  The Japanese government confirmed and choose the CDR (Content Disarm & Reconstruction) method for effective in responding to APT.  Each local government in Japan has to ensure that incoming documents into the internal network has to undergo sanitization along with network separation. CDR trial project was completed(2017.03)  Local governments will be obligated to apply for the first time, and then proceed to education and government agencies. 1. Backdoor 드롭 Macro 삽입 2. 정상/악성 매크로 체크 3. 악성 매크로 제거 IT guideline in Japanese Ministry of Internal Affairs • Network separation is compulsory in order to reinforce the information security of local governments • “Sanitization” is required for incoming external files into the internal network • File sanitization is impossible with the existing vaccine or APT countermeasure solution • SHIELDEX is one of the solutions capable of using sanitization technology to disarm files 1. Backdoor 드롭 Macro 삽입 2. 정상/악성 매크로 체크 3. 악성 매크로 제거 Security measures of internal network • There are various paths for incoming external files and with the existing solution, security with regard to various paths is impossible • SHIELDEX provides various options for sanitization process with regard to files that have entered through USB/Mail/Internet network
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Solution Concept SHIELDEX 3. Solution Overview 8  SHIELDEX™ only permits safe documents internally by undergoing file structure scan and sanitize document on CDR (Content Disarm & Reconstruction) process with regard to incoming external files. Scans file structure File Scan CDR Logging SHIELD against External file threats Stage 1 Stage 2 Stage 3  Stage 1: Scans the document file structure and detects suspicious components that have a structure different from the standard of documents.  Stage 2: CDR technology is applied to eliminate the suspicious areas in the structure and to reconstruct a safe document file.  Stage 3: Provides various CDR processed information based on the hash value of original file. Logging & Reporting Content Disarm & Reconstru ction
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX CDR Engine SHIELDEX 3. Solution Overview 9  SHIELDEX CDR Engine, which is the core of sanitization solution, interlinks with the work system of the path for external incoming through network separation environment of a company, external mail, portable devices and others then delivers sanitized and safe files to the internal system.  Technology that only extracts Visible Contents (text, images etc.) and re- constructs them into a safe document  Eliminates hidden attachments included in the document • Compatible extensions: doc(x)/ppt(x)/xls(x)/csv/pdf/hwp/txt/ and others • Compressed files: zip/lzh • Malicious document : Is converted into a normal document and the conversion eliminates macro/VC code and others included • Decoy document file : Document-type of malicious code that is disguised using the visible icon and the file name is fundamentally prevented CDR (Content Disarm & Reconstruction Technology) Data transmission server User PC CDR • Provides the incoming control function with regard to documents such as MS Office, PDF and others. • Other than MS Office, PDF and others, only pure text documents and image documents are permitted in.
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX System Layout SHIELDEX 3. Solution Overview 10 Provides an all-in-one solution with a CDR engine in the main path to the inside  Full Package for SHIELDEX : SCI Server , Client , Console , Logging Server.  Network Appliance: SHIELDEX SaniTrans Net, SHIELDEX SaniTrans Mail, SHIELDEX FTMS(Include AD-FTMS) Internet Mail Server Transfer Data on Cross Network Data Transfer Server External Network External User PC SHILEDEX SaniTrans Mail Security Administrator SHILEDEX SaniTrans Net CDR Download Logging Server Removable Disk Device User PC SHILEDEX Client Incoming document Path CDR & Safe Contents Firewall CDR Logging SCI Server SHILEDEX Console SHILEDEX SFTMS SHILEDEX FTMS IEEE1394 CDR Logging CDR CDR CDR
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Major Functions SHIELDEX 3. Solution Overview 11  SHIELDEX only allows safe documents that have undergone Local PC Access Prohibition – Document Structure Scan – Sanitization (Content Disarm & Reconstruction) process with regard to external incoming documents. V-Room Sanitization Logging Work V-Room Explorer  Prevents the use and access of Windows Explorer  Prevents USB AutoRun  Re-construction document/image file contents (Files within compressed file and sanitization process)  Prevents files suspicious of malicious act from coming in Document sanitization, CDR (Contents Disarmed Reconstruction) Reporting & Logging System Setting  Information of incoming file and logging of sanitization result  Prevents inflow of certain files Supports IEEE 1394 Work
© SOFTCAMP Co., LTD. All rights reserved. ┃CDR Functions SHIELDEX 3. Solution Overview 12  Document Content Disarm & Reconstruction Engine checks and eliminates suspicious contents such as Macro, Scripts, Embedded Objects and others.  The remaining part of the document with Macro, Scripts, Embedded Objects eliminated can be used normally. Function of eliminating suspicious contents Function of eliminating Malicious macro Function of eliminating ActiveX Scripts Function of eliminating Embedded Objects 1. Inserts Backdoor drop Macro 2. Checks normal/malicious macro 3. Eliminates malicious macro 1. Inserts Backdoor drop Active X 2. Checks suspicious ActiveX Scripts 3. Eliminates ActiveX Scripts 1. Inserts buffer overflow executing objects 2. Checks suspicious Objects 3. Eliminates Objects
© SOFTCAMP Co., LTD. All rights reserved. ┃Management Functions SHIELDEX 3. Solution Overview 13  Provides statistics on the current status of incoming per incoming type, number of user/file accumulation cases and others in the admin control  Sets policy per user department and provides logging on incoming external files Statistics on incoming external files Management of service status
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Support SHIELDEX 3. Solution Overview 14 Type Compatible extensions Connecting Program Remark Document file Microsoft Word (*.doc, *.docx, *.docm, *.rtf) Microsoft PowerPoint (*.ppt, *.pptx, *. pptm) Microsoft Excel (*.xls, *.xlsx, *.xlsm, *.csv) Adobe PDF (*.pdf) Hancom Soft Hangul (*.hwp, *.Hwt) Text (*.txt) Image file Image Format (*.jpg, *.jpeg, *.gif, *.tif, *.tiff, *.bmp, *.png, *.ico) Compressed file (*.zip, *.lzh) Compression program installed in PC Mail format Msg, Eml Supports sanitization of attachments except for body text CAD format AutoCAD(*.dwg, *.dxf)  Extensions that support the sanitization of SHIELDEX Contents Disarm and Reconstruction Engine are as below.
© SOFTCAMP Co., LTD. All rights reserved. ┃Compare Solution SHIELDEX 3. Solution Overview 15 SHIELDEX VOTIRO Main func tions  Source defense against threats of external inflow files other than analysis / detection methods  only extracts Visible Contents (text, images etc.) and reconstructs them into a safe document  Idea of product: Controls all possible paths of documents coming in and sanitizes threat (Controls incoming channel-USB, email, data transmission between network paths)  Additional virus engine can be connected.  Performs a CDR process on the server, only imports clean files.  At the same time, the body of the message and the attachment are sanitized, and the body of the message and the attachment are forwarded to the recipient  Same concept  Change the data to fit the standard format in which the document is created (document changes are significant)  Idea of product : Only provides CDR engine  Concurrently running the online virus engine to detect known threats(slowing down)  After sanitization process at the server device, only safe file is delivered to the user’s folder  When e-mail system integration, message body only delivered to user’s inbox Manage ment scope  Provided as Appliance equipment or API, Cloud Service  Same Pros  It consists of all-in-one system that does not require interworking including mail engine and network connection module  Line-up with various pack products such as client, mail, data transmission system between network and others  Stores original file prior to sanitization (deleted by schedule)  Supports the incoming of original with regard to the file detected as normal  Sale of CDR engine and API only, Separate product is needed when linking with email system  Preemption of initial market in CDR, Gain many partners  Japan's Ministry of Internal Affairs and Communications Recommended Products  Service to 47 prefectures through interworking with cloud system Cons  Restrictive compressed file formats  Doesn’t support the sanitization of email body text in HTML/XML format  Japanese Unicode Error  All-in-one SHIELDEX products that do not require interlocking with other products also have superior technology compatibility and price competitiveness.
© SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Mail SHIELDEX 4. SHIELDEX Products 16 Sanitization of mail text ああああ Sanitization of attachment Reconstructed into safe attachment Reconstructed into HTML text Incoming Mail Clean Mail  SaniTrans Mail, as a All-In-One product equipped with document sanitization engine and Mail’s SMTP function, uses CDR technology to inspect the attachment of the email and to reconstruct  As for the compressed file, compatible format within the compressed file is checked and after sanitization, it is re-compressed then delivered to the user.  Amount of spam mail sent and APT attack route  More than 66% of emails being sent in the world and half of the emails being sent domestically are spam mail.  APT attacks through the email is approximately 8 times higher than web and takes up 87% of the entire APT attack route. (Source: Palo alto Networks)  Checks whether script is included within the text and removes  Image sanitization process within text, replacement of text, linked image is downloaded and reconstructed then directly attached to the email Mail text and attachment reconstructed into Clean Contents after sanitization
© SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Mail SHIELDEX 4. SHIELDEX Products 17 As-is To-be  SaniTrans Mail’s sanitization process Mail Receiver Mail Sender Anti-spam Server FirewallRouter Mail Server (POP3, IMAP) Unknown malware Receive Mail SHIELDEX SaniTrans Mail Mail Receiver Mail Sender Anti-spam Server FirewallRouter Mail Server (POP3, IMAP) Receive Mail SMTP Relay General Mail System SHIELDEX SaniTrans Mail System • Anti-spam solution and vaccine only prevents known malicious codes and increases threat • New malicious code has been designed to avoid Anti-spam solution and vaccine • Malicious code inserted into the main’s text and attachment destroys the internal system • Only allows safe mail through reconstruction of mail’s text and attachment • Powerful countermeasure against malicious code evading Anti-spam solution and vaccine in SaniTrans Mail server • Establishes sanitization system capable of responding to malicious code inserted in the mail text and attachment  Inspects Vaccine  Prevents spam mail
© SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Net SHIELDEX 4. SHIELDEX Products 18 User PC (External network) Transmission server (InternalWAS) User PC (Internal network) Internet Local-Network External network upload Internal network download HTTP communication HTTP communication HR information connection IEEE1394 Serial Cable  SaniTrans Net connects with data transmission system between networks in a company’s network separation environment, receives file from the data transmission system between network then delivers sanitized and safe file to the data transmission system between networks.  It is comprised of an All-in-One product equipped with Internal network connection module (FTMS) for interlinking separated networks in SaniTrans FTMS, SaniTrans Net environment and it safely sanitizes incoming files through the file transmission system.  Can be linked to incoming document approval system, in case of incoming document, admin’s approval is required.  File transmission system between network (FTMS), Does not use FireWire communication (IEEE 1394 / safety protocol), TCP / IP communication so Internet’s separation status is maintained
© SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Net SHIELDEX 4. SHIELDEX Products 19 As-is 그림 As-is To-be User PC (Internet network) Data transmission server between network (External WAS) 1. File uploaded Data transmission server between network (Internal WAS) User PC (Internal network) 2. Receives and saves file 3. Vaccine inspection File Storage 4. Sends file to internal network Internet network Work network 5. User, file download User PC (Internet network) SHIELDEX sanitization server 1. File uploaded 연동Interface User PC (Internal network) 2. Receives and saves file 3. Vaccine inspection 4.Sends full text of file and sanitization request 5. Isolates and saves files that have been prevented from sanitization (Isolation) File Storage Isolation 7. Sends file to internal network 6. Sends full text of sanitized file and sanitization result 8. User, file download Malicious file isolated File flow New equipment and N/W connection Existing equipment and N/W connection General file Sanitized file Malicious file │ Key Log flow General network-connection environment SHIELDEX Sanitrans network-connection environment • Security vulnerability with the application of network connection system even in network separation environment • Countermeasure against target- type and intelligent type of attacks impossible in advance with the existing vaccine inspection only • Threat of destruction of internal system through malicious file downloaded through network connection • Files coming in through network connection is reconstructed into a safe file • Reinforces system capable of preparing in advance with regard to malicious code instead of post countermeasures such as vaccine and monitoring tools • Establishes a continuous and effective system with regard to incoming external files even in network connection environment Data transmission server between network (External WAS) Data transmission server between network (Internal WAS) Internet network Work network
© SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ FTMS SHIELDEX 4. SHIELDEX Products 20 As-is 그림 As-is To-be User PC (Internet network) User PC (Internal network) File Storage 5. User, file download General network-connection environment • Security vulnerability with the application of network connection system even in network separation environment • Countermeasure against target- type and intelligent type of attacks impossible in advance with the existing vaccine inspection only • Threat of destruction of internal system through malicious file downloaded through network connection • Protects the internal environment from TCP/IP vulnerability by using FireWire communication • Only allows safe documents in through Stage 1’s document sanitization, Stage 2’s payment method • Effects for introducing network separation system through Firewire communication can be enjoyed User PC (External network) File transmission server (Internal WAS) User PC (Internal network) File transmission server (External WAS) HTTP communication HTTP communication FireWire communication (IEEE 1394 / safety protocol) Does not use TCP / IP communication so the Internet’s separation status is maintained SHIELDEX FTMS network separation environment Shared folder on network ( IN Folder ) Shared folder on network ( OUT Folder ) Data transmission server between network (External WAS) 1. File uploaded 2. Receives and saves file 3. Vaccine inspection 4. Sends file to internal network Data transmission server between network (Internal WAS) File flow New equipment and N/W connection Existing equipment and N/W connection General file Sanitized file Malicious file │ Key Log flow Internet network Work network Internet network Work network
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX™ Client SHIELDEX 4. SHIELDEX Products 21  Portable storage devices such as USB, CD/DVD can be accessed only through V-Room Explorer  Protects the PC from Malware attacks targeting Window AutoRun and USB device plugin User environment – USB isolation Admin environment – Current status of incoming file
© SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX™ Client SHIELDEX 4. SHIELDEX Products 22 As-is To-be Provides a virtually isolated environment 2. V-Room Explorer connection Prohibits the connection of portable storage device through (Windows Explorer )  Views safe file that has been sanitized  Sanitizes file upon internal incoming  Exposed to attacks targeting document Application vulnerability General Windows Explorer connection Portable storage device is connected to PC 1. Portable storage device is Connected to PC • Vaccine inspection • Device control  Unknown malicious code can come in • Vaccine inspection • Device control • Only executes signature/pattern inspection through vaccine • Newly created malicious codes have been designed to avoid vaccine • Threat of infection by new malicious code • Document/image file Only safe contents are allowed in through contents reconstruction • Powerful response to malicious codes avoiding vaccine and VBA malicious code detection • Establishes sanitization system capable of responding to malicious codes in document format that are current viral
© SOFTCAMP Co., LTD. All rights reserved.23 │ SHIELDEX Success Case 5. SHIELDEX Case SHIELEDEX Module Name Type Functions Reference Present state SaniTrans Net Engine Document sanitization OO military institute(2 places) OO bank OO provincial office FTMS Engine, IEEE cable & I/F Sanitization of file transmission (IEEE1394 c onnection, approved incoming) OO city hall (Japan) OO city hall(Japan) Applied to 7 local governments in the first half of 2017 FTMS (simplification) Appliance Transmission of monitored file in network folder cloud center for city hall(Japan) Expected to be applied to 20 local governments in the second half of 2017 SaniTrans Mail Appliance Sanitization of mail text and attachment OO press (Japan) National policy executing corporate (Japan) OO city hall(7 places, Japan) Targets 50 services in 2017 with OO cloud service Module Name Type Functions Reference Present state Client Client Agent Virtualized isolation (V-Room for Device / Browser) Sanitization of incoming file OO bank OO provincial office V-Room for Device Client Agent USB (USB, portable disk, CD) Isolation and sanitization OO bank OO provincial office V-Room for Browser Client Agent Isolation and sanitization of documents downloaded in browser OO provincial office Server Side Appliance Type Client Side Agent Type  In Korea, key military institutes, banks and government institutes use SHIELDEX and it is serviced in 10 local governments in Japan. Introduction and consultation for local governments and Japan and conglomerates are increasing.
© SOFTCAMP Co., LTD. All rights reserved. ┃Effects of applying SHIELDEX (1/2) SHIELDEX 5. SHIELDEX Case 24  Establishment of sanitization system was necessary as the network separation environment and existing signature/analysis of action based APT security solution wasn’t enough to protect the advanced and intelligent threats of files incoming in from outside. Establish [preemptive response system] with regard to advanced, intelligent and ever-changing cyber threats Establishment [Management system on current status of incoming external file] capable of managing/controlling the incoming external file and current status of prevention per system and per organization Background Purpose Control over Incoming External file Control over Current status Of incoming External file • Manage/control current status of incoming external file, maintenance of monitoring system • List current status of incoming external file per group/user and insufficient control and management system • Analyzes actual condition of incoming through current status of prevention per file and maintenance of analysis/control system with regard to prevented file • Increase in cases of propagation and infection of malicious codes evading patter analysis method S/W (vaccine) • Urgent need to prepare for fundamental countermeasures against advanced and intelligent cyber attacks • Increase in changing cyber threats Establishment of contents sanitization system
© SOFTCAMP Co., LTD. All rights reserved. ┃Effects of applying SHIELDEX (2/2) SHIELDEX 5. SHIELDEX Case 25  Effect of fundamental prevention against advanced and intelligent cyber threats by establishing a preemptive system capable of sanitizing files coming into the institute or of preventing and controlling the incoming of hazardous files through the application of SHIELDEX sanitization engine in a network separation environment Institute A Expected effects AS-IS • Insufficient control system with regard to incoming external file during work in network separation environment • Absence of a system that fundamentally prevents incoming of hazardous file Control/saniti zation of incoming external file Management of current status of incoming external file Control range • Isolation/disposal of hazardous file by identified pattern of vaccine S/W  Post countermeasure • Absence of current status of incoming external file and management system • Absence of identification system for incoming external file TO-BE • Suppresses propagation and infection by sanitizing documents infected with malicious code • Fundamentally prevents/isolates the incoming of fake/falsified extension, failed sanitization (file suspicious of malicious code) • After removing the malicious code within the file, action can be taken in advance with reconstruction of contents • Analyze and monitor current status of incoming external file in real-time • List and view statistics on the current status of incoming external file per institute/per organization/per user Path of incoming external file Benefit Institute B
© SOFTCAMP Co., LTD. All rights reserved. ┃Customer Benefits SHIELDEX 6. Customer Benefits 26  SHIELDEX fundamentally prevents malicious files coming in from external incoming paths, protecting the system resources, minimizing the possibility of unknown threats and guaranteeing the work continuity and establishment of a safe internal environment. Eliminates threat Controls incoming file in an area isolated from internal environment Reinforces security with regard to file distribution in actual environment by managing the logging with regard to incoming file Reinforce work cooperation in a safe environment by identifying and preventing incoming external files Complements the restrictions of the existing security method • Post countermeasures through existing pattern analysis cannot effectively respond to new malicious codes • Need to manage incoming external files even in network separation environment Minimizes the security threat by eliminating threats per step • Establish permanent sanitization system that progressively eliminates/monitors threats with regard to external files coming in from various paths • Prevents risk that may cause crisis in advance and upon detecting threat, actively establishes a response system Isolates incoming file Step 1 Fundamental prevention of malicious file Step 2 Logging management of incoming file Step 3 Controls malicious file through document analysis and document reconstruction technology
SOFTCAMP Co., LTD. http://www.softcamp.net/ T. +82-31-697-4502 M. gm@softcamp.co.kr 3F, Elentec BD., 17, Pangyo-ro 228 beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, 13487, KOREA The information herein is for informational purposes only and represents the current view of SOFTCAMP Co,. LTD. as of the date of this presentation. Because SOFTCAMP must respond to changing market conditions, it should not be interpreted to be a c ommitment on the part of SOFTCAMP, and SOFTCAMP cannot guarantee the accuracy of any information provided after the date of this presentation. ⓒ 1999-2017 SOFTCAMP Co., LTD. All rights reserved. No part of this work covered by the copyright hereon may be reproduced or used in any form or by any means -- graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems -- without written permission of SOFTCAMP Co., LTD., SoftCamp, the traditional SoftCamp Logo, “SoftCamp Co., Ltd.”,“Document Security”,“S-Work,” “MaxeOn”,“S-Work for Storage”,“SHIELDEX”,“Secure Workplace,” and “Secure Keystroke” are trademarks of SOFTCAMP Co., LTD. All other trademarks mentioned herein are the property of their owners. Printed in the Republic of Korea. SOFTCAMP Patent No. : KR1429131, KR1500512, KR1446326, KR1299051, KR1227187, KR1113820, KR1098250, KR1016615, KR0909891, KR0949790, KR0943318, KR0879808, KR0843701, KR0589529, KR0549647, KR0549646, KR0702512, KR0589541, KR0549645, KR0639828, KR0596135, KR0318015, US 6226645, US 7840750, US 8402269, US 8340290, US 8452740, CN 746748, CN 1298920, CN 1444528, JP 4717058, JP 5048784, JP 5032663, JP 5224555

More Related Content

PPTX
Hqs abatis hdf general overview
Nine23Ltd
 
PDF
IRJET- Document Management System, Open Source and Secure
IRJET Journal
 
PPTX
LogChaos: Challenges and Opportunities of Security Log Standardization
Anton Chuvakin
 
PDF
[Warsaw 26.06.2018] SDL Threat Modeling principles
OWASP
 
PPTX
Security Best Practices
Clint Edmonson
 
PDF
Internal security on an ids based on agents
csandit
 
PDF
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
IJNSA Journal
 
PDF
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 
Hqs abatis hdf general overview
Nine23Ltd
 
IRJET- Document Management System, Open Source and Secure
IRJET Journal
 
LogChaos: Challenges and Opportunities of Security Log Standardization
Anton Chuvakin
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
OWASP
 
Security Best Practices
Clint Edmonson
 
Internal security on an ids based on agents
csandit
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
IJNSA Journal
 
Arved sandstrom - the rotwithin - atlseccon2011
Atlantic Security Conference
 

What's hot (13)

PPTX
Security best practices
AVEVA
 
PPT
Security Architecture
amiable_indian
 
PDF
Cissp cbk final_exam-answers_v5.5
madunix
 
PDF
Cc4201519521
IJERA Editor
 
PPTX
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Eric Vanderburg
 
PDF
Slide Deck CISSP Class Session 4
FRSecure
 
PDF
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
iotcloudserve_tein
 
PDF
It kamus virus security glossary
Fathoni Mahardika II
 
PDF
SECURE DESCARTES: A SECURITY EXTENSION TO DESCARTES SPECIFICATION LANGUAGE
ijseajournal
 
PPT
3. security architecture and models
7wounders
 
PPT
Mobile application security and threat modeling
Shantanu Mitra
 
PPS
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
PPT
Chapter 14 - Protection
Wayne Jones Jnr
 
Security best practices
AVEVA
 
Security Architecture
amiable_indian
 
Cissp cbk final_exam-answers_v5.5
madunix
 
Cc4201519521
IJERA Editor
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Eric Vanderburg
 
Slide Deck CISSP Class Session 4
FRSecure
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
iotcloudserve_tein
 
It kamus virus security glossary
Fathoni Mahardika II
 
SECURE DESCARTES: A SECURITY EXTENSION TO DESCARTES SPECIFICATION LANGUAGE
ijseajournal
 
3. security architecture and models
7wounders
 
Mobile application security and threat modeling
Shantanu Mitra
 
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Chapter 14 - Protection
Wayne Jones Jnr
 
Ad

Similar to SOFTCAMP SHIELDEX INTRODUCTION (20)

PDF
SOFTCAMP SHIELDEX AD
Softcamp Co., Ltd.
 
PDF
Glasswall - Safety and Integrity Through Trusted Files
Dinis Cruz
 
PDF
[SEG] SHIELDEX Email Gateway
Softcamp Co., Ltd.
 
PPTX
Platform Security IRL: Busting Buzzwords & Building Better
Equal Experts
 
PPTX
Stage 1 Tradecraft
matt806068
 
PDF
Clou doc intro_eng_20160524
sang yoo
 
PPTX
DG_Architecture_Training.pptx
TranVu383073
 
DOC
documentation for identity based secure distrbuted data storage schemes
Sahithi Naraparaju
 
PPTX
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Mobodexter
 
DOC
Srs document for identity based secure distributed data storage schemes
Sahithi Naraparaju
 
PDF
odix introduction ransomware prevention in WFH reality 2020
odix (ODI LTD)
 
PPTX
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
PDF
How can a successful SOC2-compliant ISMS be built without power, money and a...
Vsevolod Shabad
 
DOC
Lab 10
Harouna Pame
 
DOC
Murali_CV
Muralikrishna Naladala
 
PPSX
Expanded ten reasons to deploy data express final
DataExpress
 
PPSX
Expanded ten reasons to deploy data express final
DataExpress
 
PDF
Certificate bypass: Hiding and executing malware from a digitally signed exec...
Priyanka Aash
 
PDF
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
Tom Nipravsky
 
DOCX
What You Need to Know About Embedded Software Development Company.docx
AdequateInfosoft1
 
SOFTCAMP SHIELDEX AD
Softcamp Co., Ltd.
 
Glasswall - Safety and Integrity Through Trusted Files
Dinis Cruz
 
[SEG] SHIELDEX Email Gateway
Softcamp Co., Ltd.
 
Platform Security IRL: Busting Buzzwords & Building Better
Equal Experts
 
Stage 1 Tradecraft
matt806068
 
Clou doc intro_eng_20160524
sang yoo
 
DG_Architecture_Training.pptx
TranVu383073
 
documentation for identity based secure distrbuted data storage schemes
Sahithi Naraparaju
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Mobodexter
 
Srs document for identity based secure distributed data storage schemes
Sahithi Naraparaju
 
odix introduction ransomware prevention in WFH reality 2020
odix (ODI LTD)
 
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
Vsevolod Shabad
 
Lab 10
Harouna Pame
 
Murali_CV
Muralikrishna Naladala
 
Expanded ten reasons to deploy data express final
DataExpress
 
Expanded ten reasons to deploy data express final
DataExpress
 
Certificate bypass: Hiding and executing malware from a digitally signed exec...
Priyanka Aash
 
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
Tom Nipravsky
 
What You Need to Know About Embedded Software Development Company.docx
AdequateInfosoft1
 
Ad

More from Softcamp Co., Ltd. (20)

PDF
SHIELD@Homeㅣテレワークソリューション
Softcamp Co., Ltd.
 
PDF
SHIELDEX GateXcanner
Softcamp Co., Ltd.
 
PDF
SHIELDEX GateXcanner
Softcamp Co., Ltd.
 
PDF
SHIELD@Home (실드앳홈)ㅣ재택근무솔루션ㅣ소프트캠프
Softcamp Co., Ltd.
 
PDF
SHIELD@Homeㅣ재택근무를 위한 원격접속솔루션ㅣ소프트캠프
Softcamp Co., Ltd.
 
PDF
SHIELDEX GateXcanner
Softcamp Co., Ltd.
 
PDF
SHIELDEX EnCrypto
Softcamp Co., Ltd.
 
PDF
CDR/Shieldex Kiosk
Softcamp Co., Ltd.
 
PDF
Threat management, Ex-Scan
Softcamp Co., Ltd.
 
PDF
CDR/Incoming File Control, SOFTCAMP SHIELDEX_ENG
Softcamp Co., Ltd.
 
PDF
SHIELDEX - CDR/Incoming File Control, SOFTCAMP
Softcamp Co., Ltd.
 
PDF
Document Centralization, SOFTCAMP MAXEON FX_ENG
Softcamp Co., Ltd.
 
PDF
MAXEON - Document Centralization, SOFTCAMP
Softcamp Co., Ltd.
 
PDF
Virtual Domains Software, SOFTCAMP S-Work FX_ENG
Softcamp Co., Ltd.
 
PDF
S-Work - Virtual Domains Software, SOFTCAMP
Softcamp Co., Ltd.
 
PDF
Document DRM, SOFTCAMP Document Security_ENG
Softcamp Co., Ltd.
 
PDF
Document Security - Document DRM, SOFTCAMP
Softcamp Co., Ltd.
 
PPTX
Softcamp Company Introduction_ENG
Softcamp Co., Ltd.
 
PPTX
소프트캠프 회사소개서 - Softcamp Company Introduction
Softcamp Co., Ltd.
 
PDF
SOFTCAMP SHIELDEX SaniTrans Mail
Softcamp Co., Ltd.
 
SHIELD@Homeㅣテレワークソリューション
Softcamp Co., Ltd.
 
SHIELDEX GateXcanner
Softcamp Co., Ltd.
 
SHIELDEX GateXcanner
Softcamp Co., Ltd.
 
SHIELD@Home (실드앳홈)ㅣ재택근무솔루션ㅣ소프트캠프
Softcamp Co., Ltd.
 
SHIELD@Homeㅣ재택근무를 위한 원격접속솔루션ㅣ소프트캠프
Softcamp Co., Ltd.
 
SHIELDEX GateXcanner
Softcamp Co., Ltd.
 
SHIELDEX EnCrypto
Softcamp Co., Ltd.
 
CDR/Shieldex Kiosk
Softcamp Co., Ltd.
 
Threat management, Ex-Scan
Softcamp Co., Ltd.
 
CDR/Incoming File Control, SOFTCAMP SHIELDEX_ENG
Softcamp Co., Ltd.
 
SHIELDEX - CDR/Incoming File Control, SOFTCAMP
Softcamp Co., Ltd.
 
Document Centralization, SOFTCAMP MAXEON FX_ENG
Softcamp Co., Ltd.
 
MAXEON - Document Centralization, SOFTCAMP
Softcamp Co., Ltd.
 
Virtual Domains Software, SOFTCAMP S-Work FX_ENG
Softcamp Co., Ltd.
 
S-Work - Virtual Domains Software, SOFTCAMP
Softcamp Co., Ltd.
 
Document DRM, SOFTCAMP Document Security_ENG
Softcamp Co., Ltd.
 
Document Security - Document DRM, SOFTCAMP
Softcamp Co., Ltd.
 
Softcamp Company Introduction_ENG
Softcamp Co., Ltd.
 
소프트캠프 회사소개서 - Softcamp Company Introduction
Softcamp Co., Ltd.
 
SOFTCAMP SHIELDEX SaniTrans Mail
Softcamp Co., Ltd.
 

Recently uploaded (20)

PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
A Presentation on Touch Screen Technology
memembruh336
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 

SOFTCAMP SHIELDEX INTRODUCTION

  • 2. Contents 1. Brief APT 3. Solution Overview 2. Business Challenge 5. SHIELDEX Case 4. SHIELDEX Products 6. Customer Benefits
  • 3. © SOFTCAMP Co., LTD. All rights reserved. ┃APT (Advanced Persistent Threat) ? SHIELDEX 1. Brief APT 3 Exterior Enterprise Interior Enterprise 1 2 Information leakage Incursion through Web Incursion through External devices Reconnaissance Attack & Infection Extraction (C&C Connection)4 3 5 Targeted PC Exploit Trigger Setting target & gathering information  APT(Advanced Persistent Threat) is an attack that thoroughly inspects and plans in advance in order to destroy the defense mechanism of an organization such as security technology, process, and user’s security awareness.  The APT attack is characterized by secretive and intelligent attacks over a long period of time on certain targets such as government or company and if an attack is not only highly intelligent and precise but also is secretively engaged on a certain target with consistency, it may be categorized as APT.  APT penetrates into an internal PC or server and conducts monitoring for a long period of time and modifies or replaces malicious code continuously in order to evade the high tech security detection techniques, making it difficult for security solution to analyze the pattern.
  • 4. © SOFTCAMP Co., LTD. All rights reserved. ┃Can we prepare for APT attacks based on the existing security solution method? SHIELDEX 1. Brief APT 4  Countermeasures against APT have to be done using a method that is different from the existing method and the existing analysis method has the follow ing restrictions.  The Signature, Pattern Matching method can only defend known malicious codes and the Dynamic Analysis method that uses Heuristic and Sandbox requ ires a lot of investment but has a high wrong detection rate and is vulnerable to Zero-Day Exploit, Time bomb, Bypassing Sandbox and others. Static Analysis Comparison/ detection • Method that saves the malicious code’s pattern and file information in DB then compares and inspects • When an unknown malicious code that has not been updated in the DB enters, detection fails and is defenseless until the DB on the new malicious code is updated Signature /Pattern Database Dynamic Analysis Executed in Virtual environment VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 • Several Virtual environments similar to the Client environment are created and file is directly executed for detection • Environment that is perfectly equal to the Client’s cannot be created and it is impossible to detect malicious codes with time setting and VM environment detection [Operation structure]  Uses the application vulnerability that views documents  Uses the inserted shell-code to execute malicious code when viewing documents  Attack applied with Zero-Day Exploit, Time bombs virus, Bypassing Sandbox method etc… Application vulnerability Shellcode Embedded binary code (executable malware) Document disguised as work file (Decoy)
  • 5. © SOFTCAMP Co., LTD. All rights reserved. ┃Against APT SHIELDEX 2. Business Challenge 5  Need to change the countermeasure method against external attack threats (Gartner.2017.02, , JAPAN Government IT Compliance .2016.06)  The existing APT response method is in a dilemma. Instead of relying on the behavior analysis method using the sandbox, companies should try new idea technology to disarm and reconstruct the contents (CDR). Unlike malware analysis , CDR technology does not determine or detect malware's functionality but removes all file components that are not approved within the system's definitions and policies. Because CDR removes all potentially malicious code, it can be effective against zero-day vulnerabilities th at rely on being an unknown threat that other security technologies would need to patch against to maint ain protection. CDR ( Content Disarm & Reconstruction ) Create maliciouscodes
  • 6. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Engine - SaniTrans™ SHIELDEX 2. Business Challenge 6  SHIELDEX™ uses the Contents Structure Analysis method that is differentiated from the existing malicious code detection method, extracting only visible contents within documents to re-create the document. It is a solution that fundamentally eliminates space within the document file where malicious code can be inserted. <Structure of pptx file> • Checks the structure of document file and inspects the contents within the document file • Only safe contents that are compulsory for delivering information such as Chart, SlideLayout, Slidemaster, BodyText and others inside the document file are extracted to re-create document • Optimized to malicious code in document file format that is recently on the rise Only clean documents are allowed in 1. Format Verification 2. Structure Analysis 3. Component Extraction 4. Re-Construction Verification CDR Processing flow
  • 7. © SOFTCAMP Co., LTD. All rights reserved. ┃JAPAN IT Compliance SHIELDEX 2. Business Challenge 7 Security reinforcement guideline of Japanese Ministry of Internal Affairs and Communications (2017.10)  The Japanese government confirmed and choose the CDR (Content Disarm & Reconstruction) method for effective in responding to APT.  Each local government in Japan has to ensure that incoming documents into the internal network has to undergo sanitization along with network separation. CDR trial project was completed(2017.03)  Local governments will be obligated to apply for the first time, and then proceed to education and government agencies. 1. Backdoor 드롭 Macro 삽입 2. 정상/악성 매크로 체크 3. 악성 매크로 제거 IT guideline in Japanese Ministry of Internal Affairs • Network separation is compulsory in order to reinforce the information security of local governments • “Sanitization” is required for incoming external files into the internal network • File sanitization is impossible with the existing vaccine or APT countermeasure solution • SHIELDEX is one of the solutions capable of using sanitization technology to disarm files 1. Backdoor 드롭 Macro 삽입 2. 정상/악성 매크로 체크 3. 악성 매크로 제거 Security measures of internal network • There are various paths for incoming external files and with the existing solution, security with regard to various paths is impossible • SHIELDEX provides various options for sanitization process with regard to files that have entered through USB/Mail/Internet network
  • 8. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Solution Concept SHIELDEX 3. Solution Overview 8  SHIELDEX™ only permits safe documents internally by undergoing file structure scan and sanitize document on CDR (Content Disarm & Reconstruction) process with regard to incoming external files. Scans file structure File Scan CDR Logging SHIELD against External file threats Stage 1 Stage 2 Stage 3  Stage 1: Scans the document file structure and detects suspicious components that have a structure different from the standard of documents.  Stage 2: CDR technology is applied to eliminate the suspicious areas in the structure and to reconstruct a safe document file.  Stage 3: Provides various CDR processed information based on the hash value of original file. Logging & Reporting Content Disarm & Reconstru ction
  • 9. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX CDR Engine SHIELDEX 3. Solution Overview 9  SHIELDEX CDR Engine, which is the core of sanitization solution, interlinks with the work system of the path for external incoming through network separation environment of a company, external mail, portable devices and others then delivers sanitized and safe files to the internal system.  Technology that only extracts Visible Contents (text, images etc.) and re- constructs them into a safe document  Eliminates hidden attachments included in the document • Compatible extensions: doc(x)/ppt(x)/xls(x)/csv/pdf/hwp/txt/ and others • Compressed files: zip/lzh • Malicious document : Is converted into a normal document and the conversion eliminates macro/VC code and others included • Decoy document file : Document-type of malicious code that is disguised using the visible icon and the file name is fundamentally prevented CDR (Content Disarm & Reconstruction Technology) Data transmission server User PC CDR • Provides the incoming control function with regard to documents such as MS Office, PDF and others. • Other than MS Office, PDF and others, only pure text documents and image documents are permitted in.
  • 10. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX System Layout SHIELDEX 3. Solution Overview 10 Provides an all-in-one solution with a CDR engine in the main path to the inside  Full Package for SHIELDEX : SCI Server , Client , Console , Logging Server.  Network Appliance: SHIELDEX SaniTrans Net, SHIELDEX SaniTrans Mail, SHIELDEX FTMS(Include AD-FTMS) Internet Mail Server Transfer Data on Cross Network Data Transfer Server External Network External User PC SHILEDEX SaniTrans Mail Security Administrator SHILEDEX SaniTrans Net CDR Download Logging Server Removable Disk Device User PC SHILEDEX Client Incoming document Path CDR & Safe Contents Firewall CDR Logging SCI Server SHILEDEX Console SHILEDEX SFTMS SHILEDEX FTMS IEEE1394 CDR Logging CDR CDR CDR
  • 11. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Major Functions SHIELDEX 3. Solution Overview 11  SHIELDEX only allows safe documents that have undergone Local PC Access Prohibition – Document Structure Scan – Sanitization (Content Disarm & Reconstruction) process with regard to external incoming documents. V-Room Sanitization Logging Work V-Room Explorer  Prevents the use and access of Windows Explorer  Prevents USB AutoRun  Re-construction document/image file contents (Files within compressed file and sanitization process)  Prevents files suspicious of malicious act from coming in Document sanitization, CDR (Contents Disarmed Reconstruction) Reporting & Logging System Setting  Information of incoming file and logging of sanitization result  Prevents inflow of certain files Supports IEEE 1394 Work
  • 12. © SOFTCAMP Co., LTD. All rights reserved. ┃CDR Functions SHIELDEX 3. Solution Overview 12  Document Content Disarm & Reconstruction Engine checks and eliminates suspicious contents such as Macro, Scripts, Embedded Objects and others.  The remaining part of the document with Macro, Scripts, Embedded Objects eliminated can be used normally. Function of eliminating suspicious contents Function of eliminating Malicious macro Function of eliminating ActiveX Scripts Function of eliminating Embedded Objects 1. Inserts Backdoor drop Macro 2. Checks normal/malicious macro 3. Eliminates malicious macro 1. Inserts Backdoor drop Active X 2. Checks suspicious ActiveX Scripts 3. Eliminates ActiveX Scripts 1. Inserts buffer overflow executing objects 2. Checks suspicious Objects 3. Eliminates Objects
  • 13. © SOFTCAMP Co., LTD. All rights reserved. ┃Management Functions SHIELDEX 3. Solution Overview 13  Provides statistics on the current status of incoming per incoming type, number of user/file accumulation cases and others in the admin control  Sets policy per user department and provides logging on incoming external files Statistics on incoming external files Management of service status
  • 14. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX Support SHIELDEX 3. Solution Overview 14 Type Compatible extensions Connecting Program Remark Document file Microsoft Word (*.doc, *.docx, *.docm, *.rtf) Microsoft PowerPoint (*.ppt, *.pptx, *. pptm) Microsoft Excel (*.xls, *.xlsx, *.xlsm, *.csv) Adobe PDF (*.pdf) Hancom Soft Hangul (*.hwp, *.Hwt) Text (*.txt) Image file Image Format (*.jpg, *.jpeg, *.gif, *.tif, *.tiff, *.bmp, *.png, *.ico) Compressed file (*.zip, *.lzh) Compression program installed in PC Mail format Msg, Eml Supports sanitization of attachments except for body text CAD format AutoCAD(*.dwg, *.dxf)  Extensions that support the sanitization of SHIELDEX Contents Disarm and Reconstruction Engine are as below.
  • 15. © SOFTCAMP Co., LTD. All rights reserved. ┃Compare Solution SHIELDEX 3. Solution Overview 15 SHIELDEX VOTIRO Main func tions  Source defense against threats of external inflow files other than analysis / detection methods  only extracts Visible Contents (text, images etc.) and reconstructs them into a safe document  Idea of product: Controls all possible paths of documents coming in and sanitizes threat (Controls incoming channel-USB, email, data transmission between network paths)  Additional virus engine can be connected.  Performs a CDR process on the server, only imports clean files.  At the same time, the body of the message and the attachment are sanitized, and the body of the message and the attachment are forwarded to the recipient  Same concept  Change the data to fit the standard format in which the document is created (document changes are significant)  Idea of product : Only provides CDR engine  Concurrently running the online virus engine to detect known threats(slowing down)  After sanitization process at the server device, only safe file is delivered to the user’s folder  When e-mail system integration, message body only delivered to user’s inbox Manage ment scope  Provided as Appliance equipment or API, Cloud Service  Same Pros  It consists of all-in-one system that does not require interworking including mail engine and network connection module  Line-up with various pack products such as client, mail, data transmission system between network and others  Stores original file prior to sanitization (deleted by schedule)  Supports the incoming of original with regard to the file detected as normal  Sale of CDR engine and API only, Separate product is needed when linking with email system  Preemption of initial market in CDR, Gain many partners  Japan's Ministry of Internal Affairs and Communications Recommended Products  Service to 47 prefectures through interworking with cloud system Cons  Restrictive compressed file formats  Doesn’t support the sanitization of email body text in HTML/XML format  Japanese Unicode Error  All-in-one SHIELDEX products that do not require interlocking with other products also have superior technology compatibility and price competitiveness.
  • 16. © SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Mail SHIELDEX 4. SHIELDEX Products 16 Sanitization of mail text ああああ Sanitization of attachment Reconstructed into safe attachment Reconstructed into HTML text Incoming Mail Clean Mail  SaniTrans Mail, as a All-In-One product equipped with document sanitization engine and Mail’s SMTP function, uses CDR technology to inspect the attachment of the email and to reconstruct  As for the compressed file, compatible format within the compressed file is checked and after sanitization, it is re-compressed then delivered to the user.  Amount of spam mail sent and APT attack route  More than 66% of emails being sent in the world and half of the emails being sent domestically are spam mail.  APT attacks through the email is approximately 8 times higher than web and takes up 87% of the entire APT attack route. (Source: Palo alto Networks)  Checks whether script is included within the text and removes  Image sanitization process within text, replacement of text, linked image is downloaded and reconstructed then directly attached to the email Mail text and attachment reconstructed into Clean Contents after sanitization
  • 17. © SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Mail SHIELDEX 4. SHIELDEX Products 17 As-is To-be  SaniTrans Mail’s sanitization process Mail Receiver Mail Sender Anti-spam Server FirewallRouter Mail Server (POP3, IMAP) Unknown malware Receive Mail SHIELDEX SaniTrans Mail Mail Receiver Mail Sender Anti-spam Server FirewallRouter Mail Server (POP3, IMAP) Receive Mail SMTP Relay General Mail System SHIELDEX SaniTrans Mail System • Anti-spam solution and vaccine only prevents known malicious codes and increases threat • New malicious code has been designed to avoid Anti-spam solution and vaccine • Malicious code inserted into the main’s text and attachment destroys the internal system • Only allows safe mail through reconstruction of mail’s text and attachment • Powerful countermeasure against malicious code evading Anti-spam solution and vaccine in SaniTrans Mail server • Establishes sanitization system capable of responding to malicious code inserted in the mail text and attachment  Inspects Vaccine  Prevents spam mail
  • 18. © SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Net SHIELDEX 4. SHIELDEX Products 18 User PC (External network) Transmission server (InternalWAS) User PC (Internal network) Internet Local-Network External network upload Internal network download HTTP communication HTTP communication HR information connection IEEE1394 Serial Cable  SaniTrans Net connects with data transmission system between networks in a company’s network separation environment, receives file from the data transmission system between network then delivers sanitized and safe file to the data transmission system between networks.  It is comprised of an All-in-One product equipped with Internal network connection module (FTMS) for interlinking separated networks in SaniTrans FTMS, SaniTrans Net environment and it safely sanitizes incoming files through the file transmission system.  Can be linked to incoming document approval system, in case of incoming document, admin’s approval is required.  File transmission system between network (FTMS), Does not use FireWire communication (IEEE 1394 / safety protocol), TCP / IP communication so Internet’s separation status is maintained
  • 19. © SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ Net SHIELDEX 4. SHIELDEX Products 19 As-is 그림 As-is To-be User PC (Internet network) Data transmission server between network (External WAS) 1. File uploaded Data transmission server between network (Internal WAS) User PC (Internal network) 2. Receives and saves file 3. Vaccine inspection File Storage 4. Sends file to internal network Internet network Work network 5. User, file download User PC (Internet network) SHIELDEX sanitization server 1. File uploaded 연동Interface User PC (Internal network) 2. Receives and saves file 3. Vaccine inspection 4.Sends full text of file and sanitization request 5. Isolates and saves files that have been prevented from sanitization (Isolation) File Storage Isolation 7. Sends file to internal network 6. Sends full text of sanitized file and sanitization result 8. User, file download Malicious file isolated File flow New equipment and N/W connection Existing equipment and N/W connection General file Sanitized file Malicious file │ Key Log flow General network-connection environment SHIELDEX Sanitrans network-connection environment • Security vulnerability with the application of network connection system even in network separation environment • Countermeasure against target- type and intelligent type of attacks impossible in advance with the existing vaccine inspection only • Threat of destruction of internal system through malicious file downloaded through network connection • Files coming in through network connection is reconstructed into a safe file • Reinforces system capable of preparing in advance with regard to malicious code instead of post countermeasures such as vaccine and monitoring tools • Establishes a continuous and effective system with regard to incoming external files even in network connection environment Data transmission server between network (External WAS) Data transmission server between network (Internal WAS) Internet network Work network
  • 20. © SOFTCAMP Co., LTD. All rights reserved. ┃SaniTrans™ FTMS SHIELDEX 4. SHIELDEX Products 20 As-is 그림 As-is To-be User PC (Internet network) User PC (Internal network) File Storage 5. User, file download General network-connection environment • Security vulnerability with the application of network connection system even in network separation environment • Countermeasure against target- type and intelligent type of attacks impossible in advance with the existing vaccine inspection only • Threat of destruction of internal system through malicious file downloaded through network connection • Protects the internal environment from TCP/IP vulnerability by using FireWire communication • Only allows safe documents in through Stage 1’s document sanitization, Stage 2’s payment method • Effects for introducing network separation system through Firewire communication can be enjoyed User PC (External network) File transmission server (Internal WAS) User PC (Internal network) File transmission server (External WAS) HTTP communication HTTP communication FireWire communication (IEEE 1394 / safety protocol) Does not use TCP / IP communication so the Internet’s separation status is maintained SHIELDEX FTMS network separation environment Shared folder on network ( IN Folder ) Shared folder on network ( OUT Folder ) Data transmission server between network (External WAS) 1. File uploaded 2. Receives and saves file 3. Vaccine inspection 4. Sends file to internal network Data transmission server between network (Internal WAS) File flow New equipment and N/W connection Existing equipment and N/W connection General file Sanitized file Malicious file │ Key Log flow Internet network Work network Internet network Work network
  • 21. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX™ Client SHIELDEX 4. SHIELDEX Products 21  Portable storage devices such as USB, CD/DVD can be accessed only through V-Room Explorer  Protects the PC from Malware attacks targeting Window AutoRun and USB device plugin User environment – USB isolation Admin environment – Current status of incoming file
  • 22. © SOFTCAMP Co., LTD. All rights reserved. ┃SHIELDEX™ Client SHIELDEX 4. SHIELDEX Products 22 As-is To-be Provides a virtually isolated environment 2. V-Room Explorer connection Prohibits the connection of portable storage device through (Windows Explorer )  Views safe file that has been sanitized  Sanitizes file upon internal incoming  Exposed to attacks targeting document Application vulnerability General Windows Explorer connection Portable storage device is connected to PC 1. Portable storage device is Connected to PC • Vaccine inspection • Device control  Unknown malicious code can come in • Vaccine inspection • Device control • Only executes signature/pattern inspection through vaccine • Newly created malicious codes have been designed to avoid vaccine • Threat of infection by new malicious code • Document/image file Only safe contents are allowed in through contents reconstruction • Powerful response to malicious codes avoiding vaccine and VBA malicious code detection • Establishes sanitization system capable of responding to malicious codes in document format that are current viral
  • 23. © SOFTCAMP Co., LTD. All rights reserved.23 │ SHIELDEX Success Case 5. SHIELDEX Case SHIELEDEX Module Name Type Functions Reference Present state SaniTrans Net Engine Document sanitization OO military institute(2 places) OO bank OO provincial office FTMS Engine, IEEE cable & I/F Sanitization of file transmission (IEEE1394 c onnection, approved incoming) OO city hall (Japan) OO city hall(Japan) Applied to 7 local governments in the first half of 2017 FTMS (simplification) Appliance Transmission of monitored file in network folder cloud center for city hall(Japan) Expected to be applied to 20 local governments in the second half of 2017 SaniTrans Mail Appliance Sanitization of mail text and attachment OO press (Japan) National policy executing corporate (Japan) OO city hall(7 places, Japan) Targets 50 services in 2017 with OO cloud service Module Name Type Functions Reference Present state Client Client Agent Virtualized isolation (V-Room for Device / Browser) Sanitization of incoming file OO bank OO provincial office V-Room for Device Client Agent USB (USB, portable disk, CD) Isolation and sanitization OO bank OO provincial office V-Room for Browser Client Agent Isolation and sanitization of documents downloaded in browser OO provincial office Server Side Appliance Type Client Side Agent Type  In Korea, key military institutes, banks and government institutes use SHIELDEX and it is serviced in 10 local governments in Japan. Introduction and consultation for local governments and Japan and conglomerates are increasing.
  • 24. © SOFTCAMP Co., LTD. All rights reserved. ┃Effects of applying SHIELDEX (1/2) SHIELDEX 5. SHIELDEX Case 24  Establishment of sanitization system was necessary as the network separation environment and existing signature/analysis of action based APT security solution wasn’t enough to protect the advanced and intelligent threats of files incoming in from outside. Establish [preemptive response system] with regard to advanced, intelligent and ever-changing cyber threats Establishment [Management system on current status of incoming external file] capable of managing/controlling the incoming external file and current status of prevention per system and per organization Background Purpose Control over Incoming External file Control over Current status Of incoming External file • Manage/control current status of incoming external file, maintenance of monitoring system • List current status of incoming external file per group/user and insufficient control and management system • Analyzes actual condition of incoming through current status of prevention per file and maintenance of analysis/control system with regard to prevented file • Increase in cases of propagation and infection of malicious codes evading patter analysis method S/W (vaccine) • Urgent need to prepare for fundamental countermeasures against advanced and intelligent cyber attacks • Increase in changing cyber threats Establishment of contents sanitization system
  • 25. © SOFTCAMP Co., LTD. All rights reserved. ┃Effects of applying SHIELDEX (2/2) SHIELDEX 5. SHIELDEX Case 25  Effect of fundamental prevention against advanced and intelligent cyber threats by establishing a preemptive system capable of sanitizing files coming into the institute or of preventing and controlling the incoming of hazardous files through the application of SHIELDEX sanitization engine in a network separation environment Institute A Expected effects AS-IS • Insufficient control system with regard to incoming external file during work in network separation environment • Absence of a system that fundamentally prevents incoming of hazardous file Control/saniti zation of incoming external file Management of current status of incoming external file Control range • Isolation/disposal of hazardous file by identified pattern of vaccine S/W  Post countermeasure • Absence of current status of incoming external file and management system • Absence of identification system for incoming external file TO-BE • Suppresses propagation and infection by sanitizing documents infected with malicious code • Fundamentally prevents/isolates the incoming of fake/falsified extension, failed sanitization (file suspicious of malicious code) • After removing the malicious code within the file, action can be taken in advance with reconstruction of contents • Analyze and monitor current status of incoming external file in real-time • List and view statistics on the current status of incoming external file per institute/per organization/per user Path of incoming external file Benefit Institute B
  • 26. © SOFTCAMP Co., LTD. All rights reserved. ┃Customer Benefits SHIELDEX 6. Customer Benefits 26  SHIELDEX fundamentally prevents malicious files coming in from external incoming paths, protecting the system resources, minimizing the possibility of unknown threats and guaranteeing the work continuity and establishment of a safe internal environment. Eliminates threat Controls incoming file in an area isolated from internal environment Reinforces security with regard to file distribution in actual environment by managing the logging with regard to incoming file Reinforce work cooperation in a safe environment by identifying and preventing incoming external files Complements the restrictions of the existing security method • Post countermeasures through existing pattern analysis cannot effectively respond to new malicious codes • Need to manage incoming external files even in network separation environment Minimizes the security threat by eliminating threats per step • Establish permanent sanitization system that progressively eliminates/monitors threats with regard to external files coming in from various paths • Prevents risk that may cause crisis in advance and upon detecting threat, actively establishes a response system Isolates incoming file Step 1 Fundamental prevention of malicious file Step 2 Logging management of incoming file Step 3 Controls malicious file through document analysis and document reconstruction technology
  • 27. SOFTCAMP Co., LTD. http://www.softcamp.net/ T. +82-31-697-4502 M. gm@softcamp.co.kr 3F, Elentec BD., 17, Pangyo-ro 228 beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, 13487, KOREA The information herein is for informational purposes only and represents the current view of SOFTCAMP Co,. LTD. as of the date of this presentation. Because SOFTCAMP must respond to changing market conditions, it should not be interpreted to be a c ommitment on the part of SOFTCAMP, and SOFTCAMP cannot guarantee the accuracy of any information provided after the date of this presentation. ⓒ 1999-2017 SOFTCAMP Co., LTD. All rights reserved. No part of this work covered by the copyright hereon may be reproduced or used in any form or by any means -- graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems -- without written permission of SOFTCAMP Co., LTD., SoftCamp, the traditional SoftCamp Logo, “SoftCamp Co., Ltd.”,“Document Security”,“S-Work,” “MaxeOn”,“S-Work for Storage”,“SHIELDEX”,“Secure Workplace,” and “Secure Keystroke” are trademarks of SOFTCAMP Co., LTD. All other trademarks mentioned herein are the property of their owners. Printed in the Republic of Korea. SOFTCAMP Patent No. : KR1429131, KR1500512, KR1446326, KR1299051, KR1227187, KR1113820, KR1098250, KR1016615, KR0909891, KR0949790, KR0943318, KR0879808, KR0843701, KR0589529, KR0549647, KR0549646, KR0702512, KR0589541, KR0549645, KR0639828, KR0596135, KR0318015, US 6226645, US 7840750, US 8402269, US 8340290, US 8452740, CN 746748, CN 1298920, CN 1444528, JP 4717058, JP 5048784, JP 5032663, JP 5224555