MultiAV Integration for Malware Detection

Use Case Description

Traditional AV solutions may not be able to detect all of the ever-increasing variants of malware in action at any one time. Additionally, different security software products may specialize in various types of malware identification. To mount a comprehensive defense, an approach that allows for multi-scanning across various engines is essential.

Our Solution

InQuest uses innovative post-processing techniques to monitor live network traffic, enabling our platform to provide insights into even the most creative combinations of obfuscation. InQuest combines its scrutiny of raw network data with proprietary security checks, giving you the ability to integrate it with your existing security infrastructure. Integrations are currently available for a variety of antivirus and sandbox technologies that work in a complementary capacity with InQuest’s platform. This enables multi-engine scanning of all files in-transit on your network for potential security issues.

Most modern anti-malware solutions have limitations when it comes to the detection, inspection, and mitigation of embedded file content. This results from the tendency of malware to be nested in multiple layers of an application, making its detection extremely difficult. InQuest’s platform enables users to create and apply custom static analysis signatures leveraging the same performance and deep analytics benefits as the rest of the platform. This allows for multi-engine scanning using the latest information about emerging malware threats.

In addition to the onboard, multi-scanning that InQuest provides from numerous Threat Discovery Engines, we also have an external integration with OPSWAT’s Advanced Threat Prevention Platform. OPSWAT pioneered the concept of combining the scanning results of multiple antiviruses to produce a more accurate determination of the probability that a given file is malicious. The OPSWAT Metadefender Platform is a hardware appliance that scans a file using over thirty major antivirus engines to maximize the probability that known malware is correctly identified. Integrated antiviruses include AVG, AhnLab, Avira, Bitdefender, ESET, IKARUS, K7, nProtect, and Zillya!.

InQuest systems allow a Metadefender appliance to be seamlessly integrated into the Threat Detection Engine, allowing users to confidently determine if a file entering the network is malicious. Integration requires an administrator providing an API key, IP address, port number, a syslog IP address and port, the API URL, and a timezone offset.