Single anti-malware engines usually detect up to 91.8 % of cyber threats but some only have 80% or even 40% detection rates — suggesting a multiscanning approach can be needed.
According to Opswat, multiscanning allows users to increase detection rates and still benefit from the strengths of individual engines.
“Multiscanning is one of the key technologies required for a resilient file upload security solution. Multiscanning increases threat detection rates and reduces outbreak detection times, which is key to safely accepting file uploads,” according to the vendor.
Opswat’s conclusion is based on its test of some 10,000 active threats. Using 12 combined engines, Opswat managed to detect 95% of threats. However, the proportion of threats detected rose to 97% when using 16 engines, and 99% with 20 or more individual engines.
“The hashes come from files that have been uploaded to MetaDefender Cloud, and we filter these down to those that have been flagged as malicious by three or more antivirus engines: we do this in order to limit false positives, or incorrect threat detections.
“We did a few internal tests to find the “sweet spot” of the minimum number of engines to detect the threat and determined that three worked best for our data,” the vendor explained. “Opswat MetaDefender can deploy up to 30 engines.”
Opswat offers solutions including MetaDefender Cloud for cloud based advanced threat prevention and malware analysis. An API is available to help malware researchers, incident response teams and tech providers.
“Using our REST API, organisations can easily add cloud-based detection and prevention of cybersecurity threats using deep content disarm and reconstruction (Deep CDR) and multiscanning with more than 20 anti-malware engines,” according to the vendor.
According to Opswat, about 37% of detected malicious file extensions are found hidden in archived files, rather than newly created documents or files.