Israeli security company, Perception Point, has released anti-malware protection for shared storage drives.
Called Advanced Shared Drive Security, it is targeted at users of OneDrive, Google Drive, Box, Dropbox and SharePoint. The goal is to detect infected files before they are stored inside shared drives and then replicated to users.
Yoram Salinger, CEO of Perception Point said: “Shared drives can be highly effective malware distribution platforms. Files and URLs shared in these channels are not being sufficiently scanned for malicious content, and intrusions can easily occur when users interact with third-parties on unmanaged endpoints or via insider threats.
“Our company has recognized this growing threat and has developed a platform that keeps our customers secure by ensuring that the content inside these collaborative channels is safe and clean at all times.”
How does it work?
Advanced Shared Drive Security is based on the same technology that Perception Point uses for its Advanced Email Security solution. It is a mix of both hardware and software. Perception Point calls it a hardware-assisted-platform (HAP). By using the same technology, it will integrate smoothly into existing customers sites.
The hardware support comes from the CPU. Perception Point is using Intel PT (Processor Trace) technology to track how a piece of code executes. This allows it to see what the malware is doing, even when actual code has been obfuscated.
The software elements consist of several scanning engines, the ability to unpack applications and threat intelligence. All of this is updated constantly to ensure that there are no gaps where a zero-day attack could get through. Of course, there are no absolutes in cyber security but Perception Point thinks it has today’s hackers covered off.
In addition to the hardware and software mix, the user can set a wide range of policies and other controls.
The solution has two modes of operation:
- Run-time scan and detection of all files uploaded to the shared drives.
- Pre-scan (“hygiene”) and detection of all historical files.
For both modes, it is possible to define the following policies:
- Scan Policy. Ability to limit the scan to specific folders, user groups, file extensions and dates.
- Quarantine Policy. Ability to define what to do with the malicious files found. Forensics of all file scans using the same tools used for email are provided.
Who is it aimed at?
Solutions this comprehensive are generally aimed at the enterprise market. They often require their own administrator to monitor them and integrate the tools such as SIEM.
Perception Point say that this is not just an enterprise offering. They told Enterprise Times: “Thanks to the holistic approach, easy installation, and automated detection, it is ideal for small and medium enterprises as well.”
To use it, Perception Point say: “Connecting to the organization’s drive is seamless and takes less than 5 minutes. After logging into Perception Point’s web-based viewer, an admin simply needs to click ‘Enable’ to instantly integrate with the selected drive. This opens a page with instructions on settings you need to enable on your shared drive application, and after clicking ‘Authorize’ it’s all set up.”
What does it cost?
The cost per seat looks quite reasonable to begin with. Perception Point said: “The Shared Drives security is offered at $3-$6 per user per month, with plans tiered for different organizational sizes and number of applications being protected. For an additional one-time fee, clients can sanitize the entire drive at set up to ensure existing files are clean.”
The software runs on multiple operating systems but the advanced memory protection is only available on Windows machines. But how much will it cost?
If you are an enterprise, it will be all about discounts. For smaller companies the costs are quite reasonable. Look at this scenario:
- 10 users
- Box, Dropbox, OneDrive and Google Drive used by everyone.
- All users have a desktop, laptop, tablet and phone running a mix of Windows, MacOS, iOS and Android.
Add that up and it is 16 touchpoints per user. However, the maximum the company will pay is $6 per user or $60 per month. This is because the pricing is not about the number of machines in use. In fact, it works out even better as for that $6, it would also include email protection. This means that there is money left to pay for other security solutions.
What does this mean?
Perception Point has quickly built itself a good reputation for reliability. Its existing solutions use both hardware and software which gives them a different view on malicious code. To date, they have managed to deal with all attacks against their clients.
This latest solution deals with what it perceives to be a weakness. That’s not quite how many IT teams see it. They already use scanning software when files are synchronised between cloud and device. What they don’t have is the HAP that Perception Point has developed.
What is not clear is whether Perception Point believes people need other solutions including those from the company itself. If this replaces everything a company has in terms of endpoint protection, it becomes an attractive option. If not, it could be too expensive for SMEs.
Setting that aside, anything that takes away the risk of a file replicating from one company into another via a cloud service has to be welcomed. The question is, will any of the big cloud storage/enterprise collaboration platforms OEM this?