Safely Dealing with Files

Bruce McCorkendale

Introducing Pangea File Scan

Have you ever been working on an app that accepts file uploads? What does your app do with those files? Where do those files come from? Where do they go? Who handles those files, and what do they do with them? Is it safe? What is the risk? Do you worry about these things? You should. But what can you do? I’ll tell you what you can do: Pass those suckers through the Pangea File Scan service!

The File Scan service from Pangea puts world-class malware scanning capabilities at your fingertips. Whenever you are handling a file, there is always a chance that it is dangerous. Use File Scan to protect everyone and everything in your app’s supply chain by using the best tools available.

File Scan and Security Platform as a Service

So what exactly is File Scan? Imagine the protection you get from your desktop anti-malware software every time a file touches your computer. The File Scan service gives your app the ability to apply that same industry-leading malware scanning in your app, in a single API, for every file that enters your app’s ecosystem. The File Scan service is a perfect example of the Security Platform as a Service (SPaaS) model that Pangea has pioneered; before Pangea, if you wanted to incorporate malware scanning into your app, you would have to choose a malware scanning vendor, negotiate a license, arrange payment terms, understand and adapt to their service delivery mechanism (SDK? Cloud Service? Appliance?), and incorporate it into your app. Pangea manages the relationships with the malware scanning providers, gives you a choice of providers through a single parameter, gives a pay-as-you-go pricing model, and presents a single interface regardless of provider.

Pangea File Scan Providers

Pangea has partnered with CrowdStrike and ReversingLabs to give you a choice of providers when calling File Scan. Both are world-class providers with rich capabilities, and we encourage you to explore their full offerings in depth. Here is an overview of each provider and the benefits they offer to your app.

CrowdStrike

The CrowdStrike File Scan provider implementation is a combination of their reputation scan and their AI-powered Falcon® platform. CrowdStrike’s approach takes full advantage of the CrowdStrike Security Cloud to reduce high-cost false positives and maximize detection efficacy to stop breaches. The CrowdStrike Falcon platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections. CrowdStrike's File Analyzer is purpose-built for accuracy and is trained by CrowdStrike's massive corpus of malware samples to identify both known and zero-day malware. Pangea’s File Scan with CrowdStrike as a provider first checks the CrowdStrike reputation database for the hash of the file; if it is known to be malicious, it will return with that result. If the file is unknown by the reputation database, then the CrowdStrike AI-powered Falcon® platform scanner will take a shot and the File Scan API response will reflect that analysis.

ReversingLabs

The ReversingLabs File Scan provider uses their Cloud Deep Scan File Analysis service to detect malicious content and threats using the ReversingLabs industry-leading static analysis engine integrated with an extensive file reputation source database. The service removes all packing, obfuscation, and protection artifacts from binaries to extract all internal objects with their metadata. The metadata provides critical information, often not available from other tools, for determining the intent and capabilities of the sample. Historical results from 40+ Anti-Virus Vendors combined with dynamic detection yield industry reputation consensus while showing changes over time. Classification is based on ReversingLabs' unique static analysis technology combined with ReversingLabs' world-class goodware and malware repository. Files are classified as goodware, malware, or suspicious with a risk score that indicates the threat level, or they are unknown.

Pangea Enables Consistent Security Patterns

As with virtually all of Pangea’s User, File, Domain, and IP Intelligence APIs, the File Scan API returns a provider-independent, normalized result that includes an easy-to-understand verdict, score, summary, and category. Your code that looks at the response and decides how to react to the verdict and score can be identical across all of these APIs, and that is a powerful demonstration of the Pangea advantage. But wait, there’s more! While you can process all the Intelligence and File Scan API normalized results identically, you choose which of the multiple industry-leading partner providers to use in your API calls (either through the provider parameter to the API, or by setting a default provider in the service’s configuration), and your code can also access the partner provider’s specific details for any of these API calls by specifying raw=true in the call, and then processing the raw_data object nested within the API response.