The sandbox helps in cases of suspicious files. However, the sandbox alert indicates suspicious activity for many different files. When we test some files that we download from vendors' official sites for server BIOS upgrades or firmware upgrades on servers, such as files from Dell or HPE, these files are also considered suspicious for many use cases. The sandbox is good only for specific areas. If discussing email, it can be good. However, if discussing large files, the sandbox can indicate suspicious activity in almost every executable file. This causes customers not to believe in the results. They say it is suspicious, but it is fine to them. Even if something is actually suspicious, it does not receive attention because of the many files that should be legitimate but are considered suspicious. Perhaps the effectiveness of the sandbox and level of suspicious files can have two different levels. If asked how it can be better, a different score or different tag for suspicious files from known vendors and suspicious files from unknown vendors could help. Multiple levels of suspicious files, scores, or tags could be something that can be configured. For example, when using the sandbox to scan files that you download from the internet to different environments, such as air gap environments, and in this environment you manage IBM servers, if you scan the file and select that you are using it for IBM servers before scanning, it could be considered less suspicious. The system could also load a certificate of the file that you download and then determine whether it has a trusted certificate or a certificate that is probably good enough or probably not suspicious most of the time. I am not certain if MetaDefender can do anything else. Perhaps if they want to improve vulnerability management, instead of managing static CVEs, they could have a different method involving CVEs but something else as well. For example, CVEs that can be harmful because they are exploitable could be differentiated. However, this is something that cannot be managed at the MetaDefender level because it is just about files on a perimeter and does not understand the deployment of the environment because it is not running in the real environment. I am not certain if there is a way to do this better. There are some upgrades when MetaDefender has new features, so you have to upgrade. This is not about the upgrade of the engines that happen all the time if you have an internet connection or do it manually. The maintenance can take significant effort that causes most people not to upgrade and update it all the time. Considering offline users, offline environments, and environments with no internet, easier updates could be helpful. The upgrade of MetaDefender version, whether email or MetaDefender Core, is very quick. I would rate this review eight out of ten.
Cyber Security Specialist at a insurance company with 1,001-5,000 employees
Real User
Nov 10, 2023
I would do a proof of concept because we are talking about cybersecurity. We ran tests for free for about three months. After our testing we were happy with the results.
Co Founder / CEO at a tech company with 11-50 employees
Real User
Apr 18, 2023
I give MetaDefender an eight out of ten. We do not utilize MetaDefender to detect attacks such as spam, blackmail scams, or malicious phishing attempts. While these types of attack prevention features are available with MetaDefender, we have not incorporated them as the feature is relatively new to the market, having been introduced within the last year. In this field, there are already major players such as Forcepoint, Trustpoint, and IronPort which are established brands that offer similar services. Therefore, we solely rely on email for data communication. Our customer base comprises several hundred clients. For average maintenance, two people are required. I recommend having a solution with Zero-day protection, but the add-on is not cheap. MetaDefender is a unique solution in the industry and I recommend it.
MetaDefender provides advanced multiscanning capabilities using 30+ anti-malware engines, ensuring high detection efficacy and robust prevention mechanisms.
MetaDefender's approach combines multiple security technologies like Metascan, Deep CDR, and adaptive sandboxing. These integrated solutions offer comprehensive protection against malware and vulnerabilities, catering to cloud, on-prem, and hybrid environments with enhanced performance and automation.
What are the key features of...
The sandbox helps in cases of suspicious files. However, the sandbox alert indicates suspicious activity for many different files. When we test some files that we download from vendors' official sites for server BIOS upgrades or firmware upgrades on servers, such as files from Dell or HPE, these files are also considered suspicious for many use cases. The sandbox is good only for specific areas. If discussing email, it can be good. However, if discussing large files, the sandbox can indicate suspicious activity in almost every executable file. This causes customers not to believe in the results. They say it is suspicious, but it is fine to them. Even if something is actually suspicious, it does not receive attention because of the many files that should be legitimate but are considered suspicious. Perhaps the effectiveness of the sandbox and level of suspicious files can have two different levels. If asked how it can be better, a different score or different tag for suspicious files from known vendors and suspicious files from unknown vendors could help. Multiple levels of suspicious files, scores, or tags could be something that can be configured. For example, when using the sandbox to scan files that you download from the internet to different environments, such as air gap environments, and in this environment you manage IBM servers, if you scan the file and select that you are using it for IBM servers before scanning, it could be considered less suspicious. The system could also load a certificate of the file that you download and then determine whether it has a trusted certificate or a certificate that is probably good enough or probably not suspicious most of the time. I am not certain if MetaDefender can do anything else. Perhaps if they want to improve vulnerability management, instead of managing static CVEs, they could have a different method involving CVEs but something else as well. For example, CVEs that can be harmful because they are exploitable could be differentiated. However, this is something that cannot be managed at the MetaDefender level because it is just about files on a perimeter and does not understand the deployment of the environment because it is not running in the real environment. I am not certain if there is a way to do this better. There are some upgrades when MetaDefender has new features, so you have to upgrade. This is not about the upgrade of the engines that happen all the time if you have an internet connection or do it manually. The maintenance can take significant effort that causes most people not to upgrade and update it all the time. Considering offline users, offline environments, and environments with no internet, easier updates could be helpful. The upgrade of MetaDefender version, whether email or MetaDefender Core, is very quick. I would rate this review eight out of ten.
I would do a proof of concept because we are talking about cybersecurity. We ran tests for free for about three months. After our testing we were happy with the results.
I give MetaDefender an eight out of ten. We do not utilize MetaDefender to detect attacks such as spam, blackmail scams, or malicious phishing attempts. While these types of attack prevention features are available with MetaDefender, we have not incorporated them as the feature is relatively new to the market, having been introduced within the last year. In this field, there are already major players such as Forcepoint, Trustpoint, and IronPort which are established brands that offer similar services. Therefore, we solely rely on email for data communication. Our customer base comprises several hundred clients. For average maintenance, two people are required. I recommend having a solution with Zero-day protection, but the add-on is not cheap. MetaDefender is a unique solution in the industry and I recommend it.