USB "thumb drives" are widely used to share vital information in forward locations, move data between coalition partners, deliver command instructions and situation briefs and a wide variety of other applications. Recently, USB drives have been identified as an attack vector for various forms of advanced viruses and malware that could impact critical systems. As a result, their use has been restricted or even banned in some environments. Tresys FiST is a unique solution that disinfects USB devices, CDs, DVDs and files to enable secure use of the devices in mission critical environments.
- Conducts deep content inspection and analysis
- Detects, cleanses, removes and stores (for forensic analysis) malicious hidden content, viruses and malware
- Addresses sources of attacks targeting IT systems via portable media
Enables secure data sharing with USB devices that are widely used to handle vital information in forward locations, move data between coalition partners, deliver command instructions and situation briefs and a wide variety of other applications.
Reduces risk of USB as an attack vector for current forms of attacks and allows integration of new filters and capabilities to deal with emerging attacks as well as additional devices as requirements evolve.
Minimizes support requirements by locking down FiST operations to ensure that minimal user interaction is needed (or allowed) to properly scan and sanitize USB devices and files. A simple CONOPS combined with appliance-like operations reduce the chance of operator error or service interruption.
Captures infected files for forensic analysis to support the identification of attack types, trends, and sources.
- Laptop-based Kiosk · Built for a COTS 64 bit platform to support rapid deployment and mobile operations. Appliance-like functionality minimizes user error.
- Isolated environments · Uses SELinux and Tresys VM Fortress to positively isolate the "dirty" side of the application from the "clean" side where sanitized files are stored.
- Adaptable filters · Provide state of the art identification of advanced malware and viruses and integrates new filters as other attacks are identified in the future.
- Forensic capability · Stores "dirty" data in controlled and isolated environment for forensic analysis; critical in threat detection to adapt FiST to evolving attacks.
Detect virus or malware infected files
Quarantine virus or malware infected files
Safe handling of virus and malware infected files
Clean and verify files are cleansed
Remove unknown file types
Remove steganography
Analyze, remove, cleanse embedded objects
Remove or cleanse color or size obfuscated text
Remove macros from documents
Remove or cleanse metadata
Remove unrecognized data
Validate file formats
Embedded object extraction and scanning
Secure device erasure
Hidden content identification and cleaning
Forensic imaging
Strong transactional separation
Supported Filetypes:
Microsoft® Office (97-2007)
- Word (.doc, .docx, .docm)
- Excel (.xls, .xlsx, .xlsm, .xlsb)
- PowerPoint® (.ppt, pptx, .pptm)
Text and Presentation Files
- ASCII text files (.txt)
- Portable Document Format (.pdf)
Compressed Files
- BWT zip (.bz2)
- UNIX tar (.tar)
- Pkzip (.zip)
- GNU zip (.gz)
Image Files
- Joint Photographic Experts Group (.jpg, .jpeg)
- Windows® Bitmap (.bmp)
- Tagged Image Format (.tif, .tiff)
- Windows® Metafile (.wmf)
- Windows® Enhanced Metafile (.emf)
- Graphics Interchange Format (.gif)
- Portable Network Graphics (.png)
1. What does FiST do?
- FiST identifies malicious code residing on infected removable media and removes that code, making the media and its files safe for use. FiST uses virus scanners and other filters to process the files.
2. How does FiST work?
- FiST works in a kiosk-like fashion. A user inserts a suspect USB drive or other media into FiST where it is scanned, cleaned, and made ready for use in USG systems and networks. It is designed to be extremely user friendly with very limited administration required.
3. What happens to infected or unrecognized files identified by FiST?
- Files with unrecognized formats will be removed by FiST. A list of supported formats is included in the data sheet.
- Recognized files that contain malicious code will be atomized, cleansed, and re-assembled for safe use.
4. Does FiST work with encrypted USB devices?
- FiST currently supports MXI and IronKey Enterprise, Personal, and Basic versions for source ("dirty" files) and destination ("sanitized" files).
- Other encrypted USB devices will be supported in the future.
5. What happens to my password protected files like a DOC or a ZIP?
- FiST does not currently support password protected files. These files are removed during the sanitization process.
6. Are there file or device size limits?
- Single file size is currently limited to 100 megabytes.
- Reuse USB supports up to 8 gigabyte devices.
- Standard CD and DVD are supported up to 16 gigabytes.
7. How long will FiST take to sanitize my files?
- The total time needed to sanitize files depends on the number, the size, and the type of files on the device or media.
