Tresys Technology

As new and more sophisticated cyber attacks evolve, mobile devices are becoming a popular threat vector. XD Air [USG program name FiST] provides unique mobile media protection by ONLY allowing trusted content to be shared. Using a kiosk based solution, XD Air inspects, filters and cleans data on your device, making it safe to use, even in the most sensitive networks.

XD Air was developed under the USG program name of FiST in response to the highly publicized USB "thumb drive" threat in November 2008. As a result, USB devices have been restricted or even banned in critical environments. However, these drives were widely used to share vital information between users, partners and applications so the need for a solution was evident.

XD Air enables secure use of USB devices for US DoD mission critical environments.

Benefits

Protects against zero day exploits by enforcing policy that only passes content that is known to be completely reliable and compliant with file format standards.
Prevents information leaks by augmenting the “known good” checks with extensive clean/dirty word filtering capabilities.
Conducts deep content inspection and analysis to uniquely verify that file formats are correct and that metadata and other “hidden” areas have not been exploited as carriers of information or new exploits.
Detects, cleanses, removes, and stores malicious hidden content, viruses, and malware for forensic analysis.
Addresses threats and sources unique to USB drives, such as fake CD ROM devices that can deliver executable content.
Integrates with encrypted USB drives from several manufacturers.

Read the Product Sheet For More Information

XD Air Information Sharing FiST File Sanitizaion Deep Content Inspection Content Filtering USB Threat Solutions Zero Day Assured Information Sharing Information Security Soltuions

XD Air Design

XD Air User Interface

XD Air Reporting Interface

XD Air Admin Interface

Click to enlarge

XD Air 4.2 is now generally available and implements customer-driven support features for evolving requirements, including:

Migration to AFT 1.3 which enables:

Support for Microsoft Office® 2010 file types
Support for UTF-8 (Unicode)

Ability to process larger files, up to 1GB (depending on file type)
Option to include dirty word matches in the manifest
Support for additional media types including legacy SCADA devices, SD cards, and compact flash through supported USB adapters
Ability to process USB hard disks up to 250 GB as well as floppy drives
Administrator option to customize warning banner
Improved detail in the manifest for transferred, omitted, and modified files
Ability to sign destination media for secure distribution to another XD Air site

The XD Air package includes the following:

64 bit custom laptop with 30 months warranty (specifically excludes wireless network capability) with BIOS configured for proper operation
All software installed and ready for use
All licenses for included software for one year
Color coded dongles for “source” and “target” USB drives
Complete user and administrator documentation
Tier three support included
Administrator and engineering support training available

Device & File Support List

Laptop-based Kiosk · Built for a COTS 64 bit platform to support rapid deployment and mobile operations. Appliance-like functionality minimizes user error.

Isolated environments · Uses SELinux and Tresys VM Fortress to positively isolate the "dirty" side of the application from the "clean" side where sanitized files are stored. Isolation ensures:

Safe handling of virus and malware infected files
Secure device erasure
Strong transactional separation

Adaptable filters · Provide state of the art identification of advanced malware and viruses and integrates new filters as other attacks are identified in the future. Filtering features include the following:

Detect virus or malware infected files
Clean and verify files are cleansed
Remove unknown file types
Remove steganography
Analyze, remove, and cleanse embedded objects
Remove or cleanse color or size obfuscated text
Remove macros from documents
Remove or cleanse metadata
Remove unrecognized data
Validate file formats
Hidden content identification and cleansing

Forensic capability · Stores "dirty" data in controlled and isolated environment for forensic analysis; critical in threat detection to adapt XD Air to evolving attacks.

File Types · XD Air supports many file types, including the following:

Word (.doc, .docx, .docm)
Excel (.xls, .xlsx, .xlsm)
PowerPoint® (.ppt, pptx, .pptm)

ASCII text files (.txt)
Portable Document Format (.pdf)

BWT zip (.bz2)
UNIX tar (.tar)
Pkzip (.zip)
GNU zip (.gz)

Joint Photographic Experts Group (.jpg, .jpeg)
Windows® Bitmap (.bmp)
Tagged Image Format (.tif, .tiff)
Windows® Metafile (.wmf)
Windows® Enhanced Metafile (.emf)
Graphics Interchange Format (.gif)
Portable Network Graphics (.png)

1. What does XD Air do?

XD Air enforces a policy of permitting only known good content to pass through to a target medium. This policy of whitelisting is the best available defense against Zero Day exploits. XD Air also provides blacklisting capabilities that enable protection against inappropriate exfiltration of information content that is not malware, but should not transition the boundary protected by the XD Air system. XD Air uses a complex stream of inspection and cleansing filters to process the files, protected within layers of SELinux security to protect the device itself from subversion.

2. What requirements does FiST meet for DoD users?

XD Air meets the requirements of JTF-GNO CTO 10-004a, US CYBERCOM CTO 10-084, and US CYBERCOM CTO 10-133. In each case, FiST is explicitly called out as a requirement for certain use cases within the CTO.

3. How does a user interact with XD Air?

XD Air is a kiosk with a clear user interface. A user inserts a suspect USB drive or other media into XD Air where it is scanned, cleaned, and made ready for use in USG systems and networks. The user then selects a destination for the cleansed data, such as a new CD/DVD, USB drive, or the original USB drive.

4. What happens to infected or unrecognized files identified by XD Air?

Files with unrecognized formats will be removed by XD Air. Recognized files that contain malicious or hidden content will be cleansed for safe use if possible. Otherwise, the file will be removed.

5. Does XD Air work with encrypted USB devices?

XD Air currently supports MXI and IronKey Enterprise, Personal, and Basic versions for source ("dirty" files) and destination ("sanitized" files). Other encrypted USB devices will be supported in the future.

6. What happens to my password protected files like a DOC or a ZIP?

XD Air does not currently support password protected files. These files are removed during the sanitization process.

7. Are there file or device size limits?

Single file size is currently limited up to 1 gigabyte (the actual limit depends on the file type and its composition). XD Air supports Hard Drives and Solid State Drives larger than 30 gigabytes. (We have successfully tested 1 terabyte drives).

8. How long will XD Air take to sanitize my files?

The total time needed to sanitize files depends on the number, the size, and the type of files on the device or media.

XD Air ™