The Fireglass


Fireglass returns to Black Hat to present best practices for thwarting attacks from malicious documents

By Julie Azoulai , Mar, 23 2017

Documents including PDFs and MS Office files (e.g. docx, xlsx, pptx) contain countless vulnerabilities that put enterprises at risk. Adversaries often leverage these vulnerabilities to deliver malware, steal sensitive information, and cause damage. However, IT security teams cannot limit employee access to documents without severely impacting productivity and hurting the business.

One of the most prevalent problems is caused by employees who inadvertently download malicious files through the browser. The Fireglass team has invested countless hours to create a robust offering that provides 100% protection from malicious documents.

Following a packed session on Account Jumping Post Infection Persistency & Lateral Movement in AWS at Black Hat USA 2016, Fireglass' CTO and Co-founder, Dan Amiga and Security Research Leader, Dor Knafo return to Black Hat Asia 2017 (March 28-30), to share best practices for building a robust documentation analysis pipeline that provides full protection from malicious documents. Their session is titled:

The Irrelevance of K-bytes Detection - Building a Robust Pipeline for Malicious Documents

Session Synopsis: This session will cover the best practices on building a document analysis pipeline including, true type detection, sandboxing, signatures, dynamic/static content inspection, isolation and content disarming and reconstruction. It will also cover the attacker's view and different evasion techniques of malicious payloads going through a carefully designed document analysis pipeline. Dan and Dor will recommend mandatory building blocks for designing such a pipeline.

The two will also share real war stories including defining the right amount of tolerance for balancing between productivity, performance, vendor integration and success rates, future adaptability of the pipeline and practical implementation details.

If you are attending the conference, we invite you to join the Fireglass session which will take place on March 30 from 3:30-4:30 pm in the Simpor Junior Ballroom 4812.

To learn more about the Fireglass Threat Isolation Platform, you are also welcome to contact us at to set up an onsite meeting with Dan and Dor.

Enjoy the conference!

Share this blog:
Julie Azoulai
Julie Azoulai

Julie leads Product Marketing for Fireglass. Julie has over 20 years experience in product marketing, content writing, and creating engaging end-user information for customers. Prior to joining Fireglass, Julie led digital and product marketing for an enterprise SaaS offering at Hewlett Packard Enterprise.

Recommended Reading