Aller au contenu
Contact
Product · Removable media decontamination

Sanitization station.

Analyse and sanitise every USB drive or removable disk before it touches your information system. A physical decontamination airlock, four analysis engines, centralised oversight.

ANSSI-recommended approach 4 analysis engines Hexceos secure cloud
The most underestimated attack vector

A USB drive takes
none of your paths.

All your defences inspect traffic and network access. Removable media bypasses the firewall, the mail gateway and the network antivirus, and reaches the endpoint directly.

Web · Email Firewall Mail gateway Network antivirus Your IS · endpoints & servers
USB drive direct bypass, no control

The threat reaches the endpoint with no control at all and breaks the defence-in-depth principle.

The scale of the threat

Removable media,
a rising vector.

51%

of all malware now spreads through removable media.

× 6 in five years, 9% in 2019.
20%

of industrial cyberattacks start from a removable media vector.

+27%

more malware delivered via USB in a single year, the vector is rising again.

82%

of detected malware can directly disrupt operations.

The Hexceos sanitization station

A physical
decontamination airlock.

Before any use on the IS, every media is plugged into the dedicated station and fully analysed. Three steps, one clear decision.

1

Plug in the media

USB drive, disk, card, into the dedicated station.

2

Run the analysis

All four engines run in a single click.

3

Release the files

Validated for use with full confidence.

Clean media,
protected IS.

"Decontamination station" approach recommended by ANSSI.

Decontamination in depth

Four engines,
complementary.

From already-catalogued malware to the never-seen payload: each engine covers what the others let through.

01 · Antivirus

Multi-engine signatures.

Signature-based analysis from multiple vendors, with threat databases updated continuously.

  • Known malware and trojans
  • Catalogued worms and ransomware
  • Threats listed by vendors

The first line: rules out the vast majority of already-known threats.

02 · Hashdb

Cryptographic fingerprint.

Each file's SHA-256 fingerprint is compared against known databases, blacklists and whitelists.

  • Blocks known malicious files (blacklist)
  • File integrity control
  • Allows only trusted files (whitelist)

A binary, instant decision on already-qualified files.

03 · YARA

Behavioural rules.

Detection via behavioural rules and patterns, beyond frozen signatures.

  • Malware variants and repackagings
  • Targeted threats and APT campaigns
  • Families identified by their TTPs

Catches what classic signatures let through.

04 · CDR

Disarm & reconstruct.

Every file is disassembled, stripped of any active element, then rebuilt clean, without relying on a signature.

  • Embedded macros and scripts
  • OLE objects and active content
  • Unknown payloads and 0-days

Neutralises even what has never been observed.

The Hexceos secure cloud

Every station,
under oversight.

Your stations' health status and all security reports are centralised in the Hexceos secure cloud, available at any time for the CISO.

Real-time health status

Availability, database versions, maintenance alerts.

Security reports

Analyses, detected threats, blocked media, exportable logs.

Permanent oversight access

View from anywhere, through a dedicated encrypted access.

12
Active stations
99.9%
Availability
100%
Databases up to date
PDF · CSV
Exportable logs
Frequently asked questions

The sanitization
station, in plain terms.

What is a sanitization station (station blanche)?

A physical decontamination airlock for removable media: before any use on your information system, every USB drive, disk or card is plugged into a dedicated station and fully analysed. Files are only released once confirmed clean.

Why does a USB drive bypass network defences?

The firewall, the mail gateway and the network antivirus inspect traffic and network access. Removable media takes none of those paths: it reaches the endpoint with no control at all and breaks the defence-in-depth principle. 51% of malware now spreads through removable media.

Which analysis engines does the station use?

Four complementary engines: a multi-engine antivirus for known threats, Hashdb (SHA-256 fingerprints checked against blacklists and whitelists), YARA (behavioural rules and patterns for variants and APTs) and CDR (Content Disarm & Reconstruction) which neutralises unknown payloads and 0-days.

Is the sanitization station aligned with ANSSI recommendations?

Yes. The removable-media "decontamination station" approach is recommended by ANSSI (the French cybersecurity agency). The Hexceos Sanitization Station embodies that airlock, with centralised oversight in our secure cloud for the CISO.

Take action

Secure every
removable media.

Request a demo of the Hexceos Sanitization Station, on your media, in your conditions.