OPSWAT’s Benny Czarny on Retooling the Language of Cybersecurity
If you spend enough time in this industry, you start to recognize a pattern. A new “platform” appears, slaps some AI on the label, piles on yet another agent, and declares itself the silver bullet for all things cyber. CISOs smile politely, add it to the comparison spreadsheet, and quietly wonder how many more moving parts their teams can tolerate before something important drops.
OPSWAT is not that kind of story.
Talking with Benny Czarny, founder and CEO of OPSWAT, you don’t get a pitch deck. You get what feels like a field report from someone who has spent the last two decades living inside the plumbing of cybersecurity, trying to fix what is fundamentally broken: how our tools talk to each other, how they handle files, and how we protect the most fragile systems on the planet.
As he put it in our conversation, his journey started with a very simple but devastating observation:
“The big issue was failure on the industry to communicate, to create, like a cybersecurity language.”
That language became the foundation of OPSWAT. The rest is the story of how a behind-the-scenes OEM engine turned into a critical infrastructure protection platform, complete with multi‑AV scanning, file regeneration (CDR), a diode product line, a managed file transfer platform that doesn’t require you to bolt on 20 other tools, and a global training academy turning out hundreds of thousands of certified practitioners.
This is not just another security startup. This is the company that quietly decided the antivirus industry had the wrong problem definition, then went off and built a new one.
From Bookstore Headaches to Critical Infrastructure
By the time we spoke, Benny had just published a book about this journey. Getting it into the world, he discovered, is its own lesson in integration pain.
“We launched the book through Amazon and through Blurb. Actually, the first launch was through Blurb. It was much harder to release it through Amazon… Amazon process is not as smooth as, like, Blurb and others. I mean, you would think, right? Amazon started a business with books, bookstore.”
The book is now available on Amazon and Kindle, with an audiobook on the way, and Benny is blunt about where the real market is:
“Mid May, I expect to have an audio version, and I understand that actually, most of the books these days are actually audio books… 70% of the transactions, apparently, audio books.”
The book matters here because it mirrors the OPSWAT journey: a narrative of how a company that started as a “secret weapon” for security vendors became a central player in protecting critical infrastructure worldwide.
The First Big Idea: A Cybersecurity Language
In the early days, OPSWAT was not building shiny dashboards for CISOs. It was in the engine room, solving a problem that most executives never see but every security architect feels in their bones.
“Initially it was miscommunication between cybersecurity products, which is completely different than critical infrastructure protection. The issue that I noticed is that cybersecurity products fail to communicate… VPNs, STPs, IDPs fail to communicate with antiviruses, firewalls, VPNs, encryption products. And that represents a big portion of cybersecurity incidents.”
Benny looked at a market with more than 4,000 cybersecurity vendors, each trying to reinvent its own way of integrating with others.
“In each one of those cybersecurity companies, they are trying to reinvent the wheel by creating communication protocols with other cybersecurity products.”
The result was a fragmented, brittle ecosystem where products “integrated” about as well as diplomats on a bad day.
So OPSWAT built a cybersecurity language and did something unfashionable in a world obsessed with logos and front‑end control: it went OEM.
“The go to market for the first big idea was actually OEM. So we’ve been like the secret cybersecurity weapon. Think about that as… a cybersecurity language, a toolkit… to accelerate their development of cybersecurity products.”
Benny went to the majors — Palo Alto, Cisco, HP and dozens more — and offered them a way to standardize how their products interacted with others. Today, he notes:
“Up until now, we have, like, close to 100 key cybersecurity companies, actually more than 100, that license this technology, and these 100 cybersecurity companies are the top 100 cybersecurity companies in the industry.”
For most vendors, that would be the exit strategy. For Benny, it was just the first act.
When Testing the Language Exposed a Bigger Problem
Once the language was embedded in millions of endpoints, the OPSWAT team hit a very uncomfortable realization.
They built a large‑scale testing platform called Xperia.
“We formed the team, a quality assurance team, and we built a testing platform called Xperia… 1000s of virtual machines, each one of them has a different cybersecurity product installed… every time a virtual machine launched, we test the compatibility of the language against these specific cybersecurity products.”
Among those thousands of VMs were antivirus engines, running in several modes. The language they created had constructs like:
“One of the cybersecurity language [functions] was antivirus.scan_file… We also have antivirus.scan_folder… and also we have in the language, antivirus.real_time_protection.”
And this is where things went sideways for the industry.
The antivirus world loves to show pretty charts from AV‑Comparatives and similar test labs, with 99.99% efficacy scores. Those, Benny points out, are almost entirely about device protection.
“The antivirus industry is mainly built around protecting a device… Whenever you see these cool results of antiviruses, AV‑Test, AV‑Comparatives, 99.99 or something, this is the efficacy of protecting the device.”
But when OPSWAT used its language to ask a simple question — “scan this file” — the numbers crashed.
“Whenever we asked the antivirus ‘scan a file,’ the results were not 99.99. The results were like 50%, 45%. And that was a big aha moment to us… Initially, we thought we have a problem with the language.
The big aha moment came when it was realized that the industry had a fundamental problem with antiviruses not being designed to scan files but rather to protect devices. This should be a concern for those responsible for critical infrastructure because files are often how sensitive environments are compromised. OPSWAT pivoted from being an OEM language provider to focusing on critical infrastructure and developed a “firewall of data” concept. They built a multi-scanner with over 30 antivirus engines to address file transfer security issues, which was not an easy task due to various technical challenges. However, they realized that adding more antivirus engines would not provide the desired level of protection, leading them to develop a new approach called Content Disarm and Reconstruction (CDR) for cybersecurity prevention through file regeneration. CDR technology has proven to be effective in preventing document-based malware, AI-generated payloads, and zero-day threats. OPSWAT’s focus on file flows, transfer paths, and policy enforcement in critical infrastructure environments sets them apart in the cybersecurity industry. They also emphasize the importance of training and have established an academy to educate professionals in critical infrastructure protection. OPSWAT’s goal is to provide a platform with CDR technology that can achieve close to 100% protection for critical infrastructure. Now, we have technology originating from various countries, proactive DLP technology, and AI prediction technology. Additionally, we have a high-speed sandbox technology and numerous technologies specifically designed for critical infrastructure. These technologies are integrated into tangible products such as data diodes, secure managed file transfer (MFT), and kiosks for removable media, creating a cohesive ecosystem.
Furthermore, OPSWAT Academy is training the next generation of critical infrastructure defenders, with 275,000 certified students and growing. The academy is bridging the skills gap in the industry, providing not just certificates but actual job opportunities for its graduates.
On the hardware side, OPSWAT manufactures its own hardware in Tampa, Florida, ensuring secure and traceable components for critical infrastructure. The company’s facility in Tampa has become a showcase for its manufacturing capabilities, reflecting its commitment to building hardware in-house and in the U.S.
At the RSAC Conference, OPSWAT showcased its AI engine for file prediction and its secure MFT platform, simplifying cybersecurity integration and deployment. The company’s approach to sandbox technology involves faster emulation, threat intelligence, and large language models to streamline the work of malware analysts and SOC analysts.
To make cybersecurity topics more digestible for non-technical audiences, OPSWAT produced a film called “Breaking the Firewall: Into the Breach,” featuring familiar science-TV talent. The film simplifies complex cybersecurity concepts for CEO’s, board members, and others, with plans to make it available on streaming platforms soon.
For CISOs and senior security leaders, this story highlights the importance of integrating advanced technologies, investing in training programs, manufacturing secure hardware, and simplifying cybersecurity communication for a broader audience.
Enhancing File Security for Critical Infrastructure: A Guide for CISOs
As a Chief Information Security Officer (CISO) responsible for critical infrastructure, you may find yourself wondering, “What should I do with this information?”
Here are some practical steps to consider:
- Assess Your File Flows:
- Reevaluate Your Antivirus Strategy:
- Consider Multi-Scanning and Content Disarm & Reconstruction (CDR):
- Opt for Comprehensive Platforms:
- Invest in Specialized Training:
Take a closer look at how files enter, move, and interact within your environment, especially in operational technology (OT), industrial control systems (ICS), and critical infrastructure systems. This includes email attachments, SFTP transfers, managed file transfers (MFT), kiosks, vendor media, cloud file shares, and support workflows.
Avoid relying solely on a single antivirus engine for file inspection. If your approach is simply running files through antivirus software and hoping for the best, you may be more vulnerable than you think. Studies show that traditional antivirus solutions catch only 45-50% of file-based attacks, not the touted 99.99%.
For environments where a 99% detection rate is not acceptable, implementing a multi-antivirus approach along with file regeneration through CDR is essential. These measures go beyond conventional antivirus protection to enhance security for critical systems.
When safeguarding critical infrastructure, prioritize platforms over individual security solutions. Look for integrated solutions that address file security, data flows, and critical infrastructure protection as core features, rather than add-ons to IT-centric products.
Equip your teams with focused training on critical infrastructure protection, instead of generic IT security knowledge. Programs like the OPSWAT Academy offer dedicated training for securing OT and ICS environments. Make ongoing training a priority to ensure operational expertise in critical infrastructure security.
OPSWAT’s focus is on ensuring the resilience of data flows within critical infrastructure, aiming for near-failure-proof security measures. For CISOs overseeing high-impact sectors such as energy, manufacturing, utilities, transportation, and healthcare, this specialized focus is not just valuable but essential.
Take Action Now:
If your organization operates critical infrastructure, it’s time to move beyond basic antivirus and minimal file transfer security measures. Consider these proactive steps:
- Conduct a Pilot Test:
- Engage with Knowledgeable Vendors:
- Prioritize Training:
Test a high-risk file flow, such as vendor media entering an OT network or cross-domain transfers, using a multi-scanner and CDR approach. Measure the effectiveness of this enhanced security strategy in detecting and preventing threats.
Collaborate with vendors who can demonstrate real-world data on file-based protection efficacy, rather than relying solely on endpoint protection scores.
Enroll team members in specialized critical infrastructure training programs like the OPSWAT Academy. Ensure that operational knowledge of OT and ICS security becomes a foundational skill for your security teams.
As threats targeting critical infrastructure grow more sophisticated, it’s crucial to move beyond outdated security assumptions. By reassessing your file flows, transfer paths, and OT security posture with a critical eye, and partnering with platforms designed for the unique challenges of critical infrastructure, you can elevate your security posture.
About the Author:
Pete Green, the CISO/CTO of Anvil Works, brings over 25 years of experience in information technology and cybersecurity. He is a seasoned security practitioner with expertise in various roles, from LAN/WLAN Engineer to Virtual CISO. Pete holds advanced degrees in Computer Information Systems and Business Administration, with a focus on information security.
Throughout his career, Pete has supported clients across diverse industries, including government, financial services, healthcare, manufacturing, and technology. His commitment to enhancing cybersecurity for small and medium businesses is evident in his co-authored work, “The vCISO Playbook.”
For more insights and resources on cybersecurity for critical infrastructure, visit www.opswat.com.
“Can you help me with this?”
to
“Would you be able to assist me with this?”
