The fight against malware has become the epic battle of our generation, placing businesses of all sizes against a never-ending stream of hackers and zero-day attacks bent on compromising your security perimeter. The recent SolarWinds breach illustrates how much is currently at stake.
According to the Verizon business 2020 Data Breach Investigations Report an estimated 94% of malware is delivered via email with 90% of malware hidden in common file types such as PDF, Word, Excel, and Zip.
Microsoft has done a great job with Defender for Office 365 (formerly ATP) that includes Safe Attachments – a configurable Sandbox option. The Safe Attachments feature uses a virtual environment to check attachments in inbound email messages before they are delivered to recipients.
The question arises: can Sandbox protection provide complete file attachment security?
According to Gartner’s research on the topic, we learn that the addition of a CDR (Content Disarm & Reconstruction) supplement to network sandboxing methods can provide significant protection against file-based attacks. CDR removes zero-day malware and exploits, while avoiding the negative business productivity impact that is typically caused by sandbox.
FileWall – Native CDR based security add-on for Microsoft 365 Exchange online
odix, an Israeli based cybersecurity company with a proven record of success with enterprise customers joined MISA in 2020 as the first member with a focus on CDR technology, as a low-cost solution for the breadth of all Microsoft customers malware prevention needs.
FileWall brings best in class malware protection capabilities to fully complement Microsoft 365 Defender for Office 365 – combining the best of both worlds – CDR & Sandbox for the ideal file protection solution.
FileWall provides an essential added layer of deep file inspection technology designed to prevent malicious files from bypassing Microsoft’s native level Sandbox based protections (Safe Attachments).
FileWall Complements Microsoft 365 Security Deployments.
FileWall was designed to run in conjunction with Microsoft 365 Defender, ensuring no harm or change to any of Microsoft sender related security capabilities.
FileWall relies upon a detectionless process to remove unknown malware and block malicious elements embedded in files, for the user in complex files scenarios such as nested files, and password protected attachments where traditional sandbox methods could miss or result in lengthy time delays and disruption of business processes. FileWall provides near instant sanitization and reconstruction of files with simple click deployment.
FileWall’s Granular Type Filter – Empowering Microsoft 365 Security
The FileWall file type filter allows the Microsoft 365 system admin to define which file types are permitted to enter the organization and which should be blocked. This minimizes the attack surface the organization is exposing via email by eliminating the threat vectors available in certain file types.
The type filter has three main controls:
- On/Off – enabling or disabling the filter functionality on all file types.
- Work mode (Whitelist/Blacklist)- the ability to create pre-set lists of permitted/non-permitted file types for specific users within the organization
- Default settings – suggested default policy by FileWall which includes 204 file types categorized as dangerous, (this includes executable files (exe), windows batch files (bat) and windows links (lnk) and others.
Microsoft type filter only allows the admin to block (blacklist) file types from a list of 86 types. Filewall supports thousands of file types and extensions.
FileWall leverages CDR technology to find embedded and nested files, and applies the type filter settings on them
What is Content Disarm & Reconstruction (CDR)?
CDR (Content Disarm and Reconstruction) describes the process of creating a safe copy of an original file by including only the safe elements from the original file. CDR focuses on verifying the validity of the file structure on the binary level and disarms both known and unknown threats.
This is very different from anti-virus and sandbox methods that scan for threats, detect a subset of malware and block files. With CDR, all malware, including zero-days, are disarmed and the user gets a safe copy of the originally infected file.
In order to enjoy the benefits of both worlds, it is recommended to combine FileWall with Microsoft Defender native Sandbox. FileWall CDR will protect from known and unknown threats delivered via commonly used files and will allow scale and speed;
The sandbox can manage executables and active content.
FileWall’s CDR capabilities – Empowering Microsoft 365 Security
The FileWall CDR engines allow Microsoft 365 system admin to define which data elements and active components are permitted to enter the organization and which should be removed. For example, an admin can define that macros will be removed for the entire organization but allow them for members of a certain group and only in specific file types (xlsm for example). This minimizes the attack surface the organization is exposing via email by eliminating the threat vectors available in certain file types.
How does FileWall improve Microsoft 365 Defender’s security capability?
As a complementary solution to Microsoft 365 Defender, FileWall:
- Seamlessly disarms malware from commonly used files
- Complete visibility for systems administrators for all attachment traffic
- Malware prevention and granular type filter capabilities on nested files and embedded objects
- Blocking of password protected files by policy
- Simple click deployment
- Automatic security reporting to Microsoft Sentinel
FileWall delivering malware free attachments in real time
As a native level security add on within Microsoft Exchange Online, with no SMTP relay required, FileWall doesn’t harm productivity. Consequently, all of FileWall’s settings have been configured to complement existing security protocols. FileWall’s speed in processing files whether Microsoft 365 Defender is on (monitor mode) or off is near instantaneous for common file types.
Value of FileWall for the Microsoft 365 community
odix is an industry leader in developing and optimizing Content Disarm and Reconstruction technology for the enterprise and SMB markets. odix’s flagship CDR add on, FileWall is available for direct purchase in the Microsoft marketplaces.
FileWall has already proven its worth in the field, providing best in class email protection in a broad range of IT and industrial settings. Clariter, a global clean-tech company was seeking an additional security layer to enhance its email security systems and found FileWall the ideal solution. To read the full case study click here. https://customers.microsoft.com/en-us/story/862455-odix-clariter-microsoft-365-israel
To learn more about FileWall, visit our listing in the Azure Marketplace (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/odix.filewall?tab=overview) . In addition, Microsoft CSPs can bundle FileWall via Microsoft Partner Center. Microsoft 365 & Exchange Online Administrators can get a free license of FileWall at: https://www.odi-x.com/filewall/