The fight against malware has become the epic battle of our generation, placing businesses of all sizes against a never-ending stream of hackers and zero-day attacks bent on compromising your security perimeter. The recent SolarWinds breach illustrates how much is currently at stake.
According to the Verizon business 2020 Data Breach Investigations Report, an estimated 94% of malware is delivered via email with 90% of malware hidden in common file types such as PDF, Word, Excel, and Zip.
Microsoft and other major email service providers have done a great job with a configurable Sandbox option, however, malware continues to elude detection and end-users are continuing being placed at risk for zero-day attacks.
The question arises: can Sandbox protection provide complete file attachment security?
According to Gartner’s research on the topic, we learn that the addition of a CDR (Content Disarm & Reconstruction) supplement to network sandboxing methods can provide significant protection against file-based attacks. CDR removes zero-day malware and exploits, while avoiding the negative business productivity impact that is typically caused by sandbox.
FileWall – Native CDR based security add-on for Microsoft 365 Exchange online
odix, an Israeli-based cybersecurity company with a proven record of success with enterprise customers joined MISA in 2020 as the first member with a focus on CDR technology, as a low-cost solution for the breadth of all Microsoft customers malware prevention needs.
FileWall brings best-in-class malware protection capabilities to fully complement Microsoft 365 Defender for Office 365 – combining the best of both worlds – CDR & Sandbox for the ideal file protection solution.
FileWall provides an essential added layer of deep file inspection technology designed to prevent malicious files from bypassing Microsoft’s native level Sandbox-based protections (Safe Attachments).
FileWall Complements Sandbox-based Security Deployments.
FileWall was designed to run in conjunction with Sandbox-based security layers, ensuring no harm or change to any of sender-related security capabilities.
FileWall relies upon a detectionless process to remove unknown malware and block malicious elements embedded in files, for the user in complex files scenarios such as nested files, and password-protected attachments where traditional sandbox methods could miss or result in lengthy-time delays and disruption of business processes. FileWall provides near-instant sanitization and reconstruction of files with simple click deployment.
- What is Content Disarm & Reconstruction (CDR)?
CDR (Content Disarm and Reconstruction) describes the process of creating a safe copy of an original file by including only the safe elements from the original file. CDR focuses on verifying the validity of the file structure on the binary level and disarms both known and unknown threats.
This is very different from anti-virus and sandbox methods that scan for threats, detect a subset of malware, and block files. With CDR, all malware, including zero-days, are disarmed and the user gets a safe copy of the originally infected file.
In order to enjoy the benefits of both worlds, it is recommended to combine FileWall with Microsoft Defender native Sandbox. FileWall CDR will protect from known and unknown threats delivered via commonly used files and will allow scale and speed;
The sandbox can manage executables and active content.
FileWall’s CDR capabilities – Empowering Sandbox based Security
The FileWall CDR engines allow sandbox-based systems to define which data elements and active components are permitted to enter the organization and which should be removed. For example, an admin can define that macros will be removed for the entire organization but allow them for members of a certain group and only in specific file types (xlsm for example). This minimizes the attack surface the organization is exposing via email by eliminating the threat vectors available in certain file types.
How does FileWall improve Sandbox-based security capability?
As a complementary solution to Microsoft 365 Defender, FileWall:
- Seamlessly disarms malware from commonly used files
- Complete visibility for systems administrators for all attachment traffic
- Malware prevention and granular type filter capabilities on nested files and embedded objects
- Blocking of password-protected files by policy
- Simple click deployment
Value of FileWall for the Microsoft 365 community
odix is an industry leader in developing and optimizing Content Disarm and Reconstruction technology for the enterprise and SMB markets. odix’s flagship CDR add-on, FileWall is available for direct purchase in the Microsoft marketplaces.
FileWall has already proven its worth in the field, providing best-in-class email protection in a broad range of IT and industrial settings. Clariter, a global clean-tech company was seeking an additional security layer to enhance its email security systems and found FileWall the ideal solution. To read the full case study click here.
To learn more about FileWall, visit our listing in the Azure Marketplace. In addition, Microsoft CSPs can bundle FileWall via Microsoft Partner Center. Microsoft 365 & Exchange Online Administrators can get a free license of FileWall at: https://www.odi-x.com/filewall/