Malware attacks are dominating the news cycle, causing massive loss to data and brand credibility all the while effortlessly crippling the individuals, businesses, and governments they are targeting. From SolarWinds and the European Banking Authority to the seemingly never-ending attacks on Microsoft Exchange and countless others, malware is increasingly becoming the vehicle used to compromise critical assets and change the dynamic between hacker and the hacked. And more often than not (94% by CSO Online’s estimates), comes through email attachments.
With the threat of cyberattack increasingly focused on the email gateway new technologies are being refined to meet the risk and provide a layer of sanitization to ensure end-users receive malware-free files.
What is CDR?
Content Disarm and Reconstruction technology is a deep inspection and file sanitization process engineered to protect against data compromises originating from file-based malware. CDR offers a detection-less and no-latency-added solution which is notably different from common sandbox-based anti-malware tools in the market.
On a granular level, CDR focuses on verifying the validity of the file structure on the binary level and disarms both known and unknown threats. CDR’s strategic value lies in its capabilities to protect malware penetration into enter an organization’s network through file based attachments.
With CDR, all malware forms, including zero-days, which are maliciously embedded in transit files are sanitized and purged of malicious content. This ensures the end-user can access only malware-free content, while still maintaining maximum file functionality.
The result of the CDR process produces can produce one of three permutations.
- A flattened file delivered as a safe but unfunctional PDF (CDR Type 1)
- A file with active content, macros, and other malicious and safe content removed (CDR Type 2)
- A safe copy of the original file on a clean template, or a file with full functionality intact (CDR Type 3, Positive Selection technology)
Through the use of CDR technology organizational networks are better able to defend cyber threats that originate from multiple channels including files from multiple avenues, including email, web browsers, file servers, and FTP as well as cloud and other computer endpoint devices.
How does CDR differ from legacy solutions?
Differing from the traditional cybersecurity toolbox, CDR defends against new and unfamiliar threats that common security methods such as – antivirus, sandbox, and even EDR systems – from being bypassed.
The CDR file sanitization process is an ideal complementary solution to be deployed with existing sandbox-based systems technology as it doesn’t focus on discovering harmful code, or detection-based models (which are often ineffective when attempting to find a zero-day attack) but emphasizes the strategic value of disrupting and purging all malicious code embedded inside files – without the time-consuming guesswork, statistical analysis, or user behavior analysis that would often be required to counter these threats.
While CDR may not be a viable standalone solution to fully mitigate risk, in consort with legacy solutions it is highly effective at eliminating the threat of unknown malware and zero-day exploits. Additionally, because CDR relies upon an intensive deep file inspection process, end users are given assured that all embedded file components have been removed from their malicious components.
What do the experts think?
According to Gartner: “As malware sandbox evasion techniques improve, the use of CDR at the email gateway, as a supplement or alternative to sandboxing will increase. CDR breaks down files into their discrete components, strips away anything that doesn’t conform to that file type’s original specs or company policies, and rebuilds a clean version that continues to the intended destination. This real-time process removes zero-day malware exploits without impacting business productivity typically caused by sandbox detonation and quarantine delays.”
By preventing the inflow of new malware, SMB can rely upon off-the-shelf antivirus or firewall products to detect previous infections, while utilizing CDR to prevent future data breaches.
Enterprise technology coming to SMB
For the vast majority of its history in the public sphere, CDR technology has been either cost-prohibitive to SMBs or niche in its solution in an undervalued security domain. While sandbox-based cybersecurity systems and the common cohort of legacy products are easy to implement and have broad industry recognition, CDR has just recently made this leap to broader market accessibility.
How to integrate CDR into your cybersecurity strategy?
CDR systems, just like any other technical elements of a company’s security policy, are only as effective as those using them. While CDR can seamlessly block and purge malicious elements in file attachments, it cannot replace the broader cybersecurity awareness of those implementing the solution. In practice, CDR works best when it’s used in consort with employee education and the effective implementation of legacy cybersecurity products. By adding a native level, or third-party CDR product to your broader cybersecurity policy, admins can ensure expanded email security and minimize the risks of phishing attacks, ransomware, and zero-day attacks.
What does the future hold?
CDR solutions are already providing notable malware protection in a range of industries, from energy and manufacturing to healthcare and utilities, businesses around the world are increasingly evaluating and deploying CDR solutions to provide support and mitigate the risk of file-based attacks. While Content Disarm and Reconstruction technology has not traditionally been in the equation for cybersecurity for many businesses the rise of SMB geared solutions and SaaS pricing models has enabled CDR to gain greater market traction to provide malware protection for organizations and individuals across all sectors.
This was originally published in RT Insights