What is Content Disarm and Reconstruction ?
Content Disarm & Reconstruction (CDR) is a computer security technology for removing potentially malicious code from files. Unlike malware analysis, CDR technology does not determine or detect malware functionality but removes all file components that are not approved within the system definitions and policies. It is used to prevent cyber security threats from entering a corporate network perimeter. Channels that CDR can be used to protect include email and website traffic. Advanced solutions can also provide similar protection on computer endpoints, or cloud email and file sharing services.
How does it work ?
CDR, or Content Disarm Reconstruction, also operates targeting malicious files. It disassembles a file, removes malicious code and creates a sanitized file respecting the company policy or the file type’s specification (International Organization for Standardization -ISO). Then, it delivers the file to the user.
How does CDR Guarantee Protection from all file based threats ?
CENTRALIZED : The technology doesn’t need to be installed on a specific machine, it can be installed on the network itself, internally. Each incoming file will need to be disarmed before entering the organization’s network, allowing security to manage and maintain one product on the organizational level rather than multiple levels.
SIGNATURE-LESS : CDR does not look to detect or uncover what’s inside a file, and it does not have the intention of scanning a file to understand what it is doing or where it’s heading. Instead, think of CDR like a gate into your network. Any file that comes through this gate is automatically disassembled, sanitized down to its basic elements, and reconstructed as a new and safe version of itself. Because of this unique difference, unlike antivirus, CDR does not rely on a known database of external threats, and it does not need to mark your files as benign or malicious.
AUTOMATIC : Unlike sandboxing or policy creation, CDR acts on 100% of your files automatically. No need to decide which files need checking or where the risk might be coming from.
EFFICIENT : The whole process of CDR takes less than a second. It remains invisible to your users, doesn’t slow down your operations, and actually reduces bottlenecks as all files can be opened immediately, risk-free.
COST-EFFECTIVE : A smaller investment than sandbox technology and many antivirus solutions, CDR also needs no looking after. Zero maintenance means that your business can turn your attention where it’s needed.
PROMOTES PRODUCTIVITY:As CDR doesn’t rely on a database, no time- consuming, frequent updates are needed to keep it working effectively. There are also fewer security incidents as malware infections are prevented to begin with. A good CDR solution will work quickly in the background, as files are downloaded. Users can continue working undisrupted while CDR works in real-time to prevent malware infection. Organizations can also allow their users more freedom to access content, with less restrictive Internet policies, when CDR is used.
PREVENTS CYBER THREATS FROM ALL VECTORS: CDR works to protect an organizational network from cyber threats that originate in files from many sources, including: Email, Web browsers, File servers and FTP, Removable devices, Content Collaboration Platforms, etc..
How does CDR differ from other technologies ?
Antivirus blocks attacks that are usually signature-based, dependent on a database of known threats. It’s not surprising that this doesn’t address the latest threats. 30% of malware are zero day vulnerabilities, missed by traditional antivirus solutions.
Endpoint Detection and Response (EDR) look into files to identify unusual behavior, or run in the cloud to manage a hybrid ecosystem. Unfortunately, EDR solutions are still focused on detection. Whether it’s signature-based detection or a focus on anomalies in behavior, even when it’s down to the process level, these solutions are reliant on an existing understanding of what to look for.
A sandbox is a computing environment that is disconnected from the production environment, where a program or file can be executed in isolation. This ensures that if there is any malicious material in a program or file, it is discovered and blocked before it can reach the organization’s network. However, this has many problems :
What NEXT ?
With a 100% success rate in preventing both known and unknown attacks, no manpower required to operate, and bottlenecks/latency a thing of the past, it is no wonder Gartner has tipped CDR as the future in preventing targeted attacks.
Gartner has awarded “Cool Vendor” status for 2017 to Votiro (www.votiro.com). LOGON is a VOTIRO partner.
For more details on VOTIRO CDR technology, click www.logon-int.com/cdr.