Sanitizing Files to Prevent the Spread of Malware

dotmagazine: Malware comes in many shapes and forms, often disguised as innocuous communication. What, in your experience, are the most dangerous forms, and how often are users exposed to these?

Omri Eytan: Malware by nature is a creature of destruction, so determining the most malicious or potentially dangerous version is complicated, to say the least. 

However, if we were to categorize the forms of malware with the most potential for risk to secure data and customer assets, Phishing, ransomware, and social engineering tactics have proven to be the costliest in regards to damage of data and brand image.

As companies large and small are realizing every day, these types of malware events cause significant losses and are not easily mitigated with one technological or education-based solution.

dotmagazine: How does content disarm and reconstruct (CDR) technology differ from other kinds of malware protection? 

Eytan: CDR is a file sanitization technology designed to protect against damage from malware attempting to enter an organization’s network through attachments and embedded files containing malicious code. CDR offers a detectionless approach which is very different in nature from common sandbox based anti-malware tools in the market. To date, CDR technology is the most powerful tool for preventing file-based malware attacks in commonly used file types.

CDR differs from traditional cybersecurity solutions because it was engineered to defend against new and unfamiliar threats (zero-day attacks) that traditional protective tools – antivirus, sandbox – are unable to stop.

The CDR file sanitization process is not necessarily based on discovering harmful code, or detection-based models (which are ineffective when the threat is unknown), but rather on disrupting and neutralizing  all unfamiliar code  hiding inside files – without guesswork, statistical analysis, or user behavior analysis. The CDR file sanitization process scans all files before they reach the user. While malware is not always discovered in files, after the CDR process it is possible to say with nearly 100% certainty that files are clean and free of potentially malicious code.

dotmagazine: Does this kind of technology replace the need for increased security awareness and sensitization among users and in companies? 

Eytan: CDR systems, just like any other technical element of a company’s security policy, is only as effective as those using it. While CDR can seamlessly block and purge malicious elements in file attachments, it cannot replace broader cybersecurity awareness of those implementing the solution. In practice CDR works best when it’s used in consort with employee education and legacy cybersecurity products to secure email phishing, web uploads and downloads, and to minimize the risk. 

dotmagazine: Are there differences in the needs of different sectors when it comes to malware protection, and if so, what sector-specific options are available?  

Eytan: The malware protection specifications of businesses are greatly impacted by the respective industry, as file transfer channels differ between sectors. To give you an example, let’s look at ICS and manufacturing environments. These sectors will usually bring files in via removable media into air-gapped networks – while the financial sector, municipalities, and healthcare generally receive files via email or through the corporate website.

Just as the method or platform of file transfer may differ between industries, the primary file type which each industry uses also varies.  We have seen that, for example, the ICS sector operates primarily with files related to firmware upgrades and software patches, while others will have mostly documents (office, PDF).

CDR can accommodate the various levels of risk and regulatory issues – and the associated restrictions that each industry is obliged to comply with – through a flexible policy-setting option.

dotmagazine: In what contexts is CDR technology already in use, and what advantages does it offer over other forms of protection? 

Eytan: CDR solutions are already providing comprehensive malware protection in a range of industries. In ICS and manufacturing, businesses have increasingly deployed on-premise CDR solutions, in the form of physical kiosks to secure files entering via removable media. For retail and companies for forward-facing websites, CDR solutions have shown significant value in purging malware from uploaded content before the files are brought into a secure ecosystem. We have also found that securing the email gateway via a native-level CDR layer can dramatically decrease the user attack surface and prevent the overwhelming majority of malware incidents before they start.

CDR has been deployed in these settings because its technology is detection-less – unlike legacy solutions that rely on sandboxing to identify known risks. CDR has found its niche in effectively eliminating the threat of unknown malware and zero-day exploits, because it doesn’t try to detect the threat, it just neutralizes it. Additionally, CDR relies upon deep file inspection, which dives deep into the internal, embedded file components and allows it to reach and remove malicious components that traditional legacy technologies miss. 

Omri has over 15 years of deep technology background as a programmer, researcher, strategist, and product leader. Omri is an avid technophile with vast knowledge and expertise in cybersecurity technologies, solution and hacking. Prior to joining odix, Omri played major roles in various companies in the advertising, telecom, and infrastructure sectors. Omri holds a BSc in bioinformatics and is currently completing his MSc degree in design.