Content Disarm & Reconstruction

From HandWiki
Revision as of 08:18, 10 May 2022 by JMinHep (talk | contribs) (correction)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Content Disarm & Reconstruction (CDR) is a computer security technology for removing potentially malicious code from files. Unlike malware analysis, CDR technology does not determine or detect malware's functionality but removes all file components that are not approved within the system's definitions and policies.[1] It is used to prevent cyber security threats from entering a corporate network perimeter. Channels that CDR can be used to protect include email and website traffic. Advanced solutions can also provide similar protection on computer endpoints, or cloud email and file sharing services.

There are three levels of CDR; 1) flattening and converting the original file to a PDF, 2) stripping active content while keeping the original file type, and 3) eliminating all file-borne risk while maintaining file type, integrity and active content. Beyond these three levels, there are also more advanced forms of CDR that is able to perform "soft conversion" and "hard conversion", based on the user's preference in balancing usability and security. [2]

Applications

CDR works by processing all incoming files of an enterprise network, deconstructing them, and removing the elements that do not match the file type's standards or set policies.[3] CDR technology then rebuilds the files into clean versions that can be sent on to end users as intended.[4]

Because CDR removes all potentially malicious code, it can be effective against zero-day vulnerabilities that rely on being an unknown threat that other security technologies would need to patch against to maintain protection.

CDR can be used to prevent cyber threats from variety of sources:

  • Email
  • Data Diodes
  • Web Browsers
  • Endpoints
  • File Servers
  • FTP
  • Cloud email or webmail programs
  • SMB/CIFS
  • Removable media scanning (CDR Kiosk)

CDR can be applied to a variety of file formats including:

  • Images
  • Office documents
  • PDF
  • Audio/video file formats
  • Archives
  • HTML

Commercial availability

CDR or similar file sanitization technology is commercially available from a number of companies (sorted A-Z):

  • Check Point (Threat Extraction), Israel, a global company established in 1993.[5]
  • Clearswift (Structural Sanitization), a UK based Cyber Security provider.[6]
  • Deep Secure (Content Threat Removal - CTR), a UK based Cyber Security provider.[7] Acquired by Forcepoint in 2021.
  • Forcepoint, USA, provides Defense-Grade CDR and Cross Domain Solutions for Large Enterprises, Critical Infrastructure and Governments for 25 years. [8]
  • Fortinet, USA, founded in 2000 and headquartered in Sunnyvale, California, with offices around the globe.[9]
  • GateScanner CDR by Sasa Software, Israel with offices in the US and Singapore.[10]
  • Glasswall is a British cybersecurity firm that offers instant protection against file-based threats with CDR technology. Founded in 2005. [11]
  • Jiransecurity, South Korea, a highly-specialized Security SW company established in 2014.[12]
  • ReSec Technologies, Israel, Established in 2012.[13]
  • OPSWAT, USA, a global cyber-security company founded in 2002 with offices in North America, Europe, and Asia.[14]
  • Softcamp, a South Korean information security company established in 1999 headquartered in South Korea with offices in Japan.[15]
  • Votiro (Secure File Gateway), a global cyber-security company established in 2010 with offices in North America, Europe, and Asia.[16]
  • YazamTech, CDR Technology, small Israeli startup , established in 2008.[17]
  • odix (ODI) Israel, a malware prevention and deep file inspection solutions company established in 2012. [18]

Open Source Implementations


See also

References

  1. Santarcangelo, Michael (April 25, 2016). "Why better security prevention that doesn't rely on detection is possible". CSO Online. http://www.csoonline.com/article/3061220/leadership-management/why-better-security-prevention-that-doesn-t-rely-on-detection-is-possible.html. Retrieved August 16, 2016. 
  2. Zaw, Nyan Tun; Soh, Ken (2021-08-18). "Why is CDR / CDNR so important?". https://athenadynamics.com/why-is-cdr-cdnr-so-important/. Retrieved 18 August 2021. 
  3. "Why Today's Phishing Attacks are Harder to Detect and How Proofpoint Can Help". Proofpoint. https://www.gartner.com/imagesrv/media-products/pdf/proofpoint/proofpoint-1-32WKFK7.pdf. Retrieved August 16, 2016. 
  4. Yeroslav, Yakov (2018-07-11). "File-Based Malware: Considering A Different And Specific Security Approach". https://www.informationsecuritybuzz.com/articles/file-based-malware-considering-a-different-and-specific-security-approach/. Retrieved 9 October 2018. 
  5. "Threat Extraction Ensures Malware Free Documents" (in en-US). https://www.checkpoint.com/products/threat-extraction/. 
  6. "Advanced Threat Protection" (in en). https://www.clearswift.com/solutions/advanced-threat-protection. 
  7. "Deep Secure | Content Threat Removal" (in en). https://www.deep-secure.com/. 
  8. "Forcepoint Cross Domain Solutions" (in en). https://www.forcepoint.com/solutions/need/cross-domain/. 
  9. "FortiGuard content disarm and reconstruction" (in en-us). https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-whats-new/security-content-disarm.htm. 
  10. "Sasa Software : Content Disarm and Reconstruction (CDR)" (in en-US). http://www.sasa-software.com/. 
  11. "Validated and deployed by intelligence agencies around the world, Glasswall is the leader in the field of Content Disarm and Reconstruction." (in en-US). https://glasswallsolutions.com/technology/. 
  12. "Global Jiransecurity". https://en.jiransecurity.com/. 
  13. alonpo. "ReSec Technologies: Malware prevention that doesn't depend on detection" (in en-US). https://resec.co/. 
  14. "Deep Content Disarm and Reconstruction" (in en-us). https://www.opswat.com/technologies/data-sanitization. 
  15. "CDR Solution" (in en). http://www.shieldex.biz/. 
  16. "Votiro Disarmer Takes Cyber Security to the Next-Generation" (in en-US). https://www.votiro.com/. 
  17. "YazamTech - Securing Your Network from Infected Files" (in en-US). https://yazamtech.com/. 
  18. "How does CDR improve file security?" (in en-US). https://www.odi-x.com/news/blog/how-does-cdr-improve-file-security/. 
  19. "DocBleach" (in en). https://github.com/docbleach/DocBleach/wiki/. 
  20. "ExeFilter" (in en). https://www.decalage.info/exefilter.