INNOVATION ALTRON ARROW
PREVENT COMPROMISED FILE UPLOADS THREATENING YOUR BUSINESS As cybercriminals become more ingenious, concealing advanced threats in common file types, so the need for a new type of security has arisen. CDR technology is that solution.
A
lthough file uploads are necessary for employee productivity and for certain websites and web applications to perform their functions, they also offer an attack vector to cybercriminals. This is because, by concealing advanced threats that exploit vulnerabilities within common file types, attackers can compromise an end-user or an entire system. Gyula Wendler, senior manager: Engineering at Altron Arrow, explains that document-borne malware is on the rise, meaning that any file entering an organisation’s network really should be audited and analysed, even when the sender seems to be a trusted, reliable source. “Obviously, banning file uploads altogether would be impractical, so it is thus necessary to make file uploading and
24
C YB E R S E C U R I T Y 2 0 2 2
importing more secure, if companies are to function efficiently. This is where CDR technology comes in,” he says. “CDR stands for content disarm and reconstruction, and is highly effective for preventing known and unknown threats. These include zero-day targeted attacks and threats that are equipped with malware evasion technology, such as fully undetectable malware, VMware detection, obfuscation and many others.”
Deep CDR He notes that Altron Arrow recommends OPSWAT CDR technology – known as Deep CDR – which assumes all files are malicious. It ingests files and then regenerates these in a way that ensures the regenerated file is both usable and harmless. Basically, it provides protection without needing to know whether a suspected file is ‘good’ or ‘bad’. Wendler indicates that CDR follows a three-step process: • F iles are evaluated and verified as they enter the sanitisation system, to ensure file type and consistency, with identification of over 4 500 file types. Each file is scanned to identify all embedded active content in the file and file extensions are examined to
CDR stands for content disarm and reconstruction, and is highly effective for preventing known and unknown threats.”
prevent seemingly complex files from posing as simpler ones. OPSWAT Deep CDR supports sanitisation for over 100 common file types, including PDF, Microsoft Office, HTML, many image file types, JTD, and HWP. • The files are rebuilt in a fast and secure process. File elements are separated into discrete components, malicious elements are removed, and metadata and all file characteristics are reconstructed. The new files are recompiled, renamed and delivered, preserving file structure integrity so that users can safely use the file without loss of usability. • The newly regenerated files can now be used. Even complex files remain usable – for example, animations embedded in PowerPoint files remain intact after the CDR process is completed. Finally, the original files are quarantined for backup and further examination. By rendering fully usable files with safe content, the CDR engine protects organisations against the most sophisticated threats while maintaining user productivity. “File uploads are a major potential threat vector for any business. Now, thanks to OPSWAT’s Deep CDR technology and Altron Arrow, there are concrete steps that organisations can take in order to mitigate this threat growing vector,” he concludes. For more information, contact: Gyula Wendler, senior manager: Engineering gwendler@arrow-altech.co.za
