Content Disarm & Reconstruction

Content Disarm & Reconstruction (CDR) is a computer security technology for removing potentially malicious code from files. Unlike malware analysis, CDR technology does not determine or detect malware's functionality but removes all file components that are not approved within the system's definitions and policies.[1]

It is used to prevent cyber security threats from entering a corporate network perimeter. Channels that CDR can be used to protect include email and website traffic. Advanced solutions can also provide similar protection on computer endpoints, or cloud email and file sharing services.

Applications

CDR works by processing all incoming files of an enterprise network, deconstructing them, and removing the elements that do not match the file type's standards or set policies.[2] CDR technology then rebuilds the files into clean versions that can be sent on to end users as intended.[3]

Because CDR removes all potentially malicious code, it can be effective against zero-day vulnerabilities that rely on being an unknown threat that other security technologies would need to patch against to maintain protection.

CDR can be used to prevent cyber threats from variety of sources:

  • Email
  • Data Diodes
  • Web Browsers
  • Endpoints
  • File Servers
  • FTP
  • Cloud email or webmail programs
  • SMB/CIFS
  • Removable media scanning (CDR Kiosk)

CDR can be applied to a variety of file formats including:

  • Images
  • Office documents
  • PDF
  • Audio/video file formats
  • Archives
  • HTML

Commercial availability

CDR or similar file sanitization technology is commercially available from a number of companies (sorted A-Z):

  • Check Point (Threat Extraction), Israel, a global company established in 1993[4].
  • Deep Secure (Content Threat Removal - CTR), a UK based Cyber Security provider[5].
  • Fortinet, USA, founded in 2000 and headquartered in Sunnyvale, California, with offices around the globe[6].
  • Glasswall Solutions (File Regeneration), a UK-based cyber security company offering unparalleled protection from file-based threats[7].
  • Jiransecurity, South Korea, a highly-specialized Security SW company established in 2014[8].
  • Net at Work, Germany, through their Secure Email Gateway NoSpamProxy[9].
  • Peraton (Purifile) Peraton has significant experience providing highly differentiated secure communications, space, and technology solutions to the United States government [10].
  • ReSec Technologies, Israel, Established in 2012[11].
  • ODI-X, Israel, Developer of advanced, patented, TrueCDR™ technology[12].
  • OPSWAT, USA, a global cyber-security company founded in 2002 with offices in North America, Europe, and Asia[13].
  • Resec, ReSec is a company that develops innovative cyber security products, company founded in 2012 [14]
  • SASA Software (Gate Scanner CDR), established in 2013 headquartered in Israel with offices in the US and Singapore[15].
  • Softcamp, a South Korean information security company established in 1999 headquartered in South Korea with offices in Japan[16].
  • Votiro (Disarmer), an Israeli startup company established in 2010[17].
  • YazamTech, The most mature CDR Technology, Israeli based, established in 2008[18].

Open Source Implementations

Free Online Services
  • Glasswall File Drop[22];

See also

References
  1. Santarcangelo, Michael (April 25, 2016). "Why better security prevention that doesn't rely on detection is possible". CSO Online. Retrieved August 16, 2016.
  2. "Why Today's Phishing Attacks are Harder to Detect and How Proofpoint Can Help" (PDF). Proofpoint. Retrieved August 16, 2016.
  3. Yeroslav, Yakov (2018-07-11). "File-Based Malware: Considering A Different And Specific Security Approach". Retrieved 9 October 2018.
  4. "Threat Extraction Ensures Malware Free Documents". Check Point Software. Retrieved 2018-12-30.
  5. "Deep Secure | Content Threat Removal". Deep Secure. Retrieved 2018-12-30.
  6. "FortiGuard content disarm and reconstruction". help.fortinet.com. Retrieved 2018-12-30.
  7. "Advanced Threat Protection (ATP) Security Software: Detect, Prevent, Protect". Glasswall Solutions. Retrieved 2018-12-30.
  8. "Global Jiransecurity". Partner Portal Service. Retrieved 2018-12-30.
  9. "NoSpamProxy by Net at Work: Proactive, real-time protection against spam, malware and ransomware". NoSpamProxy. Retrieved 2019-02-14.
  10. "Who We Are".
  11. alonpo. "ReSec Technologies: Malware prevention that doesn't depend on detection". ReSec. Retrieved 2018-12-30.
  12. "ODI - Content Disarm & Reconstruction". ODIX Content Disarm and Reconstruction (CDR). Retrieved 2018-12-30.
  13. "Deep Content Disarm and Reconstruction". www.opswat.com. Retrieved 2020-06-10.
  14. "ReSec Technologies: Malware prevention that doesn't depend on detection".
  15. "Sasa Software : Content Disarm and Reconstruction (CDR)". Sasa Software : Content Disarm and Reconstruction (CDR). Retrieved 2018-12-30.
  16. "CDR Solution". SOFTCAMP CDRă…ŁContent Disarm & Reconstruction. Retrieved 2018-12-30.
  17. "Votiro Disarmer Takes Cyber Security to the Next-Generation". Retrieved 2018-12-30.
  18. "YazamTech - Securing Your Network from Infected Files". YazamTech. Retrieved 2018-12-30.
  19. "DocBleach". GitHub. Retrieved 2019-05-30.
  20. "ExeFilter". decalage.info. Retrieved 2019-05-30.
  21. https://metadefender.opswat.com/
  22. "Glasswall File Drop". glasswall-file-drop.azurewebsites.net. Retrieved 2020-04-23.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.