Content Disarm & Reconstruction, what does a business really need to ensure smooth Business Continuity?

In the world of cyber-attacks, where files are no longer ‘just files’, but where every file needs to be inspected as if it were infected and were it to contain a malware deep inside, or hiding within a sub-file lying in wait for the order to launch an attack. Indeed, each file could be a container of malicious content and we know that there are hundreds of types of files being received by every organization in a given business day: Microsoft Office files, Marcos and ActiveX filtering, PDF files, Archive files, Multimedia – and so many more..

Your cyber protection needs to include a way to sanitize documents to ensure that only the intended information can be accessed from a document. In addition to making sure the document text doesn’t openly divulge anything it shouldn’t, document sanitization includes removing document metadata that could pose a privacy or security risk.

Data sanitization, also known as Content Disarm and Reconstruction (CDR), is an advanced threat prevention technology that does not rely on detection. Instead, it assumes that every type of file is malicious, and therefore sanitizes and rebuilds every file ensuring full usability with safe content. The technology is highly effective for preventing known and unknown threats, including zero-day targeted attacks and threats that are equipped with malware evasion.

Strangely, for many CDR solutions, a common way to sanitize and remove metadata from a limited number of files (around 30 common file types, including PDF, Microsoft Office files, and a few more images files) is by converting the suspicious file into PDF format. That process disrupts usability and business continuity, as what the user really needs is to receive the same format as the infected file. The user will also receive a file of altered dimensions, and in many cases will not be able to use it properly.

YazamTech SelectorIT methodology for complex file filtering and the sanitation process :

• Each file is treated as a container of malicious content. Around 200 files are identified and scanned including containerized files that include attacks that might be buried within a file which is inside a file and so on…

• Each file is dismantled and stripped to it’s basic components and will experience a dedicated filtering process.

• A new filtered file will be repackaged based on all its filtered components maintaining the same format of the file and the same size dimensions.

• The filtering speed and the sanitation process will be minimal.

YazamTech Data Sanitization is effective for addressing file-based vulnerabilities since by rebuilding files it removes malicious commands and exploits hidden within hundreds of types of innocent file formats. YazamTech will not substitute the clean file, will not modify or enlarge it’s size and it will maintain file usability after sanitization. At the end of the day, a new and clean file will be provided after the process of a fast sanitization without impacting business performance.

Leave a Comment