News & Updates
New SelectorIT History
Due to the fact that SelectorIT, the next-generation Content Disarm & Reconstruction (CDR) system performs a deep level of filtering on so many incoming file streams such as Email, there are a lot findings and actions to report.
No other filtering technologies, such as: Mail Gateway/Relay, Anti-Virus, Sand Box and Firewall’s etc. make it possible to view as many report details regarding the Content Disarm & Reconstruction (CDR), mainly regarding active actions that were taken in order to reduce threats.
In our experience we know that System Administrators waste most of their time on understanding the filtering results, therefore we have recently improved the logging analysis functionality and presentation.
The new SelectorIT History module, which improves the SelectorIT response for both Files and Emails, contains:
- A Log of all the findings and security actions that have been taken historically.
- The release of quarantined Files and Emails by the System Administrator.
- The ability to search the results according to many parameters.
- Analytics displays, both about trends and individual user findings.
- Written reports.
SelectorIT Shortcuts Filter
A new SelectorIT Shortcuts Engine filter has been added and proposes a response for threats within various file types that are implemented in links which may direct to malicious internet servers. Shortcuts that can be implemented as a dedicated type of link files (lnk, url), or as an object in many other file types (such as Microsoft Office, PDF, HTML).
The new Shortcuts filter contains real-time verification of the External Links against an external Black list of sites which are defined as hostile. The Shortcuts filter is implemented by SelectorIT on range of file types, such as: doc, docx, docm, rtf, xls, xlsx, xlsm, ppt, pps, pptx, pptm, ppsm, ppsx, pdf, html, htm, hta, url, lnk.
In the SelectorIT Policy Editor, the administrator can set security settings for Link files and for Shortcuts and Links within those file types including:
- Verifying: That the links in real-time against an external Google Black list of sites.
- Remove forbidden links from filtered files.
- Blocked filtered files which containing forbidden links.
SelectorIT Portable Media Device Filter
SelectorIT now supports interactive filtering for files from Portable Media Devices which are very popular in use. These include USB connections for: Cell Phones, Cameras and Media Players.
Portable Media Devices are now connected to the filtering computer and identified by SelectorIT
Following this update:
- In the SelectorIT on-demand Settings, the Administrator can select Portable Media as a source in advance.
- In the SelectorIT on-demand client, the Portable Media files can now be displayed, browsed securely, and the selected files will send for filtering.
Password Protected Archive Filter
Archive files (such as: ,zip., .7z, .rar, .cab and many more) can't be really filtered while they are protected by password. This limitation is solved in SelectorIT.
Passwords for Protected Archive files can now be inserted interactively by the end user during the filtering process, both for Email Filtering and for Interactive Filtering (files from removable medias). The supplied passwords allow SelectorIT to extract and filter protected archive files, and all the packaged files they contain.
This SelectorIT update is particularly useful for users who receive protected archive files while receiving the password at the same time as the protected file and not in advance. If any real filtering system does not have a password for a protected archive file it cannot filter it internally and therefore automatically blocks it.
SelectorIT On-Demand Filtering
In SelectorIT On-Demand Filtering (for interactive filtering from removable media), a special field is presented to the user to insert the passwords as part of the user interface while choosing the input files. SelectorIT could then extract and filter the packaged files within protected archives.
SelectorIT Email Filtering
In SelectorIT Email Filtering, the recipient receives a primary Email with a link to ‘Email Release’ - a SelectorIT repository where he can insert a password for protected archive files. Afterwards, SelectorIT extracts the protected archive files and filters their packaged files. At the end of the filtering process an additional Email is sent to a user, now with the filtered archive files and after all their internal files filtering.
Executable Filter for SelectorIT
A new 4 Executable File Engine filter has been added to SelectorIT and offers a response for threats, which can affect business continuity and that are implemented in:
- 4 executable files, types: .js, .vbs (Script files) and .bas, .cls (Macro files).
- Embedded executable objects: Macros in Microsoft Office files, and Scripts in PDF and HTML files.
'Static Analysis' filter has been added to SelectorIT and enables it to filter those files and objects. Static Analysis by SelectorIT checks if these files and objects are malicious or not according to criteria set by the SelectorIT administrator.
In cases these 4 executable files and embedded objects are found as innocent after SelectorIT filtering process, these file types and objects will be allowed for use.
For example: an arrived Excel file including Macro is filtered by SelectorIT, If the 'static analysis' filtering process finds the Macro to be malicious free, than the Excel file with the Macro will moved forward to the client.
It is a complementary SelectorIT solution for the already existing solutions in SelectorIT that block files containing Macros or scripts, or alternately remove these objects from the containing files.
SelectorIT for Gmail for Business
SelectorIT by YazamTech has been adapted for use by organizations that point their e mail server to Gmail for Business. Gmail is an external Mail Service without any on-premises installation, but alone is still missing the elementary response against modern attacks by Email attachments.
SelectorIT works via the Cloud or hosting, no on-premises installation is needed, and filters the Email attachments by using the most advanced dynamic filters that exist on the market. The SelectorIT solution is generic and independent to the amount of Gmail accounts per domain. SelectorIT is just as effective on the Gmail messages (the body and the attachments) and implements all of it's filtering features without exception.
Static Analysis for Active Content
Active content is very popular in daily use, such as Macros in Microsoft Office files (Word, Excel, PowerPoint), and Scripts in Adobe PDF files. Active content in files constitute real security risks that classic protection such as Anti-viruses don't have a response against them.
Static Analysis has been added to our products, and proposes a response for threats implemented by executable objects. Macros and Scripts are scanned, and files are blocked. Forbidden commands are found that cause these suspicious actions: local files changing, registry changing, internet downloading, ActiveX controls creation, and more.
Executable Files Filtering
Executable files might easily contain Zero Day/Hour Attacks.
Security solutions are lacking, Anti-viruses don't have a response against them. Sandboxes are very expensive and work slowly.
Static Analysis has been added to our products and proposes a response for modern threats that are implemented in executable file such as Script files (.js, .vbs) and Visual Basic files (.bas, .cls). These files are scanned, and files are blocked. Forbidden commands are found that cause these suspicious actions: local file changing, registry changing, internet downloading, ActiveX controls creation, and more.
Email filtering is critical while most of the attacks arrive via incoming Emails.
Modern threats are located within complex attachments, not only in the body of the Email, while the common Mail-Relays don't supply a response. The same is true of Anti-Virus.
SelectorIT filtering engine, with its known recursive filtering can be connected directly to the SMTP traffic, by using the new SelectorIT SMTP Proxy, allowing the SelectorIT engine to filter incoming and outgoing Emails directly from the SMTP traffic.
WEB browsing is a source for files imported by users from the internet.
Modern threats are located within these complex files, while the common WEB Proxies and Firewalls don't supply a response. Neither does Anti-Virus.
The ICAP (Internet Content Adaption Protocol) interface has been added to our products enabling the SelectorIT engine (the ICAP server) to operate a variety of popular WEB Proxies (the ICAP clients) for files filtering within HTTP, HTTPS, and FTP traffic. Now the SelectorIT filtering engine, with its known recursive filtering is connected directly to the browsing traffic, allowing the SelectorIT engine to filter incoming and outgoing files from the HTTP/HTTPS/FTP traffic.
Digital Signature Filter
A Digital signature is a security object, added by the vendors to their executable/installation files, also by producers of files such as PDF invoices.
As a general use of these files, organizations and users don't continuously validate the Digital Signatures of the incoming files, meaning they waive the sender and the content validation.
The Digital Signature validation that has been added to our products enabling it to validate the filtered files against their official producers' Certificates.
Anti-Virus, the more traditional response in existence, is a classic solution against already known threats, and in most cases is based on signature detection, meaning it is not sufficiently protected on its own because it only protects against the malicious software that we already know exists.
To meet the challenges of today’s threats, there is a necessity to implement a real deep content filtering system that is much more than merely Anti-Virus.
While most of SelectorIT’s filtering engine is based on YazamTech’s Intellectual Property development, customers may reinforce the filtering process, under the signature based category, by selecting form a list of 13 supported vendors of anti-viruses, which will participate in the complete filtering process managed by SelectorIT.