Structure Based Filtering for Unstructured Data
SC Magazine recently reported that Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Ransomware attack last week. During the last 18 months, we have heard about extensive modern Ransomware and APT attacks caused by infected files that entered the network un-detected. Files that enter the internal sensitive network, via any channel, but mainly Emails with attachments, can be infected with a wide range of threats. Those threats include: APTs (Advanced Persistent Threats), Trojans and Ransomware.
These constantly updated attacks will easily bypass the systems in use within the organization like Anti-Virus and Anti-Spam filters, Mail Relays, Firewalls, Sandboxes and more, as these systems have no capabilities to detect the threat before or even after the attack. The result, in most cases will be damaging.
Each popular file in use is never based on a simple structure as it may seem, but on very complex content – which is called “unstructured data” (see: https://en.wikipedia.org/wiki/Unstructured_data )
Therefore files that can, and must be filtered professionally, not only those that are signature-based (typical action of anti-viruses) or behavior-based (typical action of Sandboxes).
Only structure-based filtering is the response for threats within complex files, which can be detected and stopped or removed at the gateway level, before the attack-vectors can enter the inside of the organization. A solution that has a structure-based file filtering engine, ensures that the user will receive a filtered file of the same quality and format as the original one, even in case of unstructured complex files, and will be able to use it as if it were un-touched. Their 3D engines will be:
Analyze: Screen files as a complex container, Remediate: Blocking / removing / resetting unwanted embedded files and objects and Synthesize: Rebuilding / renewing / reassembling new filtered files.
The end result will be a clean file that will be received by the enterprise, and/or will leave the enterprise to its partners and customers without the risk of penetration to corporate internal networks.