In recent years, the sheer variety and sophistication of cyber attacks have exacted a huge cost on individuals and organizations the world over. One recent study put the total global cost of cybersecurity incidents at a mind-boggling $8 trillion – a figure roughly equivalent to the GDP levels of Japan and Germany combined. By 2025, this is set to grow even further to over $10 trillion - around five times more than current global military spending levels.
Central to the problem is the sheer volume – and success – of ransomware attacks, which, according to the Verizon 2023 Data Breach Investigations Report, were involved in 24% of all breaches. Even more alarming are the observations from the Sophos ‘The State of Ransomware 2023’ report, which said that two-thirds of all organizations were affected by ransomware last year.
This begs the question of how these attacks are being deployed. VirusTotal's ‘Ransomware in a Global Context’ report said that 95% of all the ransomware samples they analyzed were Windows-based executable files or dynamic link libraries, with the GandCrab ransomware family being the most prevalent, comprising over three-quarters of all samples received. In many cases, GandCrab is delivered by malicious email attachments, underlining the major risks presented by file-based threats.
Firewall failings
In this context, firewalls play a crucial role in helping to protect organizations against a wide variety of risks, with many using them as a critical part of their IT infrastructure and the first line of defense against external cybersecurity threats. Essentially, their role is to examine incoming and outgoing network traffic, applying a set of security rules to identify and block potential threats.
The problem is that they also have a number of important protection gaps, and while they are a key part of a rounded security strategy, their limitations also need to be addressed. These include (but are not limited to):
- They can't protect against internal threats. Firewalls are perimeter defenses and can't protect against attacks originating from inside the network.
- They are vulnerable to social engineering. Firewalls can't prevent users from being tricked into disabling security settings or giving away sensitive information.
- They suffer from configuration issues. Complex firewall rule sets can contain holes or errors that allow malicious traffic through. Keeping firewall policies updated is also a challenge.
- Encrypted traffic limits visibility. With the increasing use of encryption for internet traffic, traditional firewalls have difficulty inspecting the contents of encrypted packets. This limitation makes it challenging to detect malicious activities hidden within encrypted sessions.
- They are extremely vulnerable to file-based malware attacks. Many firewall technologies are inherently limited in their ability to protect against file-based threats. This is because they focus on network traffic controls and are less effective at detecting viruses, malware or ransomware within files delivered over emails, web downloads, USB devices or via file upload portals, for example. As a result, users can unknowingly bypass firewalls by opening infected file attachments, while threat actors can target these weak points.
Zero-day blindspots
In addition, “next-generation” firewall systems are generally detection-based solutions that can only protect against risks already known to them. While they are effective in protecting against most attack vectors, there is a protection gap, with file-based threats such as malware and ransomware going undetected when the security filter is not aware of the structure of the document.
As a result, firewalls are at risk from zero-day attacks, with security flaws that are unknown to the vendor at the time of discovery, potentially allowing attackers to bypass firewall protections until the vulnerability is patched.
In June last year, for example, three of the UK’s most well-known brands – the BBC, British Airways and Boots – were given an ultimatum by a cybercrime gang known as Cl0p, which, at the time, claimed to have stolen the personal details of over 100,000 people employed across at least six organizations in total. Cl0p exploited a zero-day vulnerability in the MOVEit document transfer app as an entry point to carry out the supply-chain attack. By last November, over 2,000 organizations had been attacked, with the associated data theft impacting over 60 million people.
Since the incident hit the headlines, one of the key pieces of mitigation advice has been for organizations to modify firewall rules to block traffic from suspected sources of risk. This was important advice, but it also underlined the reactive nature of firewall-based protection when faced with zero-day vulnerabilities and the vital role played by proactive security solutions, particularly those that address the risks presented by file-based threats.
What is Content Disarm and Reconstruction, and How Can it Address the Firewall Protection Gap?
So, where does that leave public and private sector organisations who want to minimize their exposure to file-based cybersecurity vulnerabilities?
One of the most effective and proven solutions is to implement Content Disarm and Reconstruction (CDR) technology. Instead of looking for malicious content, today’s advanced CDR solutions treat all files as untrusted, validating, rebuilding and cleaning each one against their manufacturer’s ‘known-good’ specification.
Rather than attempting to detect and block files that are known or suspected to be malicious, CDR rebuilds files and documents into a safe, clean and visually identical ‘known good’ standard that is free from the risks of malware.
Using CDR means security teams no longer have to choose between complete file security or speed and usability. While some CDR vendors flatten files, the most effective CDR solutions provide rapid zero-trust file protection that maintains original document usability. As a result, there is no dependence on antivirus databases to provide knowledge of a new threat, and security teams no longer deal with disruptions from quarantining files or false positives.
While tools such as firewalls and antivirus software remain essential, CDR fills the protection gap they suffer by sanitizing files from potentially unknown threats, enhancing an organization's defense against a broader range of cyber attacks and ensuring a more resilient cybersecurity posture.
Today, organizations worldwide across public and private sectors see a range of cyber security benefits from using CDR solutions. These include:
- Secure & optimize files
By working with safer, more secure files, CDR removes risk and anomalies in an instant, so users can trust every file is safe and usable.
- Less risk, more productivity
CDR enhances productivity across the organization by de-risking every document without users ever noticing it is there.
- Deploy with ease
Users are up and running in hours, not months and can deploy the solution seamlessly without the typical hidden costs and headaches for their security team.
Glasswall CDR – Delivering Zero-Trust File Protection
Instead of looking for malicious content, Glasswall CDR process treats all files as untrusted, validating, rebuilding and cleaning each one against their manufacturer’s ‘known-good’ specification. As a result, only safe, clean, and fully functioning files enter and leave an organization, allowing users to access them with full confidence.
Glasswall CDR employs a patented 4-step approach to protect organizations and individuals against file-based threats. Unlike most conventional cybersecurity solutions, Glasswall CDR does not rely on detection capabilities. Instead, we follow a ‘zero-trust’ approach, where only files that Glasswall has processed are considered secure. We don’t try to identify malicious code – our technology simply removes the ability for it to exist in the document.
We have a history of successfully serving government and defense departments and commercial organizations around the globe with file protection capabilities wherever a file is in motion or at rest. Our future-proof and patented CDR technologies extend into tomorrow’s threat landscape, and we are able to provide prospective customers with evidence of successful implementations across a wide range of organizational types and environments.