Riyya Ahmed
May 16, 2024

Debunking the myths: understanding CDR and cybersecurity

In the evolving world of cybersecurity, accurate information is crucial for making informed decisions to protect against new threats. As technology advances, so do the tactics used by cybercriminals and organizations must adopt strong defense strategies. Content Disarm and Reconstruction (CDR) is an advanced zero-trust technology that stands as a frontline defense, offering a proactive approach to neutralizing malware threats by sanitizing potentially harmful files and surgically reconstructing them to their known good specifications.

Glasswall’s patented CDR technology utilizes Kubernetes architecture to provide an infinitely-scalable platform that helps organizations comply with government cybersecurity initiatives. These include the NCSC’s Pattern for Safely Importing Data, the NSA’s Raise the Bar (RTB) initiative, and the NIST Risk Management Framework (RMF) by the US Department of Commerce.

Recently, a government partner conducted a benchmark study of Glasswall CDR's malware protection against seven other leading antivirus and Cross Domain Solutions (CDS). Glasswall surpassed competitors across a wide range of tested file types, including PDF, Office, and Images.

Gartner acknowledges the value of CDR

In 2021, a report by Gartner recognized the value of CDR in addressing the challenge of managing hidden threats, recognizing it as an effective solution for endpoint security. Their research highlighted the inadequacy of detection-based approaches in combating hidden threats, emphasizing the need for an always-on solution that employs a zero-trust methodology to sanitize all files.

CDR is a core element of any security strategy

Glasswall's zero-trust file protection means that our CDR technology offers a proactive approach to cybersecurity by targeting commonly exploited mechanisms instead of relying on past data. Instead of looking for malicious content, our advanced CDR process treats all files as untrusted, validating, rebuilding, and cleaning each one against their manufacturer’s ‘known-good’ specification, thus instantly removing potential cyber threats.

It addresses the evolving nature of threats by mitigating a wide range of exploits and malicious active content, such as VBA/macros and JavaScript, while allowing tailored content permissions. By not relying on signatures or known-bad databases, CDR eliminates attack techniques by default, providing a significant obstacle to adversaries. This approach neutralizes threats like macros, balancing legitimate business use with stringent security controls, mitigating risks in the modern threat landscape.

However, amongst the vast cybersecurity solutions, misconceptions can arise leading to misinterpretation of CDR's capabilities.  

In this post, we debunk the myths surrounding CDR and highlight its capabilities in mitigating cyberattacks.

Myth 1

CDR can’t anticipate new threats

This is untrue - Glasswall’s zero-trust file protection is different. Instead of looking for malicious content, our advanced CDR process treats all files as untrusted, validating, rebuilding, and cleaning each one against their manufacturer’s ‘known-good’ specification.

Only safe, clean, and fully functioning files enter and leave an organization, allowing users to access them with full confidence.

Myth 2

CDR is only useful for removing active content within files, such as macros and VBAs

In addition to sanitizing active content, Glasswall CDR fundamentally enforces strict structural adherence to the “known good” specifications for any given file type, providing comprehensive, sub-second protection upfront. Our patented CDR technology can automatically correct non-compliant structural components, aligning them with the specified standards. By doing so, it eliminates any hidden threats within the file's structure and prevents the activation of exploits through the misuse of these components.

Myth 3

CDR causes files to lose their original functionality or high resolution.

Reconstructed Office files and images retain their editability after undergoing the CDR process within their respective applications. While PDFs are not typically used for editing purposes, the CDR process preserves the original file's nature, excluding policy items, by verifying and correcting elements of the file structure rather than the actual content. However, the CDR process may remove content like Acroforms if the user chooses to sanitize them, potentially resulting in the loss of an editable component of the file during the CDR process.

Glasswall’s CDR process doesn’t impact the image data itself therefore resolution is not impacted i.e., image quality is preserved.

Myth 4

"CDR flattens files from trusted sources causing important functions to be disabled."

Glasswall allows you to configure content management policies to match your organization's risk appetite, so that you control the sanitization settings of files and their contents during the CDR process. This means that Glasswall CDR doesn't flatten files and they retain their full functionality.

Initially, all default settings are set to “Sanitize” to give you the best balance between security and usability. Allowing certain types of content presents a risk to you if an attacker has placed malware within a file. However, your organization may be more willing to accept and manage that risk for certain file types.

Myth 5

Users who are aware CDR has been implemented sometimes avoid it by receiving their files in a different way, such as a personal email account

There is no evidence to substantiate this assertion. Similar reasoning applies to instances where users disable antivirus software due to it being obstructive. Furthermore, the US government mandates the adoption of CDR through the Raise the Bar (RTB) initiative, which highlights its effectiveness. By ensuring CDR files are fully functional and integrating CDR at the beginning of a security stack, users ensure that false positives can be reduced, and files can be prevented from being unnecessarily quarantined.

Myth 6

CDR is slow and requires frequent updates

Glasswall CDR typically operates at sub-second speeds. This means that files are sanitized and reconstructed rapidly, ensuring minimal disruption to workflow efficiency. While processing time of CDR can vary based on file complexity, unlike traditional antivirus filters, CDR doesn't require frequent online updates. We have regular releases for product enhancements and general improvements, but software updates related to major file specification revisions are less frequent. This approach allows us to maintain an elevated level of security without burdening users with constant updates.

Myth 7

CDR cannot be scaled to meet the needs of an enterprise

Our cloud-native CDR platform offers robust scalability to cater to the diverse needs of enterprise-level security teams. Built on a Kubernetes-based architecture, Glasswall Halo can be effortlessly deployed using managed services like AKS (Azure), EKS (AWS), or OKE (Oracle), ensuring seamless scalability to meet evolving demands. With deployment options enabling continuous availability and resilient patterns across multiple zones and regions globally, Glasswall Halo guarantees uninterrupted file protection at any scale. Moreover, its developer-centric web services, compliant with OpenAPI specifications, and open-source connectors facilitate easy integration with both on-premises and cloud environments, further enhancing its scalability and adaptability for enterprise deployments.  

Summary

As we have demonstrated, Glasswall CDR is a powerful and proven frontline defense, proactively neutralizing malware threats by sanitizing potentially harmful files. Despite misconceptions surrounding CDR, it plays a crucial role in protecting organizations against cyberattacks. By mitigating a wide range of exploits and tailoring content permissions, CDR also offers a tailored approach to cybersecurity challenges. Whilst recent technologies such as Generative AI (Artificial Intelligence) have their part to play in enhancing security, no single technique can defeat all existing and emerging threats. CDR as part of a defense-in-depth approach is a proven measure used by government agencies around the world to protect mission critical operations.  

Book a demo

Talk to us about our industry-leading CDR solutions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.