David Tutin
August 22, 2024

What is sheep dipping? The cybersecurity pros, cons and optimization options

In IT security, a sheep-dip is the process of using a dedicated device to test inbound files on removable media for viruses before they are allowed to be used with other computers. The approach takes its name from agriculture, where farmers routinely submerge sheep in a chemical solution to kill parasites and protect their animals from disease.

Organizations can adopt a range of sheep dipping processes, including the use of dedicated scanning stations that have restricted network access and specialist USB sanitization technologies designed to scan and clean USB drives. Each of these relies on a range of antivirus, sandbox and other security software tools to scan devices for malware.

Sheep dipping use cases

For cybersecurity professionals, the approach is designed to clean removable media of potential security threats. It can be applied across a number of use cases:

  • Device sanitization: external devices, such as USB drives, smartphones and laptops, can be scanned for malware before they are connected to a network. 
  • Software scanning: some organizations use sheep dipping processes to scan software applications and updates before they are installed on their networks.
  • File transfer scanning: sheep dipping can also be used to scan inbound files before they are released to users.

Sheep dipping is sometimes mandated when cross domain data transfers take place, including sensitive government, critical infrastructure and corporate environments where comprehensive security measures are needed.

Disadvantages of sheep dipping

While sheep dipping can help minimize the security risks associated with external media and devices, it does not eliminate the possibility that removable media can be used as an attack vector for the delivery of malware. Disadvantages include:

  • Resource intensive: Sheep dipping requires significant resources, including dedicated hardware, software, and personnel to manage the scanning processes. This can be costly, especially for smaller organizations.
  • Time-consuming: Scanning large volumes of data or devices can take a lot of time, leading to delays in workflow and productivity as devices and media are scanned.
  • Not foolproof: Despite proving thorough scanning processes, advanced malware and zero-day threats can sometimes evade detection by traditional antivirus and sandboxing tools, increasing the potential for security breaches.
  • Potential for false positives: Scanning tools may flag legitimate files or devices as malicious, requiring additional resources to investigate and resolve.
  • Operational disruption: The need to sheep dip every device or file can create operational bottlenecks, impacting organizational efficiency, especially in environments with high throughput requirements.

How to optimize sheep dipping

There are a number of innovative technology solutions that can add significant value to traditional sheep dipping processes. In doing so, organizations can mitigate the disadvantages associated with legacy approaches and technologies. These include:

Content Disarm and Reconstruction (CDR) 

CDR is an advanced cybersecurity technology designed to neutralize threats, such as malware and ransomware, within files.

It works by disassembling files (documents, images, etc.) and removing any potentially malicious elements. Advanced CDR solutions, such as Glasswall CDR technologies, are able to retain a document’s original functionality and appearance – providing seamless protection to the end user. 

CDR delivers a number of important advantages for organizations focused on proactive file protection:

  • CDR removes threats from files

CDR is a zero-trust data filter that rebuilds files and documents into a safe, clean standard, free from the risks of malware. It also prevents malicious files from entering a network and is used for secure file transfer across trust boundaries.

  • CDR is more secure than antivirus and sandboxing

Unlike detection-based solutions, CDR doesn’t try to identify malicious code – it simply removes the ability for it to exist altogether. This zero-trust approach disarms often overlooked advanced persistent threats, such as zero-day malware, high-risk active code and anomalies within a file’s structure.

  • CDR retains file functionality

Many conventional data filters flatten files (turn them into images) for use in high-risk environments. In contrast, files cleaned by CDR are visually identical and fully functional compared to the original.

  • CDR helps teams manage risk

CDR offers organizations comprehensive analysis of the threats within files, empowering security teams to remove or manage high-risk content according to their risk appetite.

Hunna System USB Sanitizer

The Hunna USB Sanitizer is a portable, air-gapped solution that is integrated with Glasswall 

CDR technology to ensure files and data imported or exported via USB are clean and safe. Built to the highest standards of security in the field, the Hunna USB Sanitizer delivers military-grade safety and complete peace of mind that users can trust with every file.

Used by government, military and intelligence agencies, it enables users to import and export 

information on USB media, CD/DVD and SD cards, removing forensic traces of restricted information. Designed as a portable, air-gapped sanitizer for use in any field-based operation, it allows for the safe import and sharing of data in any physical environment.

More information about the Hunna System USB Sanitizer

Sheep dipping plus CDR – the benefits
Traditional Sheep dipping Sheep Dipping + Content Disarm and Reconstruction ( CDR )

Resources: Requires significant resources including dedicated hardware and personnel to manage the scanning processes.

Resources: CDR processes are automated, requiring less manual intervention and dedicated hardware.

Speed: Scanning large volumes of data or devices can take a long time, leading to delays in workflow and productivity.

Speed: CDR quickly analyzes and reconstructs files, stripping away potentially harmful malware.

Scope: Despite thorough scanning, advanced malware and zero-day threats can sometimes evade detection by antivirus and sandboxing tools, leading to a false sense of security.

Scope: CDR removes potentially malicious code and active content by reconstructing files in a secure format, providing proactive protection against unknown threats.

Operational impact: The need to sheep dip every device or file can create bottlenecks and disrupt operations, impacting overall efficiency.

Operational impact: CDR can be integrated into existing workflows and systems without significant disruptions, allowing for continuous operation and minimal impact on efficiency.

About Glasswall CDR

Glasswall CDR is the market-leading CDR technology, offering zero-trust protection for known and unknown threats. Trusted by the world's most secure agencies, including the NSA, NATO, the NCSC and AUKUS, our battle-hardened CDR technology is mandated for use as a file filter in Cross Domain Solutions by the NSA and is trusted by the world’s most sophisticated security establishments.

Glasswall is recognized as SOC 2 Type II compliant – meaning our reporting and control activities are proven to be secure over the long term. In addition, we are NIST 800-171 approved and hold a Cyber Essentials Plus certification from the NCSC.

We collaborate closely with a network of esteemed partners, including Microsoft, Oracle, CGI, BAE and Carahsoft, to bring the benefits of our CDR to the world's leading government agencies.

Glasswall CDR case study: HM Government

A large UK government agency had terabytes of important data on an isolated network that could have contained malicious content. They required urgent access to this data, but the only option available to secure it was to ’sheep dip’ the data – use antivirus and analysis tools to test each file for malware on a separate computer. Understanding that antivirus detection only offers limited protection and not having the time or resources to analyze every file manually, they required a solution that didn’t rely on legacy detection-based methodologies.

A deployment of Glasswall CDR enabled the cleaning and transfer of files from the untrusted to the secure network. Glasswall was able to move fast, working seamlessly with the government agency. Terabytes of secure data were imported into the new environment within days, and the government agency had complete confidence that there was no malicious content in the data due to its zero-trust file protection capabilities.

Learn more about Glasswall CDR.

David Tutin

David is a technology copywriter with over 25 years’ experience. Passionate about technology and solving real-world challenges, he excels at weaving customer stories into compelling narratives that resonate and inspire action.

No items found.

Stay connected

Follow Glasswall on LinkedIn

Try Glasswall CDR

Try our browser-based file cleaner, simply drag files into the drop zone to remove malware threat… and eliminate the risk that antivirus tools might not find.

Try cleaning a file

Related Articles

Company news
Threat analysis

Introducing Tracked Changes and Hidden Data filtering in Glasswall's Embedded Engine

Thought leadership
Threat analysis

Glasswall: avoid operational downtime with our minimal patch technology

Threat analysis

How Glasswall’s experts are tackling ‘concept drift’ in machine learning for malware detection

Book a demo

Talk to us about our industry-leading CDR solutions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Glasswall logo whiteSOC2 certification badgeCyber Essentials Plus certified badgeNIST certified badgeW3C accessibility certificationAnti-Malware Testing Standards Organization (AMTSO®)
Zero-trust CDR
What is zero-trust CDR?What does it guard against?Tech comparisonsFAQs
Products
Embedded EngineGlasswall HaloGlasswall ConstellationsGlasswall MeteorICAP ServerAPIs
Resources
BlogVideosDocumentationCase studiesWhitepapersSupported file typesSecurity certifications
Use cases
Cross-domain (CDS)File upload portalsCloud migrationWeb appliancesPost-breach remediation
Company
About GlasswallOur peopleCareersPatentsResponsible disclosure policyPrivacy policyAccessibility statement
Partners
Tech partnershipsPartner programOur partners
Get in touch
Contact usSupport
Follow us

LinkedIn

@GlasswallCDR

YouTube

© Glasswall Solutions Limited. All Rights Reserved | Privacy & Terms

Company registered number: 05573793 | Company registered address: 85 Great Portland Street, London, W1W 7LT