CDR focuses on verifying the validity of the file structure on the binary level and disarms both known and unknown threats.
Content Disarm and Reconstruction technology is a deep inspection and file sanitization process engineered to protect against data compromises originating from file-based malware. CDR offers a detection-less and no-latency-added solution which is notably different from common sandbox-based anti-malware tools in the market. It is getting attention due to changing cyber threats.
Malware attacks are dominating the news cycle, causing
massive loss to data and brand credibility, all the while effortlessly
crippling the individuals, businesses, and governments they are targeting. From
SolarWinds and the European Banking Authority to the seemingly never-ending
attacks on Microsoft Exchange and countless others, malware is increasingly
becoming the vehicle used to compromise critical assets and change the dynamic
between hacker and the hacked. And more often than not (94% by
CSO Online’s estimates), it comes through email attachments.
What is CDR?
With the threat of cyberattacks
increasingly focused on the email gateway, new technologies are being
refined to meet the risk and provide a layer of sanitization to ensure
end-users receive malware-free files.
On a granular level, CDR
focuses on verifying the validity of the file structure on the binary level
and disarms both known and unknown threats. CDR’s strategic
value lies in its capabilities to
protect malware penetration into entering an organization’s network through
With CDR, all malware
forms, including zero-days, which are maliciously embedded in transit files,
are sanitized and purged of malicious content. This ensures the end-user can
access only malware-free content while still maintaining maximum file
The result of the CDR
process produces can produce one of three permutations.
- A flattened file delivered as a safe but unfunctional PDF
(CDR Type 1)
- A file with active
content, macros, and other malicious and safe content removed (CDR Type
- A safe copy of the original file on a clean template or
a file with full functionality intact (CDR Type 3, Positive Selection
Through the use
of CDR technology, organizational networks are
better able to defend cyber threats that originate from multiple channels,
including files from multiple avenues, including email, web browsers, file
servers, and FTP, as well as cloud and other computer endpoint devices.
How does CDR differ from legacy solutions?
Differing from the traditional cybersecurity toolbox, CDR defends against new and unfamiliar threats that common security methods, such as antivirus, sandbox, and even EDR systems, may miss.
The CDR file
sanitization process is an ideal complementary solution to be deployed
with existing sandbox-based systems technology as it doesn’t focus on
discovering harmful code or detection-based models (which are often
ineffective when attempting to find a zero-day attack) but emphasizes the
strategic value of disrupting and purging all malicious code embedded inside
files – without the time-consuming guesswork, statistical analysis, or user
behavior analysis that would often be required to counter these threats.
While CDR may not
be a viable standalone solution to fully mitigate risk, in consort with legacy
solutions, it is highly effective at eliminating the threat of unknown malware
and zero-day exploits. Additionally, because CDR relies upon an intensive deep
file inspection process, end users are given assured that all embedded file
components have been removed from their malicious components.
What do the industry analysts think?
According to Gartner: “As malware sandbox
evasion techniques improve, the use of CDR at the email gateway, as a
supplement or alternative to sandboxing will increase. CDR breaks down files
into their discrete components, strips away anything that doesn’t conform to
that file type’s original specs or company policies, and rebuilds a
clean version that continues to the intended destination. This real-time
process removes zero-day malware exploits without impacting business
productivity typically caused by sandbox detonation and quarantine
By preventing the inflow of new
malware, SMB can rely upon off-the-shelf antivirus or firewall products to
detect previous infections while utilizing
CDR to prevent future data breaches.
Enterprise technology coming to SMB
For the vast majority of its history in the
public sphere, CDR technology has been either cost-prohibitive to
SMBs or niche in its solution in an undervalued security domain. While
sandbox-based cybersecurity systems and the common cohort of legacy products
are easy to implement and have broad industry recognition, CDR has just
recently made this leap to broader market accessibility.
How to integrate CDR into your cybersecurity
Content Disarm and Reconstruction systems, just like any other technical elements of a company’s security policy, are only as effective as those using them. While CDR can seamlessly block and purge malicious elements in file attachments, it cannot replace the broader cybersecurity awareness of those implementing the solution. In practice, CDR works best when it’s used in consort with employee education and the effective implementation of legacy cybersecurity products. By adding a native level, or third-party CDR product to your broader cybersecurity policy, admins can ensure expanded email security and minimize the risks of phishing attacks, ransomware, and zero-day attacks.
What does the future
CDR solutions are already providing notable malware protection in a range of industries, from energy and manufacturing to healthcare and utilities. Businesses around the world are increasingly evaluating and deploying CDR solutions to provide support and mitigate the risk of file-based attacks. While Content Disarm and Reconstruction technology has not traditionally been in the equation for cybersecurity for many businesses, the rise of SMB geared solutions and SaaS pricing models has enabled CDR to gain greater market traction to provide malware protection for organizations and individuals across all sectors.