CDR: The secret cybersecurity ingredient used by defense and intelligence agencies
It’s very rare that the defense and intelligence community is vulnerable to file-based attacks. After all, for these organizations security is not a business case, it’s a case of national security.
More commercial businesses should look to the defense and intelligence community for guidance on improving security posture. It’s not that they have the newest or most sophisticated products; government agencies focus on identifying core risk vectors, such as those created by the dangers endemic in the files shared every day.
Having the measures in place to identify malicious malware and prevent hackers from gaining access to your systems is far more efficient and cost-effective than responding to an attack that has already taken place. After all, between 2020 and 2021, nearly two million malicious emails bypassed secure email gateways.
The biggest mistake that most organizations make with their security policies is being reactive rather than proactive. Businesses need solutions that enable them to remove threats from business files at industrial scale and at the level defense and intelligence organizations are able to rely on.
The secret ingredient
Defense and intelligence agencies protect their front line by ensuring file-based attacks cannot penetrate their systems. With no room for error, they simply cannot rely on a reactive approach. The core technology field – Content Disarm and Reconstruction (CDR) – has been specifically-developed for this use case and industry. And while it’s only recently that this technology field has risen to prominence in the private sector, government agencies have been relying on it for almost a decade.
Unlike reactive security methods, such as sandboxing and anti-virus (AV), CDR technology delivers instant protection through its proactive approach. Files and documents are instantly made safe from threats through a rapid, four-step process:
- Inspect – a file is inspected to validate that its digital DNA complies with the known good manufacturer’s specification. Remediation instantly takes place where deviations are found.
- Clean – high-risk active content (i.e., macros and embedded links) is cleaned and removed, based on company policy – so only the users who need active content receive it.
- Rebuild – the file is rebuilt to its known good manufacturer’s standard, ensuring the file is clean and threat-free.
- Deliver – the document is instantly delivered to the user clean of any potential threats to be used with confidence that it is completely safe.
This simple approach ensures every document entering or leaving an organization is safe; meaning users can trust every file. The process makes it impossible for a threat to exist in any file that has undergone CDR, whether it is a known threat, or a threat that has yet to be identified (“zero day”). Any security blind spots that hackers can identify and exploit are closed during the process. Crucially, its instantaneous nature does not interrupt or slow down business, allowing for activities to continue as normal without sacrificing productivity or security.
The best offense is defense
Employees in the defense and intelligence sector are in near-constant contact with each other, sharing information often under challenging circumstances. They move files and documents from low trust environments into networks that hold a nation’s most sensitive data, where a data breach could have a serious impact on national security. Consequently, when it comes to sharing any kind of document, these teams cannot risk threats slipping through the net.
Human attackers are now using machines to engineer malware at a pace only imaginable a few years ago. Today, it’s possible to engineer a new piece of malware and to make each version of that file suitably different so that it’s almost impossible for traditional malware protection solutions to identify. In the same way that Facebook or Twitter use algorithms to create a truly unique social feed of information that is tailored to the interests and tastes of a user, bad actors can use similar algorithms to deploy essentially the same underlying threats but packaged in ways that simply evade detection.
This is the new era of zero day file-based threats businesses are now operating in. To keep up, the private sector needs to look at a different way to handle file-based threats. CDR doesn’t look for characteristics of bad files. The model looks for deviations to the file structure (digital DNA) and repairs it to the manufacturer’s specification, sanitizes active content and rebuilds to a known-good file, leaving the visual layer untouched. And while the defense and intelligence community has relied on this for some time, this is a game changer for the private sector.
CDR technology: Be prepared
Enterprise leaders must think differently, modernize their approach to cybersecurity and be prepared to embrace change.
When addressing cybersecurity, innovative leaders must fully engage with the issues, risks and opportunities. In doing so, they should challenge their legacy approaches to keeping systems safe from attack – even if they have yet to be breached themselves. What’s more, by taking responsibility for driving positive, innovative change, leaders can bring their own skills to work with trusted security partners and vendors to improve their levels of protection.
Attacks and attackers come in different shapes and sizes and are not always easily identifiable. The key is mindset and approach. Getting both right gives companies a greater chance of combating attacks and gives them greater agility and resourcefulness.
The commercial space could learn a lot from the defense sector. Currently, CDR technology is dominating the defense and intelligence industries. Think of it as the Omega Seamaster of the cyber world: if it works for Bond, it will work for you.