In the process of file sharing, what is essential for every organization is to make sure malware doesn’t tag along, and this is where a content disarm and reconstruction (CDR) solution comes in handy.
Of course, organizations must make sure the solution fits their needs and requirements, and covers all types of files.
To select a suitable CDR solution, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Benny Czarny, CEO, OPSWAT
As malware evolves and file-based attack techniques become more complex, selecting CDR technology is not a simple check-off-the-box exercise for organizations – especially with the growing number of CDR vendors in the market.
Further, organizations, notably those within critical infrastructure sectors, have become more targeted by cybercriminals and nation-state threat actors than ever before, and CDR technology can be an effective way to mitigate those threats. However, it’s critical to ensure that the CDR technology is comprehensive enough to protect against threats embedded in both simple and complex file types, but also efficient enough so that it doesn’t hinder productivity.
To start, organizations should look for CDR technology that supports a variety of archive formats, preserves usability after the file is sanitized, and is configurable to the organization’s use case. For example, does the CDR remove hyperlinks for a specific file type, and is it agile enough to deploy different policies for different data channels, such as internal versus external emails? Additionally, they should check if it creates an audit trail so they can log which objects were removed and which ones were sanitized. It’s also important to consider the R&D roadmap and ask questions regarding the security and sustainability of the design, how it’s tested, integration options, and more.
Dr. Oren Eytan, CEO, odix
Picking the right CDR solution for your business is dependent on the interplay of four key factors, chiefly: compatibility (or ease of integration) with the source of the file, license cost, and deployment cost and complexity system scalability.
In practice, the selection process for a CDR file sanitization solution begins with the most basic question: Can the native or third-party solution easily integrate with how my organization is receiving files (either via email or through file transfer portals)?
After integration issues have been resolved the size of the business and its deployment needs must be assessed to determine if the data source is internally based or focused on a cloud business application.
Based on your application requirements, the next factor driving the CDR POC process is often the ease of deployment of the solution, which includes basic or complex configuration and system setup, as well as the degree of data visibility for system admin.
With deployment options evaluated the final factor which can tip the scale in deciding the right CDR product for your business is system scalability. When selecting the right vendor, it’s essential they have experience managing the data needs of businesses of all sizes. In the process, your organization can provide the right blend of data security to meet their organizational needs.
Aviv Grafi, CTO, Votiro
When choosing a CDR solution, organizations need to consider five key factors: speed, scalability, depth and breadth of file types, ease of integration and disruptiveness. More traditional CDR technologies can be enormously intrusive on business operations, depend heavily on security staff resources, or cannot accommodate various spikes and dips in file traffic.
An advanced CDR solution will not throttle traffic, and responds dynamically to scale up or down according to the data flow of your organization, without impacting IT, application, or end user workloads.
CDR technology should be designed to sanitize all content that enters your organization, including active content and macros, not just basic files and images. Sending large, password-protected, or zipped files is a routine part of business, and a CDR solution should be able to support those and all other file formats used by your business.
You should also ask the CDR vendor if all your existing products can be integrated with the CDR solution and what is the expected amount of effort to integrate. Files need to be sanitized by the CDR from any channel, including Box, Dropbox, Slack, OneDrive, email, or web browsers and modern CDRs are integrative, offer native integrations and/or easy API-based integrations.
Dan Turner, VP, Global Governments and Critical Infrastructure, Forcepoint
The following short guide is intended for a CISO to aid successful procurement of an effective CDR defense.
The ‘table stake’ for any CDR solution is that it must deliver exceptional user experience, and compelling economics. CDR solutions that take a zero trust approach to malware that can both deliver the ‘table stake’ and go above and beyond with unmatched efficacy. The 3 key trade secrets for a properly zero trust CDR solution are as follows:
- Because you cannot trust data that’s sent to you – you do not want to let it in – so a solution should always build new data for delivery.
- You cannot trust complex software that handles complex data – so solutions should separately verify that their complex software is working properly.
- You cannot trust testing that looks for the absence of an attack – so select a solution that only looks for what’s useful and that can test that they find it.
Furthermore – as a CISO bonus – any vendor CDR solution that can pass these 3 key zero trust tests will deliver a high assurance solution that is demonstrably high efficacy and highly effective to any expert independent accreditor.