CDR is a crucial security tool… that no one knows about

Securing an organization’s data isn’t easy, and the various products and services dedicated to the process make it even more difficult to know what to do, delaying potential decisions and creating havoc with businesses and customers. A relatively tiny section of the cyber-protection industry, known as content disarm and reconstruction (CDR) is a solid beginning.

Between January and April of 2020, as businesses moved to remote work and video conferences, cyberattacks increased 630 percent worldwide, according to data from 30 million McAfee MVISION Cloud users. Various studies show the more than 90 percent of those attacks were based on shared content through text, email, and video conferences. Simply put, CDR technology scans for malicious content, removes or neutralizes the malware (called sanitizing), and rebuilds the documents for use behind the firewall.

The technology is relatively mature with the first products hitting the market in 2002 in various forms and levels. The most recognizable form is offered by some telecommunications companies as a paid-for option or part of the regular service alerting users to what might be malicious content. On that level, the warning is issued but the files are not sanitized. The next level op blocks text messages and emails from spammers. There are, however, more than two dozen companies around the world that provide this protection.

All the companies focus on protecting users of the Microsoft environment because it is the largest deployed and the most insecure environment in the world. Several of the companies are based in Israel and run by former military intelligence officers, as the Israeli military is well-known for its ability to defend the country from cyber attacks and launch attacks against others.

For SMBs, Odi-x is an interesting choice. It is focused only on CDR technology, is economical and has the advantage of being on the Microsoft app marketplace. Their two products are the app, FileWall™, and a hardware kiosk where employees, visitors, and customers can sanitize mobile devices before coming into a facility. FileWall is available for $1 per user per month.

On the other end of the spectrum are companies like OPSWAT, which offers a comprehensive set of tools and services under the MedaDefender™ and MetaAccess™ brands. The former line of products houses the CDR technology and the latter screens hardware brought behind the firewall for security compliance. Like Odi-x, OPSWAT focuses on Microsoft environments and provides what they call “deep CDR.” The company defines that as the ability to drive down into a jpeg, in a Word doc, in a PDF, but most CDR providers that ability. Because the OPSWAT solution is more comprehensive, it is of course more expensive, but the company doesn’t reveal a basic cost.

Taeil Goh, CTO of OPSWAT, said that sanitizing email could stop many, if not most of the attacks by both nation-states and common cyber criminals. “Email is probably the least secure protocol and is a major vehicle for attacking an organization through attachments and links. CDR technology to that vector either neutralizes or removes the link or the attachment.”

Most cyber security is dependent on a human being making the right choice every single time. Most cyber crime is dependent on a human being doing something stupid eventually or most of the time. For example, there is increasing evidence (at least according to the CEO who was forced to resign) that the SolarWinds hack was accomplished through an intern creating a very bad password that was not changed for years after the intern left the company.

Goh said that CDR probably would not necessarily prevent that attack, but eliminating human error is the goal of companies providing that service. “You need threat detection and threat prevention technology. Organizations face threats coming through the firewall, in cross-domain attacks and portable media, as well as email. Most organizations use maybe one or two antiviral engines in their gateway. For us, we provide up more than 30 different engines to increase the detection rate of malware coming into the organization.”

Goh said once the threat is detected, CDR comes into play, but that it isn’t absolute. Certain files cannot be blocked, such as script files that are often designated a “.exe”. So the human error element cannot be entirely removed.

Even so, it seems like having some form of threat detection and removal is a really good idea for every kind of organization, and yet it is extremely rare. OPSWAT, Odi-x, and six other competitors contacted, all claim to have about 1000 businesses and governmental agencies as customers. There is also some overlap as some companies, like Hewlett Packard and Oracle claim to purchase pretty much every product and service available just to make sure all bases are covered. But there are tens of thousands of organizations around the world that don’t, for the simple reason that most of the industry hasn’t figured out how to market themselves to the world. And since most are profitable there is not a lot of incentive to work very hard at it.

Goh admitted that market awareness is a problem in the cyber-security industry.

“There are marketing messages from so many different vendors and even security professionals are confused,” he said. Imagine what is like for non-professionals like CEOs. “It the nature of security; trying to validate the current technology. So I think the awareness is definitely lacking.”

Let’s hope for improvement.

Listen to the entire interview with Taeil Goh at Crucial Tech