Do you know what CDR stands for?
At the heart of ReSec’s cybersecurity solutions is our Content Disarm and Reconstruct (CDR). It’s a term we coined a few years ago and it describes exactly what our offerings do to protect our customers. When Gartner recently mentioned the term in describing the leading, advanced threat defense approaches in the secure email gateway industry, it gave us great pleasure and pride. If it’s an approach that one of the industry’s leading analysts is interested in, we thought people might be interested to learn more about CDR from its’ pioneers.
CDR is the heart of every product we develop and what enables ReSec customers to work safely and effectively everyday. Like most inventions, it can be traced back to frustrations with the traditional approaches. In this case, it was the inefficiency of traditional cyber scanning, detecting and file sanitization technologies, and how we were fed up with the security mechanisms we’d experienced. During our military service and in working in cybersecurity, Oren Shnitzer (ReSec’s VP R&D and co-founder) and I, were aware of the inherent weaknesses of anti-virus and sandbox systems. We were amazed time and again at how difficult it was to send and receive files in secure organizations. Systems were still only using inline multi-scanning and in some cases, conversion of content into completely useless Images or PDFs.
The Development of CDR
We set out to find a better solution for this problem, and since we couldn’t find any, we decided to develop it ourselves.
The design brief was simple:
- Make sure only clean files could get into the organization with permissions set centrally per user
- Ensure rapid processing that needs to be as quick as an anti-virus and not unusually slow like behavioral engines and can scale to fit the organization needs
- Eliminate false positive alerts
- Maintain the file’s full functionality and usability
- Deliver a definite result – a clean file
- It needs to be transparent to the users
- Simple, simple, simple to integrate and manage
At the time, existing technologies had one major design flaw – they required prior knowledge of the (malicious) file’s signature, behavior pattern or sender. This meant slow processing and many false positives. It also meant that those existing perimeter IDS/IPS could be easily bypassed by sophisticated or tailored malware that can simply evade detection, or overwhelmed with several million variants of unknown source that would render all signature-based detection mechanisms useless. No matter how we tried to circumvent this problem, we always came back to square one – which meant that all files had to be searched for malicious content, and inspected and analyzed accordingly.
The real breakthrough came when we realized that we would be better off disarming and reconstructing all files, without wasting time and computing resources on detection, and create replicas without any non-compliant/funky pieces of code hiding within. By doing so, we were able to speed up the process and scale up to deal with real-time enterprise loads, reduce false positives to zero, and ensure the files arrived in an operational shape and form. And so the Content Disarm and Reconstruct technology was born.
CDR In Action
Virtually unchanged, CDR is still the core of our product today. Every file that the CDR engine receives is being sliced to its core components and reconstructed. What the end user gets is a clean, safe and ready-to-work file, not a dumbed-down, image or PDF version of it. The users are happy – they’re actually oblivious to the process. The IT security departments are happy too – users are not upset with them for blocking their work and they have fewer files to investigate in the sandbox. And since this is a generic engine, it has now evolved to secure email, Web browsing, FTP, endpoint USB drives and digital vaults, providing the organization with peace of mind, regardless of the file source.
ReSec’s newest development is a cloud deployment, integrated to web-email and hosting services, which enables hybrid enterprises to regain the needed control, and allows SMBs to enjoy a powerful cyber threat prevention solution that fits their needs.
We are committed to ongoing development of this technology and hope to see CDR being mentioned in more reports that discuss the leading edge of cybersecurity threat prevention.