About Embedded Engine
    • PDF

    About Embedded Engine

    • PDF

    Article summary

    Zero-trust file protection delivered by the Glasswall Embedded Engine is different. Instead of looking for malicious content, our advanced CDR (Content Disarm and Reconstruction) process treats all files as untrusted, validating, rebuilding and cleaning each one against their manufacturers ‘known-good’ specification.

    The Glasswall Embedded Engine allows organizations to embed the power of Glasswall CDR, via a software development kit (SDK) which includes an API, with new and existing application deployments. Once integrated, any files the engine encounters are processed in accordance with user-configurable security preferences that allow security teams to shape their security policy to match their organization's risk appetite.

    Glasswall's Embedded Engine can:

    • validate, clean (sanitize and remediate), and reconstruct files.
    • produce XML reports detailing deep analysis of files.
    • manage files via a configurable content management policy.
    • carry out reliable file type identification.
    • perform search and redaction of text in MS Office file types.
    • create and manipulate a document object model (DOM) for supported file types.

    Features

    Analysis Mode

    In Analysis Mode, the input file is decomposed and an XML report is generated for each file. The analysis report contains 'Content' Items (structures found in the file), 'Issue' Items (structures that do not match the specification), 'Sanitisation' Items (items that would be taken out as per the content management policy) and 'Remedy' Items' (structures automatically corrected back to specification).

    Protect Mode

    In Protect Mode, the input file is decomposed as per Analysis Mode but the file is then regenerated using valid Content Items and remediated Content Items. As part of this process, the Content Management rules are applied so that certain 'Sanitisation' Items are removed (e.g., macros) from the regenerated file, so only known good items are present in the new file.

    Export

    In Export Mode, the input file is broken down to its structural components and an internal DOM (Document Object Model) tree is created. The DOM tree is validated and cleaned before serialising and writing out as one of two configurable intermediate file formats (XML or SISL). The exported content can be further processed and modified externally prior to importing.

    Import

    In Import Mode, the input is the exported SISL or XML files (with or without external modification). The XML or SISL files are deserialised, reconstructing the internal DOM tree, which is validated, cleaned and used to regenerate a clean and compliant file.

    Content Management rules can be configured and applied in both Export and Import modes.

    Automatic File Corrections

    Automatic corrections back to the file specification are performed upon file regeneration. The purpose of this is to enable the Glasswall Embedded Engine to remove threats that are hidden within the file structure, as well preventing the possibility of activating exploits via the misuse of structural components in the file.

    In Analysis Mode, all automatic corrections made to a file are reported as Remedy items.

    Configuration Management

    Content management policies are a set of content management switches that can be applied to a particular file type. The content management switch is used to identify a file element type and associated action.

    The content management setting specifies the action to be carried out by Glasswall for a particular content management switch. Each content management switch can be set to one of three settings.

    Issue IDs

    Reported content items and associated actions carried out by the Glasswall engine are logged in an XML analysis report. Each unique content item entry has a unique issue ID associated to it.

    Issue IDs are generated when files are processed in Analysis Mode and can be found in the output analysis report. Glasswall provides API functions responsible for retrieving information related to issue IDs.

    Word Search & Redaction

    The Glasswall Embedded Engine can search and redact the text and metadata of a file for forbidden words in certain file types.

    Learn more


    Was this article helpful?