Glasswall Halo can be used to process files, ensuring that any potentially malicious content is removed or neutralised. Our CDR technology instantly cleans and rebuilds files to match their โknown goodโ industry specifications, removing potential malware.The ultimate goal is to produce a sanitised version of the file, making it safe to be opened and accessed by other users or information systems without any security risks.
What is CDR
Content Disarm and Reconstruction (CDR) is a security measure taken to protect against potential threats and cyber-attacks that may be embedded in files, particularly in documents, images, and other attachments.
There are several reasons why you would want to use CDR to sanitise files before allowing other users or information systems to access them:
Malware Protection
Files received from external sources, such as emails or file downloads, can contain hidden malware, viruses, or other malicious code. CDR helps ensure that any potential threats are neutralised, preventing malware infections and data breaches.
Phishing Prevention
Some files may include hidden phishing links or malicious scripts, aiming to steal sensitive information or login credentials. CDR removes such dangerous elements, mitigating the risk of falling victim to phishing attacks.
Compliance and Regulation
Many industries and organisations have strict data protection regulations they must adhere to. By implementing CDR, businesses can demonstrate their commitment to security and compliance with data protection standards.
Zero-Day Threat Mitigation
CDR can be effective against new, previously unknown threats (zero-day threats) because it focuses on the file's structure and content rather than relying solely on signature-based detection.
Safe Collaboration
By using CDR, organisations can safely share files internally and externally, promoting efficient collaboration while maintaining security.
System Integrity
Opening a malicious file can harm not only the user's device but also the entire IT system. CDR helps preserve the integrity of the system by preventing the spread of malware.
Overall, employing CDR as part of a comprehensive cybersecurity strategy helps reduce the attack surface and enhances the overall safety and trustworthiness of the shared files, making it safer for users and information systems to interact with the data.
API Documentation
You can use the following API's to create a sanitised file:
POST api/v3/cdr-file
POST api/v3/cdr
For more information please refer to our API Documentation
API Authentication
Learn how to authenticate Glasswall Halo
Glasswall Halo Events
When you make a request to Glasswall Halo the following events take place:
- You send a file to the Synchronous API for processing.
- The file is stored in Glasswall Halo whilst processing occurs.
- The Glasswall Embedded Engine is notified to process the file.
- The Glasswall Embedded Engine retrieves the file and begins its CDR process.
- The clean file is then returned back to the user via the API response
Request Construction
Glasswall Halo provides a wide range of file processing capabilities, accommodating both binary and Base64 encoded files. Additionally, you have the option to leverage policies to guide the file processing according to your needs. For a comprehensive understanding and practical implementation of the policy management feature, learn more.
When utilising Glasswall Halo, you can submit files in either binary or Base64 format, offering the flexibility to choose the most appropriate file representation for your specific use case and application requirements. Moreover, if you solely require a clean file without the analysis report, you can make this specific request using the response-content
query parameter with the value set to noAnalysisReport
.
This versatile functionality of Glasswall Halo empowers you to tailor the file processing process precisely to your preferences and efficiently achieve your objectives with ease.
Binary File Processing
POST {baseUrl}/api/v3/cdr-file?response-content=noAnalysisReport
Base64 Encoded File Processing
Submit the Base64 encoded string in the Request body to the following endpoint:
POST {baseUrl}/api/v3/cdr?response-content=noAnalysisReport
Request body Format
The body of the request should be in JSON format and include the Base64 field containing the Base64 encoded string of the file, and the fileName
field specifying the original filename (including the appropriate file extension).
{
"Base64": "string",
"fileName": "filename.pdf",
}
Variations
A variation of this request is to not pass in the response-content
query parameter. This means that you will get both the rebuilt file and the analysis report back for the file you requested.
Binary File Processing
POST {baseUrl}/api/v3/cdr-file
Base64 Encoded File Processing
Submit the Base64 encoded string in the Request body to the following endpoint:
POST {baseUrl}/api/v3/cdr
Note:
- Replace {baseUrl} with the actual base URL of the Glasswall Halo API.
- Correct auth header should be provided with each request
- For binary file processing, use a multipart form post, while for Base64 encoded file processing, provide the file content in the JSON Request body with the appropriate filename.
Response Handling
When a file is successfully processed by Glasswall Halo, you will receive a 201 HTTP status code, indicating that a new file has been created, and this file is returned in the response. The format of the response depends on whether you used the binary or Base64 endpoint.
For the binary endpoint, the file will be returned with the content type application/octet-stream
. You can read all the bytes from the response body, forming the CDR'd file. The response will also include the content-disposition
header, which contains the filename supplied in the multipart form, if available. If the filename was not provided, a generated GUID will be returned as the filename. This feature eliminates the need for you to maintain the filename while processing occurs.
If you requested a Base64 encoded file to be processed, the response will be in JSON format with a status code of 201. The JSON body will contain the Base64 encoded string representing the clean file produced by Glasswall Halo. The response will look like this:
{
"errorReason": null,
"processingId": "d3bdc536-44ba-41ad-b40e-330ce6f169ce",
"processingStatus": "rebuilt",
"fileType": "jpg",
"analysisReport": null,
"rebuiltFile": {
"content": "/9j/2wBDAAMCAgM...",
"contentType": "application/octet-stream",
"contentEncoding": "Base64"
}
}
To access the Base64 encoded clean file, you can retrieve it from the rebuiltFile.content
location within the response.
Variations
If you omit the response-content
query parameter and utilize the default settings, both the clean file and the analysis report will be generated and included in the response.
In the context of the binary endpoint, the response format will be a compressed .zip
file. Upon extracting this file, you will discover two subfolders: clean
and report
. The clean
folder will house the clean file, which you can freely utilize according to your needs. Similarly, the report
folder will contain the analysis report.
Learn more about analysis reports
If you requested a Base64 encoded file to be processed, the response will be in JSON format with a status code of 201. The JSON body will contain the Base64 encoded string representing the clean file produced by Glasswall Halo. The response will look like this:
{
"errorReason": null,
"processingId": "de30c22d-fcef-467c-9ed9-16296318615b",
"processingStatus": "rebuilt",
"fileType": "archive",
"analysisReport": {
"content": "UEsDBBQAAAgIACU/EFeWuyNVWwAAAL0AAAARAAAAbWFua...",
"contentType": "application/octet-stream",
"contentEncoding": "Base64"
}
"rebuiltFile": {
"content": "/9j/2wBDAAMCAgM...",
"contentType": "application/octet-stream",
"contentEncoding": "Base64"
}
}
To access the Base64 encoded clean archives, you can retrieve it from the rebuiltFile.content
location within the response, if you wish to gain access to the analysis files they can be found at analysisReport.content
.
Summary
-
You have successfully protected your organisation against potential malware threats by utilising Glasswall Halo to sanitise files before sharing or processing them.
-
You have prevented phishing attacks and safeguarded your users by neutralising hidden malicious scripts and phishing links in files processed through Glasswall Halo.
-
You have ensured compliance with data protection regulations by securely handling files and eliminating sensitive information through Glasswall Halo.
-
You have proactively mitigated zero-day threats by using Glasswall Halo, which focuses on file structure rather than relying on known signatures.
-
You have established a secure and trusted file-sharing environment, both internally and externally, by leveraging Glasswall Halo capabilities.
-
You have maintained the integrity of your information systems by preventing malware propagation through CDR-processed files.
-
You have demonstrated a commitment to cybersecurity, building trust among clients, partners, and stakeholders through the secure file-handling practices achieved with Glasswall Halo.
-
You have streamlined your file processing workflows and reduced manual intervention by automating the process through the Glasswall Halo API integration.
-
You have efficiently responded to potential security incidents by incorporating CDR as an additional layer of defence in your incident response plan.
-
You have minimised downtime and reduced remediation costs by preventing malware infections through Glasswall Halo.
-
You have protected your organisation against supply chain attacks by sanitising files received from external sources using Glasswall Halo.
Overall, through CDR, you have significantly enhanced your organisation's cybersecurity posture, ensuring the safety of sensitive data and mitigating file-based threats effectively.
Quick Start
To try Glasswall Halo yourself, please refer to our Quick Start Guide.