Glasswall FAQs
Glasswall FAQs
What is CDR?
CDR (Content Disarm and Reconstruction) is a cybersecurity technology that instantly removes potential file-based threats from incoming files and documents before they have a chance to enter a corporate network.
CDR, also referred to as content sanitization, breaks files down into their discrete components and removes anything that does not comply with the manufacturer’s known-good specification. This includes potentially malicious content such as macros, hyperlinks, and embedded objects. The file is then rebuilt into a safe, trusted version.
What can Glasswall CDR offer?
Glasswall CDR processes and cleans supported file types by:
- Automatically removing unrecognised objects hidden within file structures if they are not defined in the official specification
- Automatically correcting components that deviate from the manufacturer’s specification
- Enabling sanitisation of defined content using configurable content management policies
- Accurately determining file type regardless of file extension presence or manipulation
The Glasswall Embedded Engine uses multiple techniques to provide a reliable determination of file type.
What is the Glasswall security promise?
File-based security threats are growing rapidly, with approximately 1 in every 100,000 files containing potential malware. Most of these threats are unknown to traditional antivirus solutions.
Glasswall CDR protects against threats before they enter file servers via email, web traffic, and cloud services. Our file sanitisation technology ensures files are safe at the point of delivery, across endpoints where file sharing is most common.
What threat vectors does Glasswall CDR target?
A major advantage of CDR over conventional threat detection is that it does not rely on identifying known bad threats. By focusing on known good specifications, Glasswall safeguards organisations without needing to identify attack vectors.
Glasswall CDR protects against:
-
Data attack risks
- Risky content attacks (macros, JavaScript, etc.)
- Binary exploits (stack overflows, heap sprays, etc.)
-
Data disclosure risks
- Content removal
- Metadata removal
How does Glasswall CDR conform to ISG?
The NSA’s Inspection and Sanitization Guidance (ISG) defines requirements for file inspection and sanitization software.
The Glasswall Embedded Engine achieves a high level of compliance by addressing ISG concerns through sanitization and remediation during CDR processing. Further work is underway to achieve full compliance and enable mapping between ISG sections and detected file content.
Are files modified during the CDR process?
While file content remains unchanged, the underlying file structure is often modified during processing. This can result in a different checksum (hash) compared to the original file.
Glasswall records the SHA-256 hash of both the original and regenerated file, ensuring a verifiable chain of custody for compliance and provenance use cases.
What assurance is there around file integrity?
During final processing, semantic checks ensure the visual integrity and usability of the reconstructed document. Each release of the Embedded Engine undergoes extensive in-house testing to verify file integrity.
What file types are supported?
What happens if vendors update file specifications?
Glasswall continuously updates the Embedded Engine to support the latest file specifications. If specifications change and are not supported, some files may fail reconstruction.
The Glasswall team proactively schedules updates, and customers are encouraged to remain on the latest product versions to benefit from ongoing improvements.