Glasswall CDR FAQs
    • PDF

    Glasswall CDR FAQs

    • PDF

    Article summary

    What is CDR?

    CDR (Content Disarm and Reconstruction) is a cybersecurity technology that instantly removes potential file-based threats from incoming files and documents before it has the chance to enter a corporate network. CDR also referred to as ‘content sanitization’ breaks down files into their discrete components, removing anything that does not comply with its ‘known good’ manufacturers specification, removing any content that could be malicious (macros, links, embedded objects), rebuilding a sanitized, safe version so organizations can trust every file.


    What can Glasswall CDR offer?

    Glasswall CDR processes and cleans our supported file types by:

    • Automatically removing unrecognised objects hidden within the file structures, if they are not defined in the official specification.
    • Automatically correcting components of a file that deviate from the manufacturer’s specification, where applicable.
    • Enabling sanitization of defined content using a content management policy, for a number of file types.
    • Accurately determining the file type* regardless of the presence or absence of a file extension, or if the file extension has been modified.

            *The Glasswall Embedded Engine utilises one or more methods to provide a reliable best guess of the file type.


    What is the Glasswall security promise?

    File security threats are growing faster than ever, with approximately 1 in every 100,000 files containing potential malware infections. Most of these threats are unknown to antivirus software which means they’re unable to mitigate the risks of malware attacks. Glasswall’s CDR technology can be used to provide protection against threats before they enter file servers via email and website traffic, and our advanced file sanitization solutions can also provide similar protection on cloud email, web browsers, and other computer endpoint devices where file sharing is most common.


    What threat vectors does Glasswall CDR target?

    A huge benefit of CDR over conventional file based threat detection is that CDR does not rely on detecting known risks. By focusing on the ‘known good’ and not the ‘known bad’, our technology safeguards organisations and end users without the need to identify an attack vector. Through the process of validation, remediation (auto correcting malformed structures and removing hidden objects) and sanitisation (removing risky content via a configurable policy), the Glasswall CDR process safeguards against the following categories of exploits.

    • Data Attack Risks
      • Risky content attacks (Macros, javascript, etc.)
      • Binary exploits (stack overflows, heap sprays, etc.)
    • Data Disclosure Risks
      • Content removal
      • Metadata removal

    How does Glasswall CDR conform to ISG?

    The NSA’s Inspection and Sanitization Guidance (ISG) provides guidance and specifications for creating file inspection and sanitisation software. The Glasswall Embedded Engine achieves a high level of compliance to these guidelines by addressing the concerns raised through the process of sanitisation and remediation during cdr processing. Further work is underway to become fully compliant with the recommendations outlined in the ISGs and future releases of the Glasswall Embedded Engine will provide the capability of mapping ISG sections to content found in files during processing. Watch this space for further news.

    You can find PDF versions of the ISGs in this GitHub repository: https://github.com/gw-engineering/ISG


    Are files modified during the CDR process?

    During processing, the content of the file remains the same but the structure of the file is often modified during processing. This could result in a different checksum (hash) when compared to the original file. The newly generated file will appear visually identical to the original but the underlying DNA of the file will, in most cases, change.


    What assurance is there around file integrity?

    When processing a file, the final process cycle conducts semantic checks on a document. This is to ensure that the visual integrity is maintained to maximise useability of the final, processed document. On top of this, we thoroughly test our engine for every release using in-house tools to ensure file integrity is maintained in a reconstructed file.


    What file types are supported?

    Please refer to our Supported File Types.


    What are the different levels of support?
    • Microsoft Binary and Open XML files
    • PDFs
    • Popular images file types
    • Audio & Video files
    • Archive files
    • Executable files
    • Object files
    • And more


    What happens if vendors make updates to file specifications?

    Glasswall is continually making updates to the Embedded Engine to ensure that the latest file specifications are supported. If these updates are not addressed, then in some cases files may fail to be reconstructed. The Glasswall team has a proactive approach in ensuring work is scheduled to address these changes. We also encourage our customers to stay up to date with our latest product versions where possible, to consume these updates.


    Was this article helpful?

    What's Next