By Christopher R. Wilder
Research Director & Senior Analyst, TAG Cyber
Browser security has advanced significantly over the past several years. From local virtualization to sandboxing to cloud based virtual desktop infrastructure (VDI) solutions, securing the browser has had a well-deserved resurgence. More and more enterprises are not trusting endpoint devices due to BYOD efforts or other productivity-related security concerns. Even in remote access/VDI/zero-trust solutions, downloaded files from the internet can still be malicious. Third-party integration to a content disarm and reconstruction (CDR) platform is critical.
This article will review the various file-based threats and risks browsers introduce and the pros/cons of the most common content protection approaches.
What is browser security, and what are the threats?
A modern approach to browser protection uses a combination of tactics to help protect users from various online threats. Browser protection includes using a secure web browser with built-in features and software to block malicious websites, files, and content in order to protect against phishing and malware attacks.
Unfortunately, sophisticated attackers bypass perimeter network security controls, such as web / email gateway scanners, by encrypting malicious payloads inside file archives, PDFs, HTML files, and other vectors. Archive files like ZIP files can be encrypted, making it easier for cybercriminals to conceal malware within and bypass detection tools, especially when coupled with HTML smuggling attacks. Further, threat actors increasingly use script-based malware formats to run malicious code and rely heavily on built-in operating system utilities like file viewers and other utilities to evade endpoint defenses. Ultimately, this means more malicious emails will land in users’ inboxes, or web downloads putting organizations at risk of attack. Enterprises should consider deploying content disarm and reconstruction (CDR) technologies.
CDR is a pivotal and necessary component for browser protection
CDR is an evolving content security solution that protects against threats delivered through various file types commonly used in online office documents and email attachments. CDR removes potentially malicious content, active code, and embedded objects from a file while preserving the original format and functionality.
CDR allows the file to be safely downloaded, handled, and shared without risking the endpoint system’s or network’s security and is often used in conjunction with other hygiene security measures, such as antivirus software and firewalls, to provide comprehensive protection against a wide range of threats. For example, recently, we saw an aggressive bot campaign from the QakBot, Black Basta ransomware, and IceID threat groups, which use HTML files to direct users to a fake document viewer posing as adobe and Google Drive. These fake viewers tricked victims into downloading a malicious ZIP file; users provided a password and deployed the malicious payload.
A CDR solution unpacks, scans, and remediates the threat before it reaches the user. CDR assumes all files are potentially malicious and scrutinizes all expected files received from outside of the enterprise.
How Votiro Provides Advanced CDR to Address Today’s Browser Security Challenges
Most CDR solutions focus on detecting malware and signatures and incorporate predictive or behavioral analysis to mitigate malicious files and remediate security breaches. However, many of today’s CDR solutions are not as effective as they could be when detecting web-based zero-day threats across a broad range of file types without generating false positives. Votiro’s Cloud solution focuses on delivering a comprehensive offering that protects many online and internal file formats, including complex file structures. Because Votiro secures all standard file types, including obscure and challenging files, they stand out where many next-generation antiviruses (NGAV), secure browsers, sandbox solutions, and other CDR providers fall short.
It is TAG Cyber’s opinion that Votiro should be considered for any enterprise that transfers files and sensitive information between its customers, employees, business partners, and suppliers. Further, their ability to protect users online is a bonus that provides a comprehensive solution to safeguard employees from the browser to the enterprise and beyond.