What to Look for in a CDR Vendor
High-profile cyberattacks are continuously in the news, and more and more enterprises and organizations are looking to re-focus their security strategy from detection-based solutions to more proactive approaches, while keeping in mind the need for these security solutions to seamlessly integrate into business operations. The shift to integrate security into business and IT operations is growing: 61% of CIOs are prioritizing investments in cybersecurity, and Gartner predicts that security and risk spend will exceed $150 billion worldwide in 2021.
It has become increasingly clear that many standard cybersecurity technologies, such as anti-malware and anti-virus solutions, are both no longer sufficient in the face of today’s advanced threat landscape and cause friction to the end user. These solutions can only detect known threats and cannot protect enterprise networks against undisclosed or zero-day attacks. The fact that 80% of successful breaches are new or unknown zero-day attacks has resulted in a search for a more proactive security alternative than traditional signature-based detection solutions.
Many companies are investigating content disarm and reconstruction (CDR) vendors in order to tackle the issue of proactive defense against hidden malware. Let’s break down how you can move beyond your current security measures by selecting a CDR vendor.
Why CDR is the Solution
Content Disarm and Reconstruction (CDR) is a security technology that takes a proactive approach to cybersecurity by cleansing potentially malicious code from files. Also known as file sanitization, CDR does not rely on threat detection like other anti-malware tools. Instead, the technology assumes all files are malicious. The most advanced version of CDR technology (Level 3 CDR) proactively sanitizes all individual file components of threats and rebuilds the file onto a new, clean file template (read about the whole process here).
In the crowded cybersecurity market, CDR vendors abound. So how can an enterprise choose which vendor is best placed to fully secure their critical assets?
How to Choose a CDR Vendor
There are several key factors to consider when determining which vendor to hire to perform CDR on incoming files. Let’s dig in.
Be Wary of Imitation CDR
It’s important to compare apples to apples. CDR takes a Zero Trust approach to files, disarming each and every one without relying on the principles of detection.
Using Antivirus
There are imitation CDR vendors in the market that combine elements of CDR with anti-virus capabilities. Rather than disarming a file automatically, these vendors look for known threat content. If malware is detected, the files are then automatically blocked from being delivered to the recipient. This may seem like a reasonable approach, but consider this: If CDR can sanitize files of unknown threats, why are certain CDR vendors still using anti-virus and blocking these files instead of sanitizing them? With this method, these vendors are not protecting their customers from these threats nor delivering them to the end-user. In organizations that require employees to accept data, and with VEC (Vendor Email Campaign) attacks rising, blocking files still creates headaches for end users and security teams, slowing down business processes.
Flattening Files
In addition, many CDR vendors take the straightforward approach to disarming content by simply flattening the file. That means a document with hundreds of pages of content will be converted to an image and saved as a PDF “wrapper,” a practice that makes the content impossible to work with and negatively affects employee productivity. For someone who wanted to copy-and-paste text from the original document, now that’s impossible, as it’s been converted into an image. PowerPoint slides can no longer be tweaked or edited. Excels with macros and editable cells are useless when they’re turned into PDFs.
Votiro does not rely on anti-virus protection or flattening files. Votiro, powered by Positive Selection® technology is the next evolution of CDR. It takes a zero-trust approach to files, breaking down every single element of a file to its lowest-level element, and uses template-based reconstruction to recreate clean templates with only the known good content included. The new file contains only elements that have passed the Positive Selection process, removing any potential security breach. Files are never flattened, and full usability is preserved, eliminating any adverse business impact felt when active content, such as macros, is removed from files. Unlike other slow, time-consuming solutions, Votiro’s process is lightning fast, with no reliance on checking signature databases for known threats, and can integrate seamlessly to work alongside existing security infrastructure.
Number of Supported File Types
Find out precisely what the CDR vendor means by “supported” file types. Ensuring that your vendor can sanitize a large number of file types is quite critical. The more file types supported means that your enterprise can sanitize every element and object inside that original file, rather than substituting those elements by converting them to an image or blocking them altogether. Beyond basic files and images, your CDR vendor should support the sanitization of containers, such as ZIP and other archive files, as well as the files within the containers. In addition, check whether large or archive files are even supported at all, as some solutions limit their “cleansing” to a specific file size.
Votiro can sanitize 180+ file types. Votiro has extensive expertise in the architecture of every file format and can safely reconstruct all file types–from ppt, docs, pdfs, and image files, all the way to more complex formats like Autodesk files. With Votiro’s comprehensive library of file extensions, your enterprise is safe from even the most obscure, challenging file types that no next-generation anti-virus or sandbox can detect. This capability ensures that no matter if your business is a government agency or a commercial entity, end users will always receive the data they need to do their job properly and your business is not even disrupted for a single moment.
Tested on Billions of Files
Do not take chances with your critical assets. Instead, choose a vendor that has processed billions upon billions of files throughout the years, and demonstrated the ability to support large-scale global organizations. Keep in mind that even one file missed represents a massive security risk to your enterprise; anything less than full security is insufficient for your needs.
Votiro has sanitized billions of files. Votiro sets its bar high with a zero-trust approach and a zero breach tolerance. In fact, Votiro’s track record speaks for itself: billions of files sanitized for millions of users since the company’s inception in 2012.
Real-World Experience
When vetting a CDR vendor, look for a company that has been battle-tested, with an unblemished track record proving their ability to truly sanitize files. In addition, the vendor should be prepared and willing to share specific enterprise metrics and KPIs to validate its performance across multiple data points.
Votiro’s customers are large global companies and institutions. These demanding – and satisfied – enterprise customers in the areas of finance, health, insurance, government, and others, serve as references for Votiro’s capabilities in eliminating file-borne threats without negatively impacting workplace productivity.
If you’d like to learn more about implementing Votiro’s proprietary Positive Selection technology to secure your network against the threat of malicious files, please feel free to schedule a demo today. Or, contact us to speak with a member of our team.
News you can use
Stay up-to-date on the latest industry news and get all the insights you need to navigate the cybersecurity world like a pro. It's as easy as using that form to the right. No catch. Just click, fill, subscribe, and sit back as the information comes to you.
Sign-up Here!
Subscribe to our newsletter for real-time insights about the cybersecurity industry.