How to Proactively Remove File-Based Malware

There’s no question that the past 18 months have been challenging for technology and cybersecurity leaders. Cyberthreats have skyrocketed at a time when companies have been enabling hybrid workforce models and transforming their businesses. In fact, 2020 was one for the record books in terms of security incidents. Broadvoice, Facebook and Microsoft reported breaches involving millions of records, while lesser-known firms BlueKai and Keepnet Labs lost control of billions.

So, it’s hardly surprising that leaders’ confidence in their ability to avoid digital risks is lagging. The most recent Beazley Risk & Resilience Report found that a median of 56% of U.S. and UK leaders said their business may not be resilient enough to weather cybersecurity attacks. Some 70% also said they’re not ready to anticipate and address technology disruption if it occurs. 

Reactive Security Processes Expose Companies to Greater Risks 

These leaders are right to be concerned. Many organizations rely on reactive security programs and processes to protect their systems and data, which can create significant gaps that cyberattackers can exploit. For example, many antivirus programs are signature- rather than behavior-based, meaning that they rely on finding known sequences or patterns—not the latest threats. As a result, threats often slip into organizations’ networks between updates in the form of email with malicious links and weaponized attachments, documents with embedded malware that are downloaded from the internet and more. 

While only one in every 100,000 files contains potentially malicious content, 98% of these threats are unknown by antivirus solutions and stay that way for 18 days on average until they catch up. That gives cyberattackers more than two weeks to explore organizations’ networks and exploit their vast data wealth for their own advantage. 

Similarly, sandboxing, one of the security strategies du jour, has its limits. Sandboxing temporarily quarantines email attachments and incoming files for analysis, making sure they’re safe before allowing them to be accessed and used. Theoretically, sandboxing should catch the threats antivirus programs miss. However, sandboxing takes time, harms the user experience and can’t always catch advanced threats. They are also vulnerable to zero-day attacks and hackers sometimes program delays into their malicious code so that it activates after files are released from quarantine. And those PDFs the sandboxing program may deem harmless may still provide links to malicious websites that employees can click on. 

As a result, these processes are akin to installing security systems at one’s home but leaving a key under the front door welcome mat or on top of the door frame. An experienced burglar knows where to look to find the key and how to deprogram the alarm—just like cyberattackers know where to look to find gaps they can exploit. 

How to Move to a Proactive Security Detection Model

There’s a better, more proactive way for organizations to protect their valuable systems and data. Content disarm and reconstruction (CDR) solutions clean and deliver safe files such as the PDFs, Excel spreadsheets and other file formats employees use each and every day. 

So, just how does this technology work? When staff click on email links, open email attachments or download files online, CDR:

  • Inspects three layers of every file to validate that their digital DNA complies with the known manufacturer’s trusted specification. If deviations are found, CDR immediately remediates the file. This occurs whether the file is downloaded as an email attachment or downloaded or uploaded from the internet.
  • Cleans and removes high-risk active content, such as macros and embedded links, based on company policy—so that only the users who need active content receive it.
  • Rebuilds files to their ‘known good’ manufacturer’s standard, ensuring that they are clean and threat-free.
  • Delivers safe, identical files that are compliant, standardized and trusted. This eliminates the risk that users will click on malicious links and activate malware, either embedded in documents or on external websites. 

CDR takes the pressure off employees and IT teams to be perfect. Employees can’t be expected to detect every threat, as they work with hundreds of emails and scores of files each day. While organizations pour considerable effort into teaching employees how to detect phishing emails, staff are still no match for the sophisticated email attacks cybercriminals launch every day. That’s why phishing is still the culprit in 36% of successful cyberattacks. 

Similarly, IT teams need the freedom to evolve cybersecurity programs. CDR frees them up to do just that by eliminating the need to monitor antivirus solutions vigilantly to ensure they’re updated or evaluating sandbox data. Instead, they can focus their efforts on evolving zero-trust architectures and hunting adversaries. 

CDR technology also helps organizations accomplish other critical goals. It can be used to strip metadata from files, minimizing the risk of information leaks. In addition, CDR can be used to move data at scale securely without the worry of transferring malicious files from one location to another. And finally, CDR can be deployed using infrastructure-as-code (IaC), so it can be easily integrated into all cloud and datacenter environments. 

A Force Field Around Malware

Organizations are under more pressure than ever to detect and repel cyberthreats. Instead of searching for malware that might exist in a business file, CDR places a force field around the known good visual layer and simply ejects any alien and harmful guests out into space. The outcome is a pristine file that is safe to open and is pixel-perfect; visually identical to the original. That means organizational leaders can be confident that their teams are working with legitimate, malware-free emails and files, removing a major attack vector from consideration. 

When it comes to security, it pays to get proactive with threat detection. Yes, organizations can remediate each and every file with a platform that won’t get in the way of digital work and team productivity. 

Avatar photo

Paul Farrington

Paul is a DevSecOps dynamo. With over 20 years’ experience launching secure software in his back pocket, he now keeps Glasswall’s product development team laser-focused on delivering (and growing) the most innovative CDR product portfolio on the planet. His previous roles include CTO and leadership positions at Veracode, BCSG, and Barclays.

paul-farrington has 2 posts and counting.See all posts by paul-farrington