- Solutions
Govern and secure data or device transfer for your segmented and air-gapped network environments.
Secure local or remote access to your cloud applications, internal networks and resources.
Prevent malicious file upload that can compromise your networks.
Analyze suspicious files or devices with our platform on-prem or in the cloud.
The majority of malware continues to be initiated via email. OPSWAT Protects Your Organization Against Advanced Email Attacks.
Prevent risky devices including BYOD and IoT from accessing your networks with full endpoint visibility.
Protect your on-prem or cloud storage services and maintain regulatory compliance.
Join hundreds of security vendors benefiting from OPSWAT’s industry-leading device and data security technologies.
Trust no file. Trust no device.AcademyUse our on-demand courses to get trained and certified on cyber security concepts and best practices, critical infrastructure protection, and OPSWAT products and solution. Both introductory and advanced courses are available.
The OPSWAT Academy consists of subject matter courses designed for the learner to build up their expertise using a phased approach.
For current OPSWAT customers, the Academy also includes advanced training courses for greater ease-of-use efficiency when operating and maintaining all OPSWAT products and services.
Available Certifications
Each discipline certification is awarded for one year upon passing the exams on that discipline's courses in OPSWAT Academy.
In order to maintain active OCIPA Certification, make sure you stay current on all OPSWAT's individual discipline certifications.
Trust no file. Trust no device.PartnersA Service that verified compatibility and effectiveness of endpoint next-gen anti-malware, anti-malware and disk encryption products.
Enhance threat prevention by integrating OPSWAT technologies. OPSWAT partners with technology leaders offering best-of-breed solutions with the goal of building an ecosystem dedicated to data security and compliance using integrated solutions.
Categories
Our partner program is aimed at providing the most effective and innovative products and tools to help accelerate your business.
Trust no file. Trust no device.ServicesWork with our subject matter experts for cyber security consultation, implementation and integration guidance, ongoing maintenance and improvement, or complete managed services.
The OPSWAT’s support team can provide you 24x7x365 coverage via phone, chat, or cases that you log with you.
Take advantage of our instructor led training (ILT) courses or onsite “walk the floor” coaching to augment and expand on the training received through OPSWAT Academy courses.
Use our on-demand courses to get trained and certified on cyber security concepts and best practices, critical infrastructure protection, and OPSWAT products and solution. Both introductory and advanced courses are available.
Trust no file. Trust no device.CompanyTrusted by over 1,000 organizations worldwide to provide effective cyber security solutions.
Our products are trusted by over 1,400 organizations worldwide to protect their digital assets and keep their data flow secure.
We are always looking for intelligent and creative people with a passion for security to join our team. Join us to help protect worldwide Critical Infrastructure.
Find OPSWAT at trade shows and conferences to learn how our cybersecurity solutions can protect your organization against cyber attacks.
Resources to learn more about OPSWAT products and critical infrastructure protection.
Resources to learn more about OPSWAT products and critical infrastructure protection.
Trust no file. Trust no device.Trust no file.
Trust no device.
Deep Content Disarm and Reconstruction (Deep CDR)
OPSWAT Deep CDR is an advanced threat prevention technology that does not rely on detection. Instead, it assumes all files are malicious and sanitizes and rebuilds each file ensuring full usability with safe content.
Our technology is a verified leader in the current market. It differentiates from other vendors with the depth of archive processing, accuracy of file regeneration and the broad support of prevailing file types (currently standing at more than 90 different file types).
The technology is highly effective for preventing known and unknown threats, including zero-day targeted attacks and threats that are equipped with malware evasion technology such as Fully Undetectable malware, VMware detection, obfuscation and many others.
How Does Deep CDR Work?
Identify & Scan Files
Files are evaluated and verified as they enter the sanitization system to ensure file type and consistency, with identification of over 4,500 file types. Each file is scanned to identify all embedded active content in the file, such as macros, hyperlinks and OLE objects. File extensions are examined to prevent seemingly complex files from posing as simpler files, and red-flagged for malicious content, alerting organizations when they are under attack. Our solution supports sanitization for over 90 common file types, including PDF, Microsoft Office files, HTML as well as many image files. JTD and HWP files are also supported.
Sanitize Files
The files are rebuilt in a fast and secure process. File elements are separated into discrete components, malicious elements are removed, and metadata and all file characteristics are reconstructed. The new files are recompiled, renamed and delivered, preserving file structure integrity so that users can safely use the file without loss of usability.
Use Files
The newly regenerated files can now be used. Even complex files remain usable, for instance animations embedded in PowerPoint files remain intact after Deep CDR. Finally, the original files are quarantined for backup and further examination. By rendering fully usable files with safe content, our advanced Deep CDR engine protects organizations against the most advanced threats while maintaining user productivity.
As malware sandbox evasion techniques improve, the use of CDR at the email gateway as a supplement or alternative to sandboxing will increase.
Gartner
Why Do You Need Deep CDR?
Traditional Defenses Are Becoming Less Effective
Malware is growing in complexity and becoming increasingly successful at evading traditional anti-malware engines and sandboxes:
- Malware is becoming more advanced and often exploits known and unknown software vulnerabilities.
- Malware is now being built ‘sandbox aware’ and is increasingly able to evade traditional detection methods.
- The number of file types is growing every day, introducing new potential weaknesses that malicious actors can exploit.
- The complexity of files is increasing, giving cybercriminals more opportunities to embed malicious scripts and exploits.
Anti-malware and Sandboxing Solutions Rely on Detection
Although anti-malware applications and sandboxes are able to detect and block the majority of threats, no solution can catch 100% of threats. The problem with traditional anti-malware and sandboxing technologies is that they rely on detection. While this can be effective in many cases, cybercriminals are continually developing new ways to avoid detection, enabling them to bypass traditional defenses. To complicate matters further, many of the file types that pose a high threat risk (such as Microsoft Office and PDF files), are also the files that are essential for business productivity. How can organizations protect themselves against these threats without impacting productivity?
Deep CDR Prevents Threats Without Relying on Detection
Instead of relying on detection, Deep CDR leaves no room for threat detection error and prevents many file-based threats, including known, unknown, complex and sandbox aware threats. By sanitizing each file and removing any possible embedded threat, Deep CDR effectively ‘disarms’ all file-based threats without the need for detection.
OPSWAT's Deep Content Disarm and Reconstruction Prevents Threats Without Productivity Loss
Our Deep CDR technology does not compromise productivity file features such as PowerPoint animation and Excel macros, so that users can continue to use essential files without risk of infection, while maintaining user productivity. Most users will not be aware that Deep CDR occurred.
| File Type | Before Sanitization | After Sanitization |
 | ||
 | ||
 | ||
 | ||
 |
Why Should You Use OPSWAT’s Deep Content Disarm and Reconstruction?
Our Deep CDR technology:
- Includes support for many file types, including image files
- Offers flexible conversion options per file format leveraging OPSWAT MetaDefender’s workflow engine
- Maintains file usability after sanitization
- Achieves fast sanitization without impacting performance
- Integrates with OPSWAT Multiscanning to include threat detection
See how recently sanitized files by customers on MetaDefender Cloud prevented malware threats:
Can Deep CDR Prevent Threats Based on Software Vulnerabilities?
A software vulnerability refers to the weakness of an asset that can be exploited by cyber attackers. Both known vulnerabilities and unknown vulnerabilities can be the root cause of security incidents. Many vulnerabilities are leveraging files to compromise file containers. For example, hackers can leverage the disclosed Adobe Acrobat and Adobe Reader vulnerability, CVE-2019-16451, to distribute backdoor malware capable of controlling an infected system, providing attackers with the ability to install programs, view, modify, erase data and create new accounts with full user rights. Deep CDR is effective for addressing file-based vulnerabilities since by rebuilding files it removes malicious commands and exploits hidden in images, videos, and other innocent file formats. Integrating with OPSWAT File-based Vulnerability Assessment helps detect application and file based vulnerabilities before they are installed within your network.
Can Deep CDR Protect Against the Risk of Increasingly Complex File Formats?
File formats are allowing increasingly complex functions through embedded scripts, macros and programming designed to streamline workflows and boost productivity. For example, PDFs may contain an abundance of elements including hyperlinks, media files, forms, Unicode characters and encrypted data. This complexity allows users to be more productive, but also enables malicious actors to embed scripts and exploits that take advantage of the flaws in applications. Deep CDR protects against these file-based vulnerabilities as it rebuilds files and prevents malicious commands, scripts, and embedded objects.
Amit Schulman
Solution Engineer, OPSWAT
Shows how documents with embedded threats are rendered harmless with Deep CDR
Deep CDR Technology Highlights
90+ Supported File Types
Sanitize and reconstruct 90+ common file types, ensuring each file is completely usable with safe content. Supported file types include PDF, Microsoft Office, HTML as well as many image files. JTD and HWP files are also supported.
View Supported File Types200+ File Conversion Options
Our customizable file conversion features allow you to change files into different formats and convert a .jpg file into a .bmp file, then to a .pdf file, then back to a .jpg, for example. These multiple conversions prevent document-based threats from entering highly secure networks.
View File Conversion ConfigurationFile Type Verification
Verify over 4500 file types to combat spoofed file attacks and detect seemingly complex files from posing as simpler files.
File Type Verification OptionsHigh Performance
For fast, efficient prevention, Deep CDR is on average 30 times faster than sandbox analysis, and prevents malware (including zero-day) that has been built to evade sandbox detection.
View Performance StatsMultiscanning Integration
Deep CDR integrates with Multiscanning, alerting users if they are under attack. It provides visibility across different channels and file entry points including email attachments, files on portable media devices, and browser downloads, enhancing the security of the entire organization.
Integrated Multiscanning TechnologyCustomizable Workflow
You can also customize the order of Multiscanning and Deep CDR steps for different file entry points. Depending on which channels files originate from, you can first sanitize external files, deliver the sanitized version to users, and then multiscan the original files for complete visibility of the attack matrix.
Workflow EngineDeep Content Disarm and Reconstruction (Deep CDR) Resources
