Data Sanitization (CDR)

Cyber Threat Prevention Without Relying on Detection

Data sanitization, also known as Content Disarm and Reconstruction (CDR), is an advanced threat prevention technology that does not rely on detection. Instead, it assumes all files are malicious and sanitizes and rebuilds each file ensuring full usability with safe content. The technology is highly effective for preventing known and unknown threats, including zero-day targeted attacks and threats that are equipped with malware evasion technology such as Fully Undetectable (FUD) malware, VMware detection, obfuscation and many others.

How Does Data Sanitization Work?

Identify & Scan Files

Files are evaluated and verified as they enter the sanitization system to ensure file type and consistency, with identification of over 4,500 file types. Each file is analyzed with more than 30 anti-malware engines to identify known and unknown threats. File extensions are examined to prevent seemingly complex files from posing as simpler files, a red flag for malicious content, alerting organizations when they are under attack. Our solution supports sanitization for over 30 common file types, including PDF, Microsoft Office files, HTML as well as many image files. JTD and HWP files are also supported.

Sanitize Files

The files are rebuilt in a fast and secure process. File elements are separated into discrete components, malicious elements are removed, and metadata and all file characteristics are reconstructed. The new files are recompiled, renamed and delivered, preserving file structure integrity so that users can safely use the file without loss of usability.

Use Files

The newly regenerated files can now be used. Even complex files remain usable, for instance animations embedded in PowerPoint files remain intact after data sanitization. Finally, the original files are quarantined for backup and further examination. By rendering fully usable files with safe content, our advanced data sanitization engine protects organizations against the most advanced threats while maintaining user productivity.

As malware sandbox evasion techniques improve, the use of content disarm and reconstruction (CDR) at the email gateway as a supplement or alternative to sandboxing will increase.

Gartner
Fighting Phishing: Optimize Your Defense

Why Do You Need Data Sanitization?

Traditional Defenses Are Becoming Less Effective

Malware is growing in complexity and becoming increasingly successful at evading traditional anti-malware engines and sandboxes:

  • Malware is becoming more advanced and often exploits known and unknown software vulnerabilities.
  • Malware is now being built ‘sandbox aware’ and is increasingly able to evade traditional detection methods.
  • The number of file types is growing every day, introducing new potential weaknesses that malicious actors can exploit.
  • The complexity of files is increasing, giving cybercriminals more opportunities to embed malicious scripts and exploits.

Anti-malware and Sandboxing Solutions Rely on Detection

Although anti-malware applications and sandboxes are able to detect and block the majority of threats, no solution can catch 100% of threats. The problem with traditional anti-malware and sandboxing technologies is that they rely on detection. While this can be effective in many cases, cyber criminals are continually developing new ways to avoid detection, enabling them to bypass traditional defenses. To complicate matters further, many of the file types that pose a high threat risk (such as Microsoft Office and PDF files), are also the files that are essential for business productivity. How can organizations protect themselves against these threats without impacting productivity?

Data Sanitization Prevents Threats Without Relying on Detection

Instead of relying on detection, Data Sanitization leaves no room for threat detection error and prevents many file-based threats, including known, unknown, complex and sandbox aware threats. By sanitizing each file and removing any possible embedded threat, Data Sanitization effectively ‘disarms’ all file-based threats without the need for detection. 

98%
Malware used at least one evasive tactic
32%
Malware was "hyper-evasive" (6 evasive tactics or more)
27%
Malware evaded detection from a single sandbox
'Evasive Malware Now a Commodity' Security Week - Siggi Stefnisson, 2018

OPSWAT's Data Sanitization Prevents Threats Without Productivity Loss

Our Data Sanitization technology does not compromise productivity file features such as PowerPoint animation and Excel macros, so that users can continue to use essential files without risk of infection, while maintaining user productivity. Most users will not be aware that data sanitization occurred.

File TypeBefore SanitizationAfter Sanitization
PDF.png#asset:13567

Download Original File

Download Sanitized File

XLSX.png#asset:13569

Download Original File

Download Sanitized File

PPTX.png#asset:13568

Download Original File

Download Sanitized File

DOCX.png#asset:13566

Download Original File

Download Sanitized File


Why Should You Use OPSWAT’s Data Sanitization?

Our Data Sanitization technology:

  • Includes support for many file types, including image files
  • Offers flexible conversion options per file format leveraging OPSWAT MetaDefender’s workflow engine 
  • Maintains file usability after sanitization
  • Achieves fast sanitization without impacting performance
  • Integrates with OPSWAT multi-scanning to include threat detection 

See how recently sanitized files by customers on MetaDefender Cloud prevented malware threats:

Can Data Sanitization Prevent Threats Based on Software Vulnerabilities?

A software vulnerability refers to the weakness of an asset that can be exploited by cyber attackers. Both known vulnerabilities and unknown vulnerabilities can be the root cause of security incidents. Many vulnerabilities are leveraging files to compromise file containers. For example, hackers can leverage the disclosed Microsoft Office vulnerability, CVE-2017-11882, to distribute backdoor malware capable of controlling an infected system, providing attackers with the ability to extract files that execute malicious commands. Data Sanitization is effective for addressing file-based vulnerabilities since by rebuilding files it removes malicious commands and exploits hidden in images, videos, and other innocent file formats.


Can Data Sanitization Protect Against the Risk of Increasingly Complex File Formats?

File formats are allowing increasingly complex functions through embedded scripts, macros and programming designed to streamline workflows and boost productivity. For example, PDFs may contain an abundance of elements including hyperlinks, media files, forms, Unicode characters and encrypted data. This complexity allows users to be more productive, but also enables malicious actors to embed scripts and exploits that take advantage of the flaws in applications. Data Sanitization protects against these file based vulnerabilities as it rebuilds files and prevents malicious commands, scripts, and embedded objects.

1,762
reported targeted cyber attacks in 2017
27%
vulnerabilities are file based
59%
companies experienced malicious code attacks
32%
attacks were leveraging zero day vulnerabilities in 2017

Amit Schulman

Solution Engineer, OPSWAT

Shows how documents with embedded threats are rendered harmless with data sanitization

Data Sanitization Technology Highlights

Support for 30+ File Types

Sanitize and reconstruct over 30 common file types, ensuring each file is completely usable with safe content. Supported file types include PDF, Microsoft Office, HTML as well as many image files. JTD and HWP files are also supported.

View Supported File Types

100+ File Conversion Options

Our customizable file conversion features allow you to change files into different formats and convert a .jpg file into a .bmp file, then to a .pdf file, then back to a .jpg, for example. These multiple conversions prevent document-based threats from entering highly secure networks.

View File Conversion Configuration

File Type Verification

Verify over 4500 file types to combat spoofed file attacks and detect seemingly complex files from posing as simpler files.

File Type Verification Options

High Performance

For fast, efficient prevention, data sanitization is on average 30 times faster than sandbox analysis, and prevents malware (including zero-day) that has been built to evade sandbox detection.

View Performance Stats

Multi-Scanning Integration

Data sanitization integrates with multi-scanning, alerting users if they are under attack. It provides visibility across different channels and file entry points including email attachments, files on portable media devices, and browser downloads, enhancing the security of the entire organization.

Integrated Multi-Scanning Technology

Customizable Workflow

You can also customize the order of multi-scanning and data sanitization steps for different file entry points. Depending on which channels files originate from, you can first sanitize external files, deliver the sanitized version to users, and then multi-scan the original files for complete visibility of the attack matrix.

Workflow Engine

OPSWAT Products That Use Data Sanitization

Data Sanitization (CDR) Resources

Video
Watch a quick demo of our data sanitization technology to see how it neutralizes the attack by removing all potentially malicious...
Video
Cybertech Keynote speaker, CEO and Founder Benny Czarny presenting the latest cyber security attack strategies and how to defeat...
In November 2017, we published a blog post about how OPSWAT data sanitization (CDR) blocks macro-less...
In early December 2017, OPSWAT announced that OpenDocument Text files are supported in MetaDefender for data sanitization...
Video
Data sanitization (CDR) is a highly important advanced threat prevention technology that removes or disables advanced attacks...
By the OPSWAT Data Sanitization Team Last week, the APT28 threat group (also known as "Fancy Bear") was discovered to be using...
In June, we published a short announcement about the beta release of XML document data sanitization (CDR) in which we briefly...
For cyber criminals, image malware is the ideal way to launch a surprise attack. The vast majority of users do not expect a...
Document-based malware exploits are an incredibly common method for attack. The types of malware distributed via this method are...