CDR (Content Disarm & Reconstruction): what it is and how it works
Updated at: Oct 01, 2019
Do you know what is one of the biggest dangers to your company's information security today? If you thought about files such as PDF, Word, Excel, and Power Point that arrive by email you got it right.
Hackers work day and night looking for vulnerabilities in the structure of these files. It means that one of the most successful methods to infect networks with ransomwares and other virtual threats are documents and email attachments.
There are two consolidated protection engines for attachments in the market. One of them has already been presented here. It's the Sandbox. The other is the goal of this article and is known by the acronym CDR, which works as a file sanitation service.
Don't worry, we are going to explain that.
CDR means Content Disarm & Reconstruction. As its name suggests, CDR deconstructs all active content from a file, removes it and creates a sanitized file respecting the company's policy or the file type’s specification (International Organization for Standardization - ISO).
Let’s think about an example using Gatefy
Let's imagine that you received an email with an PDF file. The subject of the message makes sense and you are very interested in opening the file. What you don't know is that there is a macro in the file that will open a door to a future malware attack.
If your Gatefy's CDR protection is enabled, the engine will remove that macro from the PDF file and you will receive an email with the file clean and secure.
Because of its role and performance, Content Disarm & Reconstruction is an important advanced threat protection technology against zero-day exploits, which are malicious threats not yet identified by security software.
Extra layer of protection
Just as it happens with a Sandbox, a CDR engine may be deployed as a separate product or as an add-on for other security solutions, such as email gateway and endpoint protection.
We recommend that you see Content Disarm & Reconstruction as an extra layer of protection, working together with Sandbox, anti-virus, anti-spam and other engines. This way you will be safer than ever.