September 16, 2020

File Content Sanitation: The Next Frontier in Stopping Malware

Tamarian Del Conte

Spending time on the internet used to be something we did for fun. Several month ago, that changed.  Now, we’re all increasingly dependent on the internet to do our jobs, to educate our children, to run businesses, and even help with our health care.  That’s why modern cyber-attacks increasingly target users through web browsers. Hackers are using techniques like embedding malicious URLs within files and other content on “good” domains to circumvent web security infrastructure.

While site attacks can’t be predicted, there are ways to contain the damage by isolating end-user internet browsing sessions from endpoints and networks--called remote browser isolation (RBI).  This safeguards user access from anywhere to web and cloud services, spots malicious cloud and web-borne threats and protects critical data, and IP to eliminate security gaps.

RBI helps dramatically decrease zero-day exploits and phishing threats to endpoints and networks.  Forcepoint Edge Protection suite of SASE solutions that consists of Cloud Security Gateway (CSG) and Forcepoint Private Access (PA) are platforms that work together with advanced security solutions such as RBI and other unified capabilities to bolster security by eliminating gaps.   

With RBI,  URLs can also be rendered in read-only mode to prevent credential phishing, and data-sharing activities on websites can be controlled to stop data loss. And C-level execs, IT-Admins, and others that are frequently targeted by cybercriminals? They can have all their web traffic isolated to provide the highest degree of web security. 

Browsing is one thing, but what about downloads?

Recent studies report that there is a 59% increase in the volume of credential theft and phishing attacks since mid-2019. Phishing attacks are designed to deliver malware (ransomware, data theft, etc.), while some are designed to harvest credentials to enable system access.  The problems continue despite increased investments in training and technology and significant time and effort spent by security teams responding to incidents.   

 RBI helps here too. That’s where Content Disarm and Reconstruction (CDR) technology comes in. It is a key component of our RBI offering. CDR can easily sanitize emails and files as they are downloaded to better protect the end-users. It ensures that any files downloaded from a web are clean and safe to use, neutralizing one of the worst threats to businesses today—phishing campaigns. If a user downloads an infected file, CDR removes the malicious code. Only the clean file is delivered. In conjunction with RBI, CDR provides comprehensive malware protection for both web browsing activities and file downloads.

How does CDR work?

The CDR process is as follows:

1. Identify the incoming file type e.g. image file, Word doc etc., break the file down into its elements

2. Identify and remove any file elements that do not comply with file type specifications

3. Build a new clean file with the remaining content

4. Deliver clean file to the user

The Benefits of CDR:

  • Protect against malicious code, even zero-day threats
  • No impact on user experience and productivity
  • Can be applied to a variety of file formats (i.e. Images, pdf, audio/ video file formats, archives, html and office documents)
  • Prevents cyber threat from multiple sources (i.e. email, web browsers, file servers, ftp, cloud and endpoint devices)

Additional Resources:

Tamarian Del Conte

Tamarian thrives on learning about new things, how they work and how to make them better.  Her experience includes Mechanical Engineering Design and Architecture, Technical Product Marketing  and Consulting.  She is certified Six Sigma Business Process Management and Pragmatic and uses those...

Read more articles by Tamarian Del Conte

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.