IT managers are facing mounting challenges during this global coronavirus pandemic. The verdict is clear: companies were forced to shift to remote working arrangements and among their chief worries was keeping their infrastructure secure. Crippled by the lockdowns, many have resorted to allowing their employees to use personal devices for work.

Using these unvetted devices can introduce gaps in the security. Just a single compromised computer can potentially lead to the spread of malware across their networks. And the malware threat is very real. According to Accenture in its Cybersecurity Report 2020, malware-enabled attacks are among the top cybersecurity threats that users face.

What's worrying about malware is that newer variants have become quite complex that they can now bypass security measures like antimalware and sandboxes. Simply asking staff members to install and enable antiviruses on their computers may not be enough to mitigate the risks.

Because of this, organizations should be exploring more capable methods to protect themselves from malware threats. Disarming malware through content disarm and reconstruction (CDR) solutions, for instance, has been gaining traction in a number of enterprises.

Dr. Oren Eytan, CEO of leading malware disarm firm odix, discussed the technology, its advantages, and how it's currently being used.

"Hackers have become quite crafty in disguising their malware, using common document types to trick users into opening them. Even legitimate work files can be embedded with malware, enabling them to get around common security measures. CDR works by scanning a file's binary code to flag potentially malicious code, disarming the code, and reconstructing the file to make it safe and usable," Dr. Eytan shared.

Considering the grave consequences of being victimized by a cyberattack, it's an opportune time for companies to consider exploring better options.

Why CDR

CDR might be a relatively new term, coined by Gartner to label solutions that employ the approach, but it has enjoyed extensive use by select enterprises to great effect. But is it really more advantageous than conventional solutions?

Most popular antimalware solutions rely on signature-based detection meaning it must "know" a malware before it can identify and remove it. This is why most antiviruses require users to constantly update definition files in order to continue protecting against new strains and variants. Unfortunately, hackers can use polymorphic malware which automatically changes its signature to avoid detection. Since CDR tests files' binary code against set file standards and removes code that fall outside these parameters, the process can sanitize these types of malware, even new ones

File usability also is an issue. Most antimalware tools simply provide options to either quarantine or remove infected files and offer no real means of recovery. odix, for instance, uses its proprietary technology to maintain the file's type during the sanitization process to maintain the file's usability at the end of the process. A Word or PDF file is kept as is. Some CDR implementations convert the file into an intermediary format which increases the likelihood of loss of information or usability.

CDR can also be deployed across various infrastructure components. odix allows users to implement CDR on network file applications so any file that enters and moves through the network can be sanitized. It also offers a native Microsoft 365 plugin to readily scan attachments. Organizations can also tap an application programming interface (API) to integrate CDR into their own enterprise applications. This flexibility enables organizations to cover several possible malware attack vectors.

Why It's Worth Considering

Malware disarm is poised to be a viable addition to existing defenses especially since remote work has considerably expanded their attack surface. Companies are now highly dependent on online repositories, network folders, and email to facilitate work. Even if they can't cover each endpoint in the meantime, at least CDR can ensure that all files and attachments sent and received throughout their network are clean and safe to use.

Cost is also a factor. Most CDR solutions are designed for use by large enterprises and are also priced as such. For a good number of operations, the coronavirus outbreak has caused quite the financial crunch especially on small to medium-sized businesses (SMBs). They have to be quite careful in choosing where to spend their budgets, and additional security spending will definitely warrant a strong review.

"Clearly, the malware threat isn't going away any time soon. It's only wise for any enterprise to invest in security. We, in the cybersecurity sector, are working hard to make sure that we stay ahead of the curve and protect our users safe from threats. Of course, we'd like for our solution to become more accessible to any business. We've recently been awarded a grant by the European Commission to make our solutions accessible to SMBs," Dr. Eytan elaborated.

Organizations may also want to consider their unique use cases. Industrial and manufacturing facilities might use air-gapped computers for their industrial control systems. To move data around, such systems rely on removable storage such as USB drives and external drives. Malware attacks to such systems are actually a concern globally with new ransomware strains targeting industrial systems. Providers like odix provide a CDR solution which essentially serves as a standalone sanitization station for scanning of removable media.

The bottom line

Even before the pandemic, companies and users have been shifting their activities online. The pandemic has further accelerated this digital transformation as physical distancing protocols have forced everyone to conduct business through digital channels.

Unfortunately, cybersecurity threats continue to run rampant. As organizations revisit their own cybersecurity strategies, now is actually a good time to reconsider the tools that comprise their defensive perimeter and see if they can benefit from new approaches such as malware disarm and CDR.

Of course, malware disarm isn’t necessarily a panacea. But since it can be implemented across various infrastructure components, it can help strengthen an otherwise weak defense.

Coronavirus