File-based threats are occurring with greater frequency and higher success rates as threat actors have continued to hone and adapt their social engineering and spearphishing skills to fit today’s trends, such as cloud transformation. Consider that hundreds of millions of users are now working remotely and relying on Software as a Service (SaaS) platforms and rich web apps to improve mobility and productivity.
As a result, mission-critical files and documents increasingly live outside the corporate firewall, unprotected by the organization’s security policies and controls. Threat actors know this, of course, and have been targeting remote users with phishing emails that seem legitimate and entice them to download malicious files. Once downloaded, these files allow threat actors to exploit embedded objects, automation macros, scripts, and other plug-ins to overwrite memory and trigger the execution of malicious content.
Menlo Security provides two tiers of functionality to combat these threats. First, users can be restricted to viewing a “safe PDF” version of files, meaning that the files have been stripped of any malicious content. Second, if the user requires access to the original file, it can be sent to a sandbox where it will be searched for malicious content and blocked if any is found. However, there is risk in that the sandbox might not yet be able to detect new variants of threats, and thus could expose the user to an undetected threat.
Fortunately, protecting users without impacting the native experience is the essence of Menlo’s Security without Compromise approach to cybersecurity. Now we’ve partnered with Content Disarm and Reconstruction (CDR) solution providers such as Sasa Software, ReSec Technologies, and OPSWAT to eliminate file-based threats while allowing users to access their original files without the loss of the native file format.
Isolation + CDR = Safe file access in native format through seamless user experience
Menlo Security’s Global Cloud Proxy with an Isolation Core™ acts as an additional security layer in the cloud that enables safe viewing of web content and documents. Organizations can integrate their existing sandbox environment with the Menlo Global Cloud Proxy to isolate known malicious content before it reaches the user’s endpoint device. Adding CDR technology to our Global Cloud Proxy solution gives organizations the added capability of allowing users to access original files without posing a risk to the organization.
Menlo Security has partnered with three CDR vendors to provide this capability:
Sasa’s GateScanner CDR uses highly optimized scanning and detection technologies to pre-filter malicious files, as well as proprietary file disarm technology to effectively transform files into safe and neutralized (harmless) copies. This prevents advanced and undetectable weaponized content—including zero-day threats, exploits, APTs, and ransomware—while maintaining full file fidelity and usability.
OPSWAT MetaDefender detects malicious files by scanning them with more than 30 AVs, including Next-Gen AV. The original files are then sanitized through Deep CDR, effectively removing possible attacks hidden in files while keeping the original functionality and usability intact. MetaDefender can also restrict the allowed file types that can be downloaded.
ReSec’s ReSecure Web solution completely prevents known and unknown malware that may have arrived via dowloaded web documents. ReSecure maintains the original file outside of the organization’s network and creates a threat-free and fully functional replica of the file in real time for the user to safely access. A granular and rich policy editor offers diverse alternatives to exclude file types, treat URLs, configure security settings levels, and more.
Menlo Security’s Global Cloud Proxy with an Isolation Core™ enables safe viewing of web content and documents. And now, with our integration with CDR technology partners, organizations can allow secure access of original files without compromise.
Download the Menlo Security joint solution briefs (with Sasa GateScanner, OPSWAT MetaDefender, and ReSec ReSecure ) to learn more about how you can use CDR to prevent file-based attacks while allowing users to access their original files in the native file format.
*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by Mehul Patel. Read the original post at: https://www.menlosecurity.com/blog/mitigating-threats-associated-with-downloading-files-in-native-file-format