Safe content can mean many things to many people. For a concerned parent, it means shielding young eyes from inappropriate content. For a Chief Financial Officer, it means accurate and auditable financial ledgers. And probably most importantly, for the Chief Information Security Officer (CISO), it means that every electronic file is free from malware in any form (virus, ransomware, spyware, etc). Check out last week’s blog to see the cost of unsafe content and then read on for techniques to keep your content safe
Definitely Safe, But Not Practical
The only way to guarantee absolute safety of your content is to isolate it completely. That’s right, take it off of the network, out of the cloud and never ever connect the device holding your content to a wireless network, a connected network or any other device for that matter. Yes, this is extreme but your content will be safe from any cyber hack or malware… guaranteed. Unless of course Ethan Hunt has been sent to steal the content off of the physical device. This is not practical for the average business, or in fact any business outside of the highest security clearances for defense related projects, so it is clearly not a practical or viable solution.
The good news is that there are literally hundreds of solutions that claim to protect your content and networks. Or is it? Unfortunately, all most of them have some drawbacks that may not ensure the safety of your content or may be impractical when it comes to time delays and resource requirements (read “productivity and profitability).
- Signature-based solutions: this approach looks for occurrences of unique computing “signatures” that represent known malicious code and then prevents it from entering the network. It works because all computing objects have unique attributes that are used to create a unique descriptor (or signature) which can then be cataloged and used for screening.According to an InfoSecurity article “Signature-based malware detection technology has a number of strengths, the main being simply that it is well known and understood – the very first anti-virus programs used this approach. It is also speedy, simple to run, and widely available. Above all else, it provides good protection from the many millions of older, but still active threats.” The downside is that it will fail for zero day threats when the signature is not previously known.
- Behavior-based solutions:The same InfoSecurity article reference above offers this on behavior-based solutions, “Behavior-based malware detection evaluates an object based on its intended actions before it can actually execute that behavior. An object’s behavior, or in some cases its potential behavior, is analyzed for suspicious activities. Attempts to perform actions that are clearly abnormal or unauthorized would indicate the object is malicious, or at least suspicious.” The challenge here is the time delays and resources required to duplicate evey environment in order to detonate every bit of content before being passed along for use.
- Content Disarm and Reconstruction (CDR):According to Wikipedia “CDR works by processing all incoming files of an enterprise network, deconstructing them, and removing the elements that do not match the file type's standards or set policies. CDR technology then rebuilds the files into clean versions that can be sent on to end users as intended.” So this sounds amazing, however the technology is still very early stage and seems to have the expense of behavior-based with even more time spent to attempt to reconstruct content.
The great news is that there are evasion proof solutions that allow you to prevent instead of having to remediate cyber threats, even zero-day malware. Solebit’s SoleGATEuses deep inspection and analysis methods that can interpret and detect malicious code in real time and immediately block threats.
With SoleGATE every line of code is evaluated, making Sandbox evasion techniques ineffective and on average, the analysis time is between milliseconds up to a few seconds as opposed to Network Sandboxes typically taking 5-15 minutes to perform the same analysis.Bottom line is that your users will be much happier now that content is flowing faster throughout your organization and finance will be happier with the reduced expenses.
See for yourself what SoleGATE can do to deliver evasion proof security and ensure the content is safe in your organization today. Register for a free trial today.