An Enterprise Action Plan For CDR – Source: securityboulevard.com

By David Neuman

Senior Analyst, TAG Cyber 

[email protected]

Introduction  

Information is the lifeblood of 21st-century businesses. They depend on the ability to safely and securely collect, collaborate, share, and use information as part of every business or operational process. The vastness of unstructured data that businesses use also makes them susceptible to risks from cyber threat actors seeking to steal, exploit, or destroy that information.  

In this article, we’ll describe how organizations can develop an enterprise action plan on how to leverage Content Disarm and Reconstruction (CDR) technology to analyze and protect that information so it can continue to drive business success. 

Adoption of Modern Collaboration Platforms

The adoption of modern collaboration platforms has grown exponentially over the last five years. With the rise of remote work and the need for remote collaboration, the demand for these platforms has increased dramatically. Here are some key growth trends: 

• M365: According to Microsoft’s FY2022 Q3 report, Microsoft 365 has grown to 345 million paid seats in 2022 – up from 258 seats in 2020. 
• Google Workspace: According to Google, more than 3 billion monthly active users now use the G Suite platform in 2022, which includes Google Docs, Sheets, and Slides. This represents a significant increase from the 1.5 billion active users reported in 2018.  
• Slack: As of 2023, Business of Apps reports over 18 million daily active users, in 156,000 organizations. 
• DropBox: According to Dropbox’s 2022 Q4 earning report, paying users ended at $17.77 million, as compared to $16.79 million for the same in 2021. 

Overall, the growth of online collaboration platforms has been driven by various factors, including the rise of remote work, increased focus on productivity and efficiency, and the need for more effective ways to collaborate and communicate across geographically dispersed teams. It has also accelerated the increase in attack methods by cyber threat actors seeking to exploit this rapid adoption. 

How Does CDR Mitigate Threats in Digital Collaboration?

Traditionally, organizations relied on malware and antivirus scanners to pull apart email attachments and determine if malicious code is buried within them to protect enterprises from falling victim to the delivery of cyber weapons. More recently, organizations have relied on Endpoint Detection and Response (EDR) to detect malicious files once they land on their endpoint systems. This worked well for businesses that primarily used email to share documents across companies or customers. However, with the rapid adoption of collaboration platforms and other means of cloud-based file ingestion, the ability of an attacker to infiltrate an enterprise with malicious documents is as easy as ever. This is where CDR comes into play.   

CDR solutions evaluate documents at the file-structure level, either in cloud-based file repositories, email platforms or as part of the enterprise’s file-sharing solution. CDR solutions disassemble documents into their various objects and evaluate the objects individually for malicious content and known-good content, reconstructing them once the analysis is complete. The most advanced CDR solutions approach file security by presuming all incoming files are bad and rebuilding them with known-good objects. Solutions that leverage a known-good approach presume every document has potential embedded malware within its objects. In this case, following deconstruction, known-good file objects are transferred onto a clean file template, ensuring that the final version of the file is free from any type of malicious content.    

An Enterprise Approach to Implementing CDR 

As with any technology implementation, an enterprise action plan must ensure all the benefits are realized and demonstrate a value return throughout the enterprise. This kind of plan starts with understanding the need for CDR technology. Businesses should ask how important is information collection, collaboration, and sharing (even with external parties) to our business outcomes?  

Following insights from this question, ask if your organization is protecting information used across all its collaboration platforms and channels, internally and externally. While these are the necessary questions, there are deeper considerations of an enterprise action plan. 

What about integration with cloud systems and data lakes? Not every CDR can integrate with more complex environments such as the cloud. Even for those that can, doing so in a manner that does not require a massive effort from engineers to install and configure is not common.  

With the growth in cloud computing, most organizations need a seamless integration that does not require manual efforts for processing and workflows. Easy interoperability that leverages automation eases the burden on staff, allowing them to focus on more important tasks while still gaining all the protective capabilities of the CDR.  

Integrating CDR with Content Collaboration Tools and Platforms: Content collaboration platforms such as Box, O365, Microsoft Teams, and Slack remain uncontrollable for many traditional security controls. Alternatively, security vendors that provide an Open API can integrate CDR support into various software solutions, incorporating CDR protection every time users share files. This creates a true Zero Trust solution as it sanitizes every file, whether or not they are known to be malicious.  

File types supported: Businesses do not only work in limited file formats such as Word, PDF, or Excel. They handle various formats, many of which may be proprietary or less common. How the CDR solution handles more obscure file types is essential to know. Less savvy CDR products may not be able to assess them properly and either block them by default or let them through because they do not understand what components are known safe. A CDR solution must offer an extensive range of format support, especially those commonly used for your organization.  

Ensure content and format aren’t lost in the CDR Process: CDR solutions that are less complex strip away large portions of files when they detect something like their signatures. More advanced CDR solutions preserve all safe content ensuring that no crucial data is lost in the process. Like file flattening, format stripping can also occur on some CDR products. To limit risk, they strip out only the text and shove it into lower-functionality formats, such as converting a Word document to a PDF or a plaintext file. While this may preserve the text content, it removes the ability to edit later along with the format of the information. More advanced CDR solutions can completely rebuild a file in the same type that it was, being intelligent enough to preserve all formatting, so the file presents as intended. With this variety of CDR solutions, businesses will not lose any of the contexts that the format and layout convey.  

Volumes of data required for your business. Businesses handle massive volumes of data daily, from email to file collaboration and cloud storage. Processing and assessing this information flow needs to happen quickly to not impede workers from doing their jobs. CDRs that introduce a delay in processing, especially during volume spikes when users are most busy, displease workers making it more challenging for them to complete their jobs. CDR solutions must effectively handle large volumes of data.  

Consider a Cost-benefit Analysis 

The cost-benefit analysis of using a CDR solution will depend on various factors, such as the size and complexity of the organization, the number of users who will be utilizing the solution, the cost of security practitioners, and the potential loss of productivity. However, we do know about some costs. According to Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. And according to the 2023 IBM Cost of a Breach report, the average cost of the average cost of a breach in $4.45 million.  

Benefits of a CDR solution: 

• Reduced risk of malware infections: A CDR solution is designed to remove potentially malicious content from files, reducing the risk of malware infections that could lead to data breaches or other security incidents. 
• Increased productivity: A CDR solution can help users work more efficiently without needing manual file analysis by eliminating alerts regarding malware in files and automatically sanitizing files and removing potential threats. 
• Improved compliance: A CDR solution can help organizations meet compliance requirements related to data privacy or cybersecurity standards. 

Cost offset opportunities: 

• Licensing fees: Are there licensing fees for products in your enterprise that do not or cannot meet all data collaboration needs that could offset a CDR enterprise solution? 
• Features: For organizations considering modernization or replacement of their secure email gateway solution, a CDR solution is likely to deliver additional features and functionality. 
• Integration: Development, delivery, administration, and maintenance costs for products and platforms that do not universally integrate across the enterprise like a CDR solution may. 

TAG Cyber acknowledges this is a complex area critical to business success. Votiro is a partner who is forward leaning in addressing both security and business enablement for today and the rapidly expanding digital needs of all enterprises. 

*** This is a Security Bloggers Network syndicated blog from Votiro authored by Votiro Team. Read the original post at: https://votiro.com/blog/an-enterprise-action-plan-for-cdr/