CDR(内容解除和重建)技术提供了一种防范网络威胁的新方法。该技术专门用于降低文件传播攻击的风险,而文件传播攻击是恶意软件和其他网络威胁的常见载体。通过分解文件并删除潜在的恶意内容,CDR 可确保只有安全的内容才能到达最终用户,从而防止未经授权的访问和数据泄露。
什么是 CDR?
CDR 可清除文件中潜在的恶意代码。与传统的恶意软件检测方法不同,CDR 通过识别和消除所有不符合预定义安全策略的文件组件来运行。这种积极主动的安全方法旨在防止网络威胁渗入网络,无论威胁是已知的还是未知的。
CDR 如何工作?
CDR 的工作原理是将每个文件分解成各个组成部分,然后逐个扫描这些组成部分。这一过程包括几个步骤:
文件解构
传入的文件被分解成最基本的组成部分。
组件解除
对每个组件中可能有害的元素(如宏和嵌入式脚本)进行识别和删除。
文件重建
对文件进行重建,排除任何被认为不安全的组件,从而确保最终产品符合组织的安全政策。
CDR 的五种用途
CDR 技术被广泛应用于各个领域,尤其是在文件传播威胁风险较高的环境中。以下是 CDR 的五个主要用途:
通过对文件进行细粒度分析,CDR 可以识别并消除利用杀毒软件未知漏洞的威胁,从而防范零日攻击。
电子邮件是恶意软件传播的常见渠道。CDR 可以通过删除恶意内容对附件进行消毒,确保可以安全地打开电子邮件。
企业越来越依赖基于云的服务进行协作和通信。可以部署 CDR,对通过这些服务上传、下载、传输、共享和存储的文件进行消毒,以确保这些平台的安全。
CDR 可用于扫描和清理端点设备上的文件,从而降低 BYOD 设备和其他访问组织资产的外部设备的感染风险。
文件,尤其是内嵌宏或对象的文件,很容易受到恶意软件的攻击。CDR 可确保这些文件不含恶意内容,同时保留其功能。
Elevate Preventative Security with OPSWAT Deep CDR™ Technology
传统的 CDR 解决方案难以处理复杂的文件结构,从而导致较高的延迟和潜在的误报。它们还可能无法有效处理某些文件类型或格式,如密码保护文件或压缩文件。
Deep CDR™ Technology goes beyond the capabilities of traditional CDR solutions by recursively sanitizing nested archives in file types like PDFs, images, ZIP files, and Microsoft Office docs.
Deep CDR™ Technology evaluates and verifies file types and consistency, creating placeholders for approved objects while disarming the original file. It then regenerates usable components such as pointers, tables, and frames, ensuring that the final file is safe and retains its original characteristics.
It supports a wide range of file types and processes files quickly, often within milliseconds. Deep CDR™ Technology provides comprehensive diagnostic data, including forensic information about the disarmed files so that analysts can better understand incoming threats.
Deep CDR™ Technology offers superior protection against both known and unknown threats, including those that evade detection by traditional antivirus software. It is capable of sanitizing hidden threats in archive files and QR codes, among others, providing a more robust defense against evolving cyber threats.
While traditional CDR provides a foundational layer of protection against known threats, Deep CDR™ Technology offers a more comprehensive and proactive defense mechanism capable of addressing a wider range of threats, including those that are highly evasive or unknown. Organizations facing advanced persistent threats or operating in high-risk environments can benefit from implementing Deep CDR™ Technology to enhance their cybersecurity posture.
Learn more about how a Japanese government organization uses Deep CDR™ Technology to proactively detect advanced threats.
