John Stevenson by John Stevenson | | Blog

men using laptop and web security

We all know that downloading documents and images from the internet is potentially dangerous.

A document download from the Web is an incredibly popular vector for delivering malware, attacks and exploits because it works. Just look at something like Emotet, one of the most notorious, active and successful pieces of malware ever seen.

Emotet is successful for two reasons. Firstly, it’s concealed in everyday business documents such as Word or Excel files. And secondly, because attackers work full time on ensuring that defences are always playing catch up, subtly mutating it so that it continually evades detection.

Uncertainty and Risk

The list of defensive tools and techniques being used to address this problem grows ever longer. Of course anti-virus at the gateway is the most established, but it’s widely acknowledged that it struggles to detect and combat malware concealed in documents.

Sandboxing can be useful in quarantining suspect documents and running them – rather like a bomb squad performing a controlled explosion on a suspicious package. The problem here is that the bad guys have spotted how to identify when their malware-infected document is in a sandbox and will lie low until they document has been declared safe. A further problem with sandboxing is that it can introduce a lot of delay into the simple process of clicking on a document to download it – making it unpopular with users.

Some use browser isolation, whereby all browsing is performed “at arm’s length”, effectively inside a virtual machine within the physical host machine. On the face of it this looks like a great option, but as soon as someone wants to edit a document they are viewing within the isolated area, you’re back to trying detect the presence of malware – with all the attendant uncertainty and risk that accompanies that approach.

Time for a Rethink

It’s time to rethink how we defend. By that, I mean the fundamental paradigm we apply. At Deep Secure we’ve pioneered a zero-trust approach, born out of defending military data assets. This approach starts from the premise that since it is impossible to be certain that any given document does or doesn’t contain malware (the bad guys are just too good at hiding it), the only way to be certain is to trust nothing and use a threat removal platform to transform it.

Our transformation process involves extracting the useful business information from a document, discarding the original and creating a new one with the information in it to give to the user, leaving any threats behind in the process. This type of threat removal 100% guarantees risk-free document downloads because none of the original downloaded digital file ever reaches the user or the endpoint.

Threat Removal

Threat Removal has benefits across the organization from risk mitigation to user productivity. Most important of all, it takes the onus away from the defender to try and second guess an attacker’s next steps and makes the web a place where businesses can exchange and leverage data with confidence.  

See Document Transformation In Action
Sign up for a Free Trial

View all posts