secure padlock in shield


In the world of physical security, a variety of techniques are used to protect us against unsafe or undesirable content. These aim to detect explosives or contraband so the threat can be removed. Similar techniques can be applied in the cyber world. But how well do they stack up and can new zero-trust security models help turn the tables on the bad guys?

The X-Ray Scanner

In the physical world, objects are scanned at the airport by operators looking for patterns of known unsafe content, such as weapons and drugs. The cyber equivalent is anti-virus scanning. Here a file is scanned, matching the bytes inside it against a database of patterns that uniquely identify malware. The problem with applying this technique to the cyber world, is that scanning is limited to detecting known malware. Malware that’s entirely new will not match any pattern in the database and so won’t be stopped.

The Controlled Explosion

In a real-world setting, robots can be used to open up suspect baggage to see if it detonates, while the general public are kept well back. In cyber space the equivalent process is called sandboxed detonation. A suspicious file is opened up, and the resulting behaviour is monitored. If there are any unsafe or unusual actions, then the content is deemed unsafe. If all looks good, the content is deemed safe and allowed to continue its journey. The problem here is that the canny attacker can simply craft the exploit to not do anything odd while in the sandbox to avoid detection. For example, it can wait for certain user interactions to take place before triggering.

Sanitisation

An airport scanning process looks for unsafe content, but in many cases if something is found the passenger is not prevented from boarding. Often, the offending object - such as a bottle of water - is removed and discarded with no further investigation. The cyber space equivalent is called Content Disarm and Reconstruct (CDR). Here a file is dismantled into discreet data components and these are checked against a database of parts that are known to have the potential to be unsafe. Once all potentially unsafe parts have been discarded, CDR re-assembles the remaining parts to form a new file that’s as close to the original as possible, given some bits are missing. The problem with this approach is that CDR is a detection technology. It can only stop attacks that rely on parts which are known to be potentially unsafe. Attacks that rely only on elements considered safe will get through.

See Document Transformation In Action
Sign up for a Free Trial

Replacement

There’s another form of physical security that’s used only in very special circumstances, where the risk posed by something potentially hazardous is so great that it is simply not allowed in. For example in a factory where the product must be assembled in a clean room, technicians are required to change from their normal clothes into special suits. This is because their clothes cannot be inspected or cleaned to the required standard. This is a zero- trust approach in that something that has the potential to be unsafe is replaced with something safe. In cyber space the equivalent to this zero trust approach is our threat removal platform.

Zero-Trust Security

The Deep Secure Threat Removal Platform takes any document, extracts valuable business content and transforms it a new file, leaving any threats behind. The file created in its place is a carbon copy of the original but is 100% safe because it’s built from new, clean data does not contain any parts from the original file. It is this safe file that is passed to the user.

Crucially, Deep Secure applies this zero-trust threat removal approach to every file, ensuring that the content presented to the user is always 100% threat-free and delivering true protection against all known and unknown malware.


View all posts

Digital Purity with 100% efficacy

Contact Us