John Stevenson by John Stevenson | | Blog

When Anti-Virus products were first developed they ran locally on endpoints. Now most organisations deploy multiple layers of Anti-Virus technology across the organisation frequently from different vendors in an attempt to stay safe. Often this strategy extends to the Cloud. For example, several Email security vendors offer Cloud-Based scanning by multiple different Anti-Virus scanners as an integral part of the security service. This approach, multiple duplicate layers of protection is widely regarded as the best way to stay safe and yet one glance at the technology news on any given day suggests otherwise.Proof of the inadequacy of this approach is easy to come by.

The Deep Secure research team has created a simple PDF Malware test file and gave it to VirusTotal, the free service that calls all the major Anti-Virus scanners and analyses suspicious files and URLs. The PDF was harmless but the techniques it used should have been picked up as indicators of Malware. On day one, none of the Anti-Virus scanners flagged it as malicious. Today, some 2 months since it was first put to the test, 42 of the 58 Anti-Virus scanners on VirusTotal still regard the file as harmless.

This strategy of adopting multiple duplicate layers of protection extends to Second Generation technologies like sandboxing. With so many different file type and operating system combinations, the business of analysing calls between applications and operating systems and between hardware and operating systems is labyrinthine and imperfect. The solution adopted by many including at least one major firewall vendor this week, is to deploy multiple analytical sandboxing engines. Sadly, the reality is that this does little to reduce the risk and a lot to increase user frustration as latency is introduced into vital business processes. What is needed is a fresh approach not more layers of duplication.

Deep Secure is leading the way with the Third Generation of cyber security with Content Threat Removal. The Deep Secure Content Threat Removal Platform removes threats from business documents using a process of transformation to prevent any exploit contained in seemingly valid business communication from entering an organisation. With transformation, the original and potentially malware-infected business document doesn’t cross the security boundary. Instead the valid business information is extracted from it and used to build a completely new document, leaving behind any Malware. The original is discarded and the new document is sent on to its destination.

This approach differs fundamentally from First and Second generation Cyber Security technologies. There is no attempt to “detect” a threat so there is no need for signature updates or access to knowledgebases. Equally, there is no need to impede business processes by sandboxing documents for analysis of their behavioural characteristics. Each business document is transformed, the risk is removed not merely reduced and the business gets the information it needs.

The Deep Secure Content Threat Removal Platform works with Mail, Web and File transfers across security boundaries. It removes threats from all types of business content including PDFs, office documents, images and web services applications.

View all posts