Sasa Software Partners with SentinelOne to Offer NextGen AI-driven Security
Content Disarm and Reconstruction (CDR) is designed to provide a safe, hassle-free solution for the prevention of file-based attacks. Instead of relying on signature-based scanning or sandbox behavioral analysis, the technology breaks the file into its components, and then re-creates them, omitting all the insecure elements before the file enters the organization. This approach, championed by Sasa Software has proven itself to a point where Gartner mentioned the technology as a “Best Practice” in its recent Hype Cycle for Threat Facing Technologies.
To pre-emptively block files that are malicious, we utilize multiple highly-optimized AV engines that detect known signature-based threats. However, malware can be easily mutated to bypass these “static” AV engines. Therefore, we are now introducing the capability to scan the files with an additional technology- The SentinelOne advanced AI engine. We have entered a partnership with SentinelOne, the autonomous endpoint protection company and integrating the SentinelOne Nexus Embedded SDK into the Sasa Software GateScanner® Content Disarm and Reconstruction (CDR) technology, offering it to all customers in all of our solutions: Portable (USB) media security, Email, Appliance Security, APIs, and our new multi-route Security Dome.
Our R&D team worked closely with the SentinelOne engineering team to verify the effectiveness and performance of the solution in detecting highly mutated and previously unknown malware.
The combined process will begin with scanning the files using multiple highly optimized AV engines, including SentinelOne. All files, whenever possible, will then continue to the disarm process, to prevent undetectable attacks. The SentinelOne Nexus SDK is a significant additional capability for enhancing the security of customers using files that cannot be disarmed including binaries (PEs), and documents containing active content, such as MS-Office Macros and PDF scripts. This is especially crucial for OT network users as they often introduce SCADA updates, control files, and other operational files that cannot be disarmed.
Technically, the S1 Nexus SDK has been embedded as an additional scanning technology in our CDR engines as part of the “Deep Threat Scans” capability: