As mentioned in the report, “CDR, which is also referred to as ‘content sanitization’, breaks down files into their discrete components; strips away anything that doesn’t conform to that file type’s original specification, ISO standard, or company policy; and rebuilds a ‘clean’ version. This near-real-time process is an effective approach to removing malware and other exploits from files. While sandboxing and almost all other techniques depend on detection, CDR protects against exploits and weaponized content that have not been seen before.” Gartner has also identified CDR with a “high” benefit rating.
The CDR process disrupts the integrity of any remaining hidden malicious code, zero-days, or exploits. The result is a visibly identical, functional and completely safe (harmless/neutralized), new copy of the original file.
According to Gartner, “by 2022, Gartner expects 20% of organizations to use CDR as part of their content protection strategies, up from 5% today. We also expect CDR to be available as a standard capability everywhere multiple antivirus scanning is deployed.”
We believe this is because CDR overcomes the shortcoming of technologies such as signature-based AV, NextGen AI-based detection and behavioral analysis sandboxing. All of these technologies rely on a decision-based process which can ultimately fail and are prone to evasive techniques used by attackers. CDR offers tangible benefits that outperform sandboxing in almost all aspects- it is easier to implement, quicker, handles much larger volume/ higher throughput, and unlike traditional technologies, it doesn’t rely on detection. CDR can mitigate one of the common infection vectors- scripts embedded in MS-Office and PDF documents, that can be highly obfuscated, which a significant challenge for many security solutions that rely on static scanning. It can also neutralize sophisticated, sandbox-evading malware that can delay operation for as long as it being held in a virtual environment.