Content disarm and reconstruction (CDR) is an advanced threat prevention technology designed to protect organizations from file-borne malicious threats. It disarms files by detecting and eliminating the malicious components, then reconstructs the file into a harmless form without losing its original structure or fidelity.

Content Disarm and Reconstruction (CDR)

Zero Trust CDR is used in conjunction with other security measures, such as email filtering, web filtering, endpoint protection, and next-generation firewalls, to provide comprehensive protection from advanced threats. At the same time, Zero Trust CDR should be integrated into an organization’s broader content-defined zero-trust approach. Zero Trust CDR also helps ensure third-party risk management (TPRM) is in place to protect against malicious files entering an organization’s network and applications from their supply chain.

Zero Trust Content Disarm and Reconstruction

Zero Trust CDR mitigates the threat of even the most advanced zero-day attacks and exploits. Zero Trust CDR assumes nothing can be trusted. It works by extracting only the valid business information, either discarding or storing the originals, verifying that the extracted information is well-structured, and then building a new, fully revisable file to carry the information to its destination.

Zero Trust CDR is used in conjunction with other security measures, such as email filtering, web filtering, endpoint protection, and next-generation firewalls, in order to provide comprehensive protection from advanced threats.

By using CDR technology, businesses can ensure that all incoming files, including documents, images, and other file types, are free from malware, zero-day exploits, and other cyber threats. This approach provides a significant advantage over traditional antivirus solutions, which often struggle to detect new and evolving malware strains.

What Does Content Disarm and Reconstruction Help Protect Against?

CDR is a valuable security tool that helps protect against malicious payloads in files. It works by removing malicious content from files, analyzing the file and its components, and then reconstructing the file without the malicious code. This helps protect against malicious software, such as viruses, worms, Trojans, rootkits, and malware that can be used to steal data and to control or disrupt computer networks. It also helps to protect against attacks that use malicious code to deliver malicious payloads, such as ransomware and cryptojacking.

CDR is a multi-step process, which first involves scanning the file for malicious code and then stripping it out before the file is reconstructed. During this process, the legitimate content remains intact, while the malicious code is rendered harmless. This helps to protect against the malicious payloads, which can destroy data, steal sensitive information, or cause disruption on the network. It also helps to mitigate the risk of an attack by reducing the chances of the malicious code finding its way into the system.

CDR is an important security tool and can help to protect against malicious payloads. It is a powerful tool that helps to mitigate the risk of a malicious attack by removing malicious content and reconstructing the file without it. It is an effective and robust security tool that can help to ensure that data and systems remain safe and secure.

How Does CDR Work?

With CDR, organizations can eliminate the risk of malicious content from entering their networks and applications, and as a result, significantly reduce the risk of security incidents and data breaches. CDR works in four steps, which include:

1. File Extraction

This is the first stage of the CDR process, and involves extracting the file’s contents so that they can be analyzed for potential malware. This process typically involves the use of specialized software, which scrutinizes the file by segmenting it into its constituent components, such as text, images, and code. Once extracted, the file’s contents can then be passed to the next step in the process.

2. File Type Verification

This is the second stage of the CDR process. It involves analyzing the file to determine its type and how it should be handled. The most common types of files treated by CDR systems include executable files, scripts, and archives, as these are the most common targets for malicious code. The CDR system checks the file’s type, as well as its attributes, to determine how it needs to be handled.

3. Content Disarm and Reconstruction

This is the third stage of the CDR process, and is the core of file-level protections. This step involves breaking down the file into its constituent components and scanning each one for threats. These components can include text, images, embedded code, macros, and other embedded objects. Once scanned, the CDR system can then reconstruct the file, removing any malicious code that may have been identified, while leaving the file’s content intact.

4. File Delivery

File delivery is the fourth, and final, stage of the CDR process. Once the file has been sanitized, the CDR system then passes it back to the user, enabling them to access the file safely. This is typically done through an email server, or by downloading the file directly.


Types of Content Disarm and Reconstruction (CDR)

The CDR process is an important part of any security strategy, as it helps to prevent malicious code from infecting computer systems and networks. Through the above four steps, CDR systems can effectively remove any malicious code from files and allow users to safely access their content.

There are three basic approaches to CDR. They include:

1. Flat-file Conversion

This approach takes any new file with active content and creates a flat copy of it in PDF form. This method is quick and effective at minimizing the attack surface, as it eliminates any potential malicious code. However, this method also erases legitimate content such as macros, form fields, and hyperlinks, due to its inability to distinguish between malicious and benign files.

2. Content Stripping

This approach strips out active content and embedded objects and reconstructs the file in its original format in order to maintain some usability for the end-user. The downside is that, since CDR is unable to distinguish between malicious and benign files, legitimate content is destroyed, and admin interaction is frequently required to retrieve original files.

3. Positive Selection

Positive selection is the most advanced type of CDR. This approach is designed to minimize the destruction of legitimate content by rebuilding files based on templates, which helps maintain full functionality of the file after reconstruction. It does this by copying only known-good (positively selected) components to the reconstructed file. This increases the accuracy of the CDR process, as the malicious content is identified and removed while the legitimate content is retained. Unfortunately, due to the lack of malware identification capabilities, positive selection is not foolproof and can still eliminate legitimate content.

Who Needs CDR?

CDR is an essential security measure for organizations looking to protect their sensitive information from malicious actors. CDR is ideal for companies that deal with many external sources of files, such as a mailbox, cloud storage, file sharing, or file transfer services, and need to ensure that any content they receive is safe. Government agencies and critical infrastructure providers should also use CDR to protect against the potential of state-sponsored threats and nation-state attacks.

Businesses in highly regulated industries such as healthcare, finance, and manufacturing should also use CDR to ensure that all incoming files are safe. CDR can be used to detect and repair any malicious content embedded within incoming documents, such as Word and PDF files, before allowing them to be opened. This ensures that these organizations remain compliant with industry regulations and protect their sensitive data from unauthorized access.

Finally, CDR is beneficial for any organization that handles large amounts of data that needs to be shared securely internally or externally. CDR helps to ensure that any shared files are free from threats before being circulated to authorized users. By proactively detecting and removing any malicious content from files, CDR helps organizations protect their data while enabling secure collaboration among their staff.

Benefits of CDR

The implementation of CDR technology comes with several benefits. Here are some of the key advantages of using CDR in your organization:

1. Protection Against Zero-day Threats

Zero-day threats are malware that exploits previously unknown vulnerabilities in software. CDR can detect and remove these threats, providing protection against new and unknown malware.

2. Improved Threat Detection

CDR can detect and remove threats that are not detected by traditional antivirus software, such as fileless malware or threats that use encryption to evade detection.

3. Increased Network Security

By removing potentially harmful code from files, CDR helps to prevent the spread of malware and other threats, increasing network security.

4. Reduced Risk of Data Breaches

Malware is often used as a means to gain access to sensitive data. CDR helps to prevent data breaches by removing potentially harmful code from files before they are opened.

5. Enhanced User Experience

One of the main benefits of CDR positive selection is that it enhances the user experience. By allowing known good files to pass through the CDR process without being subjected to additional scrutiny, users can access legitimate files without any delay or obstruction. This not only saves time but also improves user productivity.

6. Customizable Security Policies

CDR positive selection allows users to customize their security policies based on their unique needs and requirements. This means that users can define specific file types that they want to allow through the CDR process and customize their security policies accordingly.

Kiteworks Private Content Network and Forcepoint Zero Trust CDR

Forcepoint and Kiteworks joined forces to offer an integrated solution for zero trust at the content layer. This integration combines Forcepoint’s Zero Trust CDR with Kiteworks’ Private Content Network. The integration of Kiteworks’ Private Content Network and Forcepoint Zero Trust CDR brings together two different strategies for achieving a secure enterprise content-sharing system.

Forcepoint Zero Trust CDR focuses on providing organizations with enhanced security and unified access control while Kiteworks’ Private Content Network enables secure content collaboration between users who are both inside and outside of an organization’s network. The combination of the two technologies brings organizations greater flexibility and scalability when it comes to content collaboration, enabling quick and secure access to files from anywhere in the world.

With Forcepoint Zero Trust CDR, organizations have granular controls for all content access, providing an extra layer of security for organizations. Kiteworks’ Private Content Network provides a secure way for users to access, share, and collaborate with their content, no matter where they are. By combining the two technologies, organizations will benefit from an enhanced security posture, improved collaboration and data access, and the ability to easily scale their content-sharing system. With Forcepoint Zero Trust CDR and Kiteworks’ Private Content Network, organizations can secure their content and manage access control while allowing users to easily and securely share their data. This integration provides organizations with a comprehensive solution to achieve zero trust.

For more information on the Kiteworks and Forcepoint partnership, schedule a custom demo today.


Back to Risk & Compliance Glossary


Get email updates with our latest blogs news

Get A Demo