What are file-based threats?

File-based threats are malicious pieces of code that reside within a file. Cybercriminals use file vulnerabilities to embed threats within everyday files and use these often seemingly safe business documents to target individuals or organizations. Once downloaded and/or opened, these files distribute malware to damage or exploit networks, servers and devices, or initiate ransomware attacks.

What are file-based threats?

Malware (short for malicious software) refers to software designed to intentionally damage, disrupt or breach an organization’s IT infrastructure.

Common Types:

  • Ransomware
  • Virus
  • Trojan
  • Worm
  • Backdoor

Active content risks –
what are they?

Each file type contains certain vulnerabilities that leave an organization at risk of a cyber-attack. They can be manipulated by cybercriminals to steal data or to plant malicious content.

Common vulnerabilities include:

Acroforms

‘Acrobat forms’ look just like any other form, but they may also contain active code such as JavaScript. This active code can be exploited by cybercriminals to launch attacks that are commonly missed by traditional detection-based cyber security solutions.

Dynamic Data Exchange (DDEs)

Cybercriminals can use DDEs in Microsoft documents to execute malicious code on a recipient’s computer.

Embedded objects

Embedded objects within files can be used to hide data or provide a way for active code to be triggered. These objects are often used by cyber criminals to perform actions without a user’s permission or knowledge.

Review comments and metadata

Sensitive information that a company does not want to disclose to the public can be found within metadata. This could be the name of the author of a file, tracked changes or review comments. Cybercriminals can access this data using it for malicious purposes, damaging the reputation of an organization when the breach is disclosed.

Macros and JavaScript

Macros and JavaScript are forms of active code. These extra file functions can perform actions without a user’s permission, starting a chain reaction of malicious events. When these are present in a document, they are often used by cybercriminals to mount an attack against the user or receiving system.

Digital signatures

If the ownership and trust of the certificate chain has been compromised, a cybercriminal could trick a user into opening a document that contains malicious content.

Hyperlinks

Hyperlinks are often used in phishing attacks. Cybercriminals create links that look legitimate and trustworthy on the surface, but once clicked, take a user to a different destination and a chain of malicious events is activated.

Detection-based solutions leave organizations open to risk

There are an abundance of complex cyber security solutions available – with one common problem. They all rely on detection capabilities to protect organizations against file-based threats.

“Next generation” antivirus and firewall systems use detection-based solutions that can only protect against risks already known to them. This leaves organizations at risk to new and unknown file-based threats.

Sandbox solutions can offer some protection, but cyber criminals now use clever tactics to evade them.

Machine learning and AI cannot offer absolute, zero-trust protection, and still leave organizations at risk from new (zero-day) threats.

The Solution:

Zero-trust file protection

with Glasswall CDR

Zero-trust file protection by Glasswall is different. Instead of looking for malicious content, our patented CDR process treats all files as untrusted — validating, rebuilding and cleaning each file to a safe and compliant standard — automatically removing potential threats.

Security teams can embed our cloud-native CDR engine across their infrastructure, utilizing either an out of the box CDR platform, which comes ready to implement with its own UI and reporting dashboards. Alternatively for organizations that want to build Glasswall CDR into their existing systems, our embedded SDK enables teams to implement zero-trust file protection into their software applications and network deployments.

How does Glasswall CDR work?

Glasswall CDR (Content Disarm and Reconstruction) employs our patented 4-step approach to protect organizations and individuals against file-based threats. Unlike other cyber security solutions, we don’t try to identify the malicious code – we simply remove the ability for it to exist in the document all together.

1. Inspect

Breaks down the file into its constituent components. Validates the file’s structure against its specification

2. Rebuild

Unknown and invalid file structures are repaired in-line with the file’s specification

3. Clean

Removes high-risk file structures that contain active content, based on configurable policy

4. Deliver

Semantic checks ensure the file’s integrity. The safe and fully functional file is now ready to use

Book a demo

Talk to us about our industry-leading CDR

What are file-based threats?

What is zero-trust file protection?

How does Glasswall CDR work?

Why Glasswall CDR?

Learn about the simple way to protect against sophisticated file-based threats.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

Patents

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.