What is Content Disarm and Reconstruction (CDR)?

by | Sep 6, 2021 | Thought leadership, Tip of the Week

This post has been updated. See the new up-to-date version here: What is CDR?

File-based cyber security threats are growing faster than ever. Approximately 1 in every 100,000 files contain potentially malicious content, with 98% of them being unknown by antivirus solutions for up 18 days before they can mitigate potentially devastating risks.

With global trends such as hybrid and remote working continuing to impact the way organizations use technology, the threat landscape is also becoming more sophisticated and complex. The result is that reactive detection-based security solutions can’t keep up: Antivirus puts users at risk with every new threat, while sandboxing exposes organizations to risk from advanced malware and disrupts business productivity. These complex security solutions also add stress to busy security teams.


Content Disarm and Reconstruction: Protection that doesn’t wait for detection

As a result, detection-based security methods have to play catch up with new and unknown threats and malware that contains potentially malicious code. In contrast, Glasswall’s proactive Content Disarm and Reconstruction (CDR) technology instantly cleans and rebuilds files (PDF, Excel etc) to match their ‘known good’ manufacturer’s specification – automatically removing potential cyber threats. This simple approach ensures every document entering or leaving the organization is safe, without sacrificing productivity, meaning users can trust every file.

Glasswall CDR technology instantly removes risk by using a four step process:


Step 1 – Inspect

Three layers of the file are inspected to validate its digital DNA complies with the known good manufacturer’s specification. Remediation instantly takes place where deviations are found.



Step 2 – Clean

High risk active content (i.e. macros and embedded links) is cleaned and removed, based on company policy – so only the users who need active content receive it.



Step 3 – Rebuild

The file is rebuilt to its known good manufacturer’s standard, ensuring the file is clean and threat-free.



Step 4 – Deliver

The user instantly receives a safe, identical file that’s compliant, standardized and trusted – reducing risk of the malicious code hidden in malware while maintaining business continuity.



The result is a powerful ability to close the security blindspots exploited by cybercriminals who know that reactive antivirus and sandboxing technologies cannot identify new vulnerabilities hidden in file ‘DNA’ for days or even weeks after they have been released.


A flexible, cloud-native and infinitely scalable platform

Built on flexible and scalable infrastructure, Glasswall uses Compliant Kubernetes enabling users to spin up CDR clusters to suit their precise needs. This cloud-native architecture providing infinite scale on demand – hubs can be deployed across the organization to enable CDR workflows across multiple network segments.

Available on-premises, across all clouds or via dockers, Glasswall provides open source-based connectors for easy on-premises and cloud integrations and offers developer-centric web services with OpenAPI specification compliant design. In addition, cloud-ready machine images and virtual machine infrastructure offer out-of-the-box observability and metrics reporting. With typical sub-second parallel file processing, Glasswall CDR is available on-premises, across all clouds or via dockers.


Comprehensive use cases

Glasswall CDR has been developed to meet the needs of a wide variety of organizations who are focused on precise use cases. These include:


Cloud native integrations – The Glasswall CDR (Content Disarm and Reconstruction) platform is a cloud native, open architecture solution that’s infinitely scalable so users aren’t locked into proprietary technologies or service providers. Integration is refreshingly easy–we follow API-first, standards compliant design and integration connectors are free of charge. Just as we’re able to deploy the Glasswall CDR Platform to hosted environments for our customers, we believe you should be able to use Infrastructure-as-Code (IaC) script to deploy the solution into your hosting provider environments.



Data migration – Trust boundaries are everywhere. A cross domain plug-in provides a vital air-gap for files moving between trust boundaries, whether they’re inside the organization or across a public network. To migrate or synchronise file transfers across two or more storage locations, Glasswall CDR ensures that threats can be removed as they transition from folder-to-folder or across a domain interface. Multiple connectors are available to define how the Cross Domain Plug-in communicates with storage repositories before passing the file to the Glasswall CDR Platform for threat removal.


Metadata removal – Reduce the risk of sensitive information being leaked to a third party with Glasswall CDR. Most file formats have associated metadata that comes with the visual data. While this information can be helpful, it also poses a security risk. By removing metadata from every document sent or received, every file that has been Glasswalled minimises the risk of accidental information leaks.



Malware risk removal – Trust your files again – Glasswall CDR disarms and secures every file in real-time. Today’s popular file formats offer many places for malware to hide, and there have been over 300 million ransomware attacks in the first half of 2021 alone. Glasswall removes malware by cleaning and rebuilding files to match their ‘known good’ manufacturer’s specification.



Secure email – Protect your organization from the most stubbornly popular attack vector. With Glasswall CDR users receive secure emails at the speed of business. Glasswall proactively remove threats from every email without delay. Every attachment that comes through is cleaned and rebuilt so it is completely secure. The CDR technology analyzes and disables links within the body of an email by policy to limit the risk of phishing email attacks. As a CISO you can sleep easier knowing your files have been Glasswalled.



SDK Integration – Glasswall SDK Integration enables users to determine how analysis and threat removal integrates into their business workflow using Rest-based APIs. It uses a cloud native Kubernetes-based architecture allowing for massively parallel processing scale, which can be deployed within a public, private or hybrid cloud environment and does not require online access to operate.



File uploads and downloads – To reduce the risk of file-based threats, Glasswall gives users the freedom to download files from the internet without putting their organization at risk by instantly securing files that are uploaded to or downloaded from the web.




Content Disarm and Reconstruction (CDR) – The benefits

Glasswall’s CDR platform has been tested, validated and implemented by a range of the world’s leading intelligence agencies, who have successfully protected against all efforts to penetrate the technology even when custom written exploits have been used to test the product. The analytics and policy management output and level of security delivered by Glasswall has always exceeded expectations – no other CDR technology has undergone such extensive, independent testing.

Today, customers around the world across public and private sectors see a range of cyber security benefits from using Glasswall CDR. These include:


Secure & optimize files

By working with safer, more secure files, Glasswall CDR removes risk and anomalies in an instant, so users can trust every file is safe and usable.



Less risk, more productivity

Glasswall enhances productivity across the organization by de-risking every document without users ever noticing it is there.



Deploy with ease

Users are up and running in hours, not months and can deploy the solution seamlessly without the typical hidden costs and headaches for their security team.



Glasswall CDR is providing organizations around the world with proactive protection against file-based cyber security threats. As the risks networks and data increase, it’s now more important than ever to deliver a strategy that addresses both existing and emerging risks.

To read more about Glasswall Content Disarm and Reconstruction (CDR) solutions, click here, visit our blog – or to try it for real, take a CDR test drive.


What are file-based threats?

What is zero-trust file protection?

How does Glasswall CDR work?

Picture of a knight mask with swords to illustrate our battle for being the market leader in CDR

Glasswall vs Competitors

Why Glasswall CDR?

Learn about the simple way to protect against sophisticated file-based threats.

All resources



Case Studies

Use Cases




Product help



Contact us


strategic alliances

About our Partner Program

Our Partners

Become a Partner

Glasswall partner program

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People




Contact Us

support lines


Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.