CO - Techinnovation

Why Is CDR / CDNR So Important?

Why Is CDR / CDNR So Important?
Addressing the Fundamental Deficiency in Today’s Mainstream Cyber Security Strategies
From Detection to Non-Detection. 

The Current Cyber Security Landscape
Traditionally, for the past few decades, “detection” has been the centre of all the cybersecurity protection tools: be it anti-virus, sand-boxing, machine-learning, threat intelligence, intrusion detection or network analysis tools. Every technology is, at its very fundamental level, trying to “detect the bad guys” in a bid to remove them if found. The deficiency with this approach is, there are countless number of new malwares being developed everyday around the world. Such new malwares range from variants of existing malwares or completely redesigned malwares that are making use of zero-day (meaning new, or “just born”) vulnerabilities in OS-es and commercial applications. Because of this, it becomes increasingly difficult to keep up with the latest zero-day malwares. This is despite the relentless effort of brilliant security researchers around the world working on the best technologies to “detect the bad guys”, whether signature-based, or signature-less. We may detect them today, we can’t tomorrow. That is the reality today and that explains partially why high profile compromised cases due to WannaCry, NotPetya etc continue to get into headlines despite vast investment in advanced protection technologies. With that, a paradigm shift in cyber protection strategy is imminently needed today.

In recent years, with the popularity of AIML (Artificial Intelligence and Machine Learning) technologies, highly advanced protection tools continue to emerge. Such technologies are able to, without supervision, creates large patterns and trends on previously available data and make increasingly accurate predictions on new threats based on techniques such as heuristics analysis.

Despite the above indicated advances in the detection space, malwares and ransomwares are still successfully infecting organizations around the world from time to time. What is fundamentally missing? Are we all barking up the wrong tree?

CDR or CDNR

In consideration of the fundamental inadequacy in detection-centric technologies, they need to be augmented by non-detection based technologies. One such example is “CDR”, an acronym for Content Disarm and Reconstruction.

Specifically, CDR is a technique which, does not determine nor detect malware's functionality but removes all “impurities” that are not approved within the system's definitions and policies. However, in our opinion, this term does not completely reflect what this technology is doing because, in order for it to “disarm”, it needs to detect first whether it is “armed”. Hence, “CDR” might be mistaken as a detection technique and it might not be the most accurate term to describe a non-detection-centric technology.

We propose an alternative term that reflects this technology more accurately. We name it CDNR, Content Deconstruction, Neutralisation & Reconstruction, which means the content is deconstructed first (regardless of it being infected or not), neutralized (sanitized using a set of different techniques based on file types), and then reconstructed back to original file format using its native drivers and creating the file back to its purest, native form. Throughout the process, all the “extra” contents or “impurities” such as hidden scripts and non-complying elements etc., are being dropped. In a nutshell, the main purpose now is not to detect and remove just the “bad guys”, but simply to remove all the “impurities” whether it is bad or good (hence no detection is necessary). This is at its conceptual level, a little akin to a white-listing concept, although it has much more technicalities and complexity in its real implementations.

There are different models of CDNR processes depending on the user’s security and usability risk endurance level:

1.     Maximum-Usability (MU) Model

2.     Maximum-Security (MS) Model

In MU model, the CDNR engine will follow a set of pre-defined rules and policies and drop all components of a file that does not meet the requirement with zero cost in usability. For example, the original file will be restructured using native drivers and matched with a set of rules and policies. Anything that does not match the rules, will be dropped (e.g. macros, embedded scripts, embedded files, etc.,). This method will let the user retain most of the features in the original file but improper configuration in such case may lead to risk of infection despite the CDNR efforts so it is a trade-off for usability with calculated risks and exposure.

In MS model, the CDNR engine will practically rebuild the whole file itself, either by converting to another file format or just recreate the file using native drivers at the minimal or moderate cost in usability. Imagine a DOC file being converted to an HTML file: all the doc-specific features such as macros, embedded files, are essentially crushed in the new environment. Hence, when this HTML file is converted back to DOC file, all the potentially dangerous components are already completely disposed of. This approach is very effective in security point of view since all the impurities, which usually include potentially malicious contents are gone. Such highly stringent option trade usability for a virtually un-hackable screening. However, it is important to note that this example is cited for the simplicity of understanding. In the industry, the top CDR/CDNR engines took years of research and development, and it typically comes with a collection of much more sophisticated technologies to achieve a well-balanced between usability and security.

The Challenge

Security is always use case dependent. It is always a trade-off between usability and convenience. The challenge therefore remains in how to effectively do CDNR at a high security level while also retaining high usability at the other end of the balance. In other words, to perform maximum sanitization yet retaining the file’s original persona.

The above has been a well-researched topic and we are fortunate that today, there is already matured and enterprise-grade CDNR based offering. While its adoption and awareness has increased gradually over the past few years, it is a little unfortunate that such concept is still not very well understood yet at the point of this writing. There is only one such clear leader that is very much ahead of the pack.

Recommendation

With ever increasing sophistication of advanced malwares, it is critically imminent for enterprises to embrace a holistic approach in cyber protection in the perspective of “People, Process and Technologies”. On People, to have multi-level, customized trainings for different levels of staff. On Process, to not just focus on paper compliances and certifications, but to also engage strong cyber audit service providers for regular and deep Vulnerability Assessment and Penetration Tests (VAPT). On Technologies, to not just looking at detection-centric baseline, but to augment it well with a non-detection-centric implementation that covers the necessary threat exposures of the enterprises
  • Ken Soh Lee Meng
    Ken Soh Lee Meng
    Chief Information Officer BH Global and CEO of Athena Dynamics Pte Ltd

    Ken Soh Lee Meng is the Chief Information Officer BH Global and CEO of Athena Dynamics Pte Ltd Mr Ken Soh Lee Meng holds concurrent appointments as Group CIO of mainboard listed BH Global Corporation and as the founding CEO of the group subsidiary cyber security company Athena Dynamics Pte Ltd. Mr Soh has more than 28 years of working experience in the ICT industry. Prior to joining BH Global, Mr Soh held various senior positions in public and private sectors at CxO and business leader levels with Master Planning and P&L responsibilities.  He holds a Master of Science in Computer Studies from the University of Essex (UK); and a Master of Business Administration (eMBA) from the Nanyang Business School (a Nanyang Technological University and University of California, Berkeley joint programme).

You May Also Like

Install These Free Security Tools Now!
Install These Free Security Tools Now!

Have you heard of intrusion detection systems? Also known as IDS, this software is often used to det...

Crowdfunding drives  unprecedented efficiency
Crowdfunding drives unprecedented efficiency

Crowdfunding has become the center of attention in the field of financing. It is also an increasingl...

Everything As a Service
Everything As a Service

Transition from Capex economy to Opex Economy World is in a transition from Macro to Micro. Granula...

IoT in Malaysia – 2019 Predictions
IoT in Malaysia – 2019 Predictions

The year 2014 is when Malaysians started to Google the term “IoT” and ever since, the hy...

The business case for 5G
The business case for 5G

As of 2018 ,33 MNOs have been involved in 5G trials within Asia Pacific, accounting for 44% of 77 tr...

A New Face On Digital Transformation: Engagement Innovation
A New Face On Digital Transformation: Engagement Innovation

Whether we believe it or not we are in the fourth industrial revolution – The Digital Revoluti...

Technology & Competitive Data Analysis More Money – More Competition; everyone wins
Technology & Competitive Data Analysis More Money – More Competition; everyone wins

Technology & Competition – More Money, Better Deal for Consumers & Companies – H...

Anatomy of Fintechs that’s redefining Financial services business models.
Anatomy of Fintechs that’s redefining Financial services business models.

On a weekend in 2013 during monsoon I invited my friend and his family for a dinner at my place. It ...

Blockchain Taxation
Blockchain Taxation

World has paid a heavy price for trust, transparency, controls and accountability. Globally there i...

CIO Business leadership - shifting from tech to business leadership
CIO Business leadership - shifting from tech to business leadership

CIOs are no longer technocrats, they are business enablers and crucial part of organisation. CIOs sh...

Ideas and Opinions | 5G as an Enabler of Smart Cities
Ideas and Opinions | 5G as an Enabler of Smart Cities

When 5G comes to mind these days, we think of “is this REALLY it?” and “have we re...

Lessons in Machine Learning
Lessons in Machine Learning

More organizations are using machine learning for competitive reasons, but their results are mixed. ...

The Changing DNA of the CIO CIO as Business Enabler
The Changing DNA of the CIO CIO as Business Enabler

The idea that the role of the CIO has now gone beyond technology and innovation related issues, and ...

Digital Indoor System: Critical Infrastructure for Digital Economic Transformation
Digital Indoor System: Critical Infrastructure for Digital Economic Transformation

Digital Indoor System: Critical Infrastructure for Digital Economic Transformation   Developme...

Today's Digital Miners
Today's Digital Miners

Today's Digital Miners I guess by now everyone of us who have read an article or two on digital...

Digital Transformation Readiness Test for Banks
Digital Transformation Readiness Test for Banks

Digital Transformation Readiness Test for Banks The questions banks need to try to answer to test ...

What is Machine Learning
What is Machine Learning

What is Machine Learning? According to Tom Mitchell, a professor at Carnegie Mellon University has d...

Transformation of industry verticals through 5G – Focus and Look Indoors 
Transformation of industry verticals through 5G – Focus and Look Indoors 

Transformation of industry verticals through 5G – Focus and Look Indoors  Now that 5G is...

Humanize Technology - back to the basics of serving human needs, humanly
Humanize Technology - back to the basics of serving human needs, humanly

Humanize Technology - back to the basics of serving human needs, humanly The subjects of Digital Tr...

Creating the foundation for Sustainable Innovation
Creating the foundation for Sustainable Innovation

Creating the foundation for Sustainable Innovation In 2011, Marc Andreessen famously proclaimed tha...

About Tech Data Diversity And Inclusion
About Tech Data Diversity And Inclusion

About Tech Data Diversity And Inclusion I am excited about attending the Hispanic IT Executive Coun...

Digital Transformation: Customer Centricity & Intimacy
Digital Transformation: Customer Centricity & Intimacy

Digital Transformation: Customer Centricity & Intimacy It was inspiring listening to IMD Profess...

Is Industry 5.0 putting humans back in the center
Is Industry 5.0 putting humans back in the center

Industry 4.0 focused on the machines. Is Industry 5.0 putting humans back in the center? I was on a...

Importance of IT Resilience
Importance of IT Resilience

Importance of IT Resilience Disclaimer: The posting written here is solely of my own comment and ...

Implementing a SaaS Solution – The 3 Major Technical Challenges
Implementing a SaaS Solution – The 3 Major Technical Challenges

So when are you planning to implement a SaaS (Software as a Service) solution? Very soon, if not alr...

So you want an #Innovation Hub?
So you want an #Innovation Hub?

Innovation, Design Thinking, Digital, Disruption, Agile, Transformation - these are new buzz words t...

The Unsung Hero; The Data Scientist
The Unsung Hero; The Data Scientist

It is quite likely you are wondering ‘what on earth’ am I on - for cooking up such a tit...

How POC projects made me a better Project Manager
How POC projects made me a better Project Manager

How did I get here? Project Management is a tough job. We need to keep a track on budgets, timeline...

How Data and AI can help in COVID-19 crisis
How Data and AI can help in COVID-19 crisis

Since the first report of coronavirus (COVID-19) in Wuhan, China, it has spread to at least 100 othe...

Building thriving business partnerships with Open API
Building thriving business partnerships with Open API

Apple and Google recently collaborated to assist in enabling contact tracing and reducing the spread...

The Future of Indoors with Digital Indoor Systems
The Future of Indoors with Digital Indoor Systems

Digital Transformation, 5G, and COVID-19 have triggered further growth in indoor traffic Digital tr...

Seizing Opportunities in the ICT Sector
Seizing Opportunities in the ICT Sector

The Increased Pace of Digital Transformation Automation, digitalisation, artificial intelligence (A...

CoVID19, Digital, ML
CoVID19, Digital, ML

CoVid19 hit us and has now created the “new Normal” in terms WFH, Video conferences, bal...

Do we really need CEOs, CFOs, and CIOs?
Do we really need CEOs, CFOs, and CIOs?

Why CMOs and CTOs are all you need to succeed in today's world This is my first article in a se...

Cinématographe by the Lumière Brothers & History of AI
Cinématographe by the Lumière Brothers & History of AI

The Lumière brothers, Auguste and Louis, French inventors and the pioneer manufacturers...

Stay Connected With Us