Why Is CDR / CDNR So Important?
From Detection to Non-Detection.
The Current Cyber Security Landscape
Traditionally, for the past few decades, “detection” has been the centre of all the cybersecurity protection tools: be it anti-virus, sand-boxing, machine-learning, threat intelligence, intrusion detection or network analysis tools. Every technology is, at its very fundamental level, trying to “detect the bad guys” in a bid to remove them if found. The deficiency with this approach is, there are countless number of new malwares being developed everyday around the world. Such new malwares range from variants of existing malwares or completely redesigned malwares that are making use of zero-day (meaning new, or “just born”) vulnerabilities in OS-es and commercial applications. Because of this, it becomes increasingly difficult to keep up with the latest zero-day malwares. This is despite the relentless effort of brilliant security researchers around the world working on the best technologies to “detect the bad guys”, whether signature-based, or signature-less. We may detect them today, we can’t tomorrow. That is the reality today and that explains partially why high profile compromised cases due to WannaCry, NotPetya etc continue to get into headlines despite vast investment in advanced protection technologies. With that, a paradigm shift in cyber protection strategy is imminently needed today.
In recent years, with the popularity of AIML (Artificial Intelligence and Machine Learning) technologies, highly advanced protection tools continue to emerge. Such technologies are able to, without supervision, creates large patterns and trends on previously available data and make increasingly accurate predictions on new threats based on techniques such as heuristics analysis.
Despite the above indicated advances in the detection space, malwares and ransomwares are still successfully infecting organizations around the world from time to time. What is fundamentally missing? Are we all barking up the wrong tree?
CDR or CDNR
In consideration of the fundamental inadequacy in detection-centric technologies, they need to be augmented by non-detection based technologies. One such example is “CDR”, an acronym for Content Disarm and Reconstruction.
Specifically, CDR is a technique which, does not determine nor detect malware's functionality but removes all “impurities” that are not approved within the system's definitions and policies. However, in our opinion, this term does not completely reflect what this technology is doing because, in order for it to “disarm”, it needs to detect first whether it is “armed”. Hence, “CDR” might be mistaken as a detection technique and it might not be the most accurate term to describe a non-detection-centric technology.
We propose an alternative term that reflects this technology more accurately. We name it CDNR, Content Deconstruction, Neutralisation & Reconstruction, which means the content is deconstructed first (regardless of it being infected or not), neutralized (sanitized using a set of different techniques based on file types), and then reconstructed back to original file format using its native drivers and creating the file back to its purest, native form. Throughout the process, all the “extra” contents or “impurities” such as hidden scripts and non-complying elements etc., are being dropped. In a nutshell, the main purpose now is not to detect and remove just the “bad guys”, but simply to remove all the “impurities” whether it is bad or good (hence no detection is necessary). This is at its conceptual level, a little akin to a white-listing concept, although it has much more technicalities and complexity in its real implementations.
There are different models of CDNR processes depending on the user’s security and usability risk endurance level:
1. Maximum-Usability (MU) Model
2. Maximum-Security (MS) Model
In MU model, the CDNR engine will follow a set of pre-defined rules and policies and drop all components of a file that does not meet the requirement with zero cost in usability. For example, the original file will be restructured using native drivers and matched with a set of rules and policies. Anything that does not match the rules, will be dropped (e.g. macros, embedded scripts, embedded files, etc.,). This method will let the user retain most of the features in the original file but improper configuration in such case may lead to risk of infection despite the CDNR efforts so it is a trade-off for usability with calculated risks and exposure.
In MS model, the CDNR engine will practically rebuild the whole file itself, either by converting to another file format or just recreate the file using native drivers at the minimal or moderate cost in usability. Imagine a DOC file being converted to an HTML file: all the doc-specific features such as macros, embedded files, are essentially crushed in the new environment. Hence, when this HTML file is converted back to DOC file, all the potentially dangerous components are already completely disposed of. This approach is very effective in security point of view since all the impurities, which usually include potentially malicious contents are gone. Such highly stringent option trade usability for a virtually un-hackable screening. However, it is important to note that this example is cited for the simplicity of understanding. In the industry, the top CDR/CDNR engines took years of research and development, and it typically comes with a collection of much more sophisticated technologies to achieve a well-balanced between usability and security.
The Challenge
Security is always use case dependent. It is always a trade-off between usability and convenience. The challenge therefore remains in how to effectively do CDNR at a high security level while also retaining high usability at the other end of the balance. In other words, to perform maximum sanitization yet retaining the file’s original persona.
The above has been a well-researched topic and we are fortunate that today, there is already matured and enterprise-grade CDNR based offering. While its adoption and awareness has increased gradually over the past few years, it is a little unfortunate that such concept is still not very well understood yet at the point of this writing. There is only one such clear leader that is very much ahead of the pack.
Recommendation
With ever increasing sophistication of advanced malwares, it is critically imminent for enterprises to embrace a holistic approach in cyber protection in the perspective of “People, Process and Technologies”. On People, to have multi-level, customized trainings for different levels of staff. On Process, to not just focus on paper compliances and certifications, but to also engage strong cyber audit service providers for regular and deep Vulnerability Assessment and Penetration Tests (VAPT). On Technologies, to not just looking at detection-centric baseline, but to augment it well with a non-detection-centric implementation that covers the necessary threat exposures of the enterprises
You May Also Like

Install These Free Security Tools Now!
Have you heard of intrusion detection systems? Also known as IDS, this software is often used to det...

Crowdfunding drives unprecedented efficiency
Crowdfunding has become the center of attention in the field of financing. It is also an increasingl...

Everything As a Service
Transition from Capex economy to Opex Economy World is in a transition from Macro to Micro. Granula...

IoT in Malaysia – 2019 Predictions
The year 2014 is when Malaysians started to Google the term “IoT” and ever since, the hy...

The business case for 5G
As of 2018 ,33 MNOs have been involved in 5G trials within Asia Pacific, accounting for 44% of 77 tr...

A New Face On Digital Transformation: Engagement Innovation
Whether we believe it or not we are in the fourth industrial revolution – The Digital Revoluti...

Technology & Competitive Data Analysis More Money – More Competition; everyone wins
Technology & Competition – More Money, Better Deal for Consumers & Companies – H...

Anatomy of Fintechs that’s redefining Financial services business models.
On a weekend in 2013 during monsoon I invited my friend and his family for a dinner at my place. It ...

Blockchain Taxation
World has paid a heavy price for trust, transparency, controls and accountability. Globally there i...
CIO Business leadership - shifting from tech to business leadership
CIOs are no longer technocrats, they are business enablers and crucial part of organisation. CIOs sh...
Ideas and Opinions | 5G as an Enabler of Smart Cities
When 5G comes to mind these days, we think of “is this REALLY it?” and “have we re...
Lessons in Machine Learning
More organizations are using machine learning for competitive reasons, but their results are mixed. ...

Digital Indoor System: Critical Infrastructure for Digital Economic Transformation
Digital Indoor System: Critical Infrastructure for Digital Economic Transformation Developme...
The Changing DNA of the CIO CIO as Business Enabler
The idea that the role of the CIO has now gone beyond technology and innovation related issues, and ...

Today's Digital Miners
Today's Digital Miners I guess by now everyone of us who have read an article or two on digital...

Digital Transformation Readiness Test for Banks
Digital Transformation Readiness Test for Banks The questions banks need to try to answer to test ...

What is Machine Learning
What is Machine Learning? According to Tom Mitchell, a professor at Carnegie Mellon University has d...

Transformation of industry verticals through 5G – Focus and Look Indoors
Transformation of industry verticals through 5G – Focus and Look Indoors Now that 5G is...

Humanize Technology - back to the basics of serving human needs, humanly
Humanize Technology - back to the basics of serving human needs, humanly The subjects of Digital Tr...

Creating the foundation for Sustainable Innovation
Creating the foundation for Sustainable Innovation In 2011, Marc Andreessen famously proclaimed tha...

About Tech Data Diversity And Inclusion
About Tech Data Diversity And Inclusion I am excited about attending the Hispanic IT Executive Coun...

Digital Transformation: Customer Centricity & Intimacy
Digital Transformation: Customer Centricity & Intimacy It was inspiring listening to IMD Profess...

Is Industry 5.0 putting humans back in the center
Industry 4.0 focused on the machines. Is Industry 5.0 putting humans back in the center? I was on a...

Importance of IT Resilience
Importance of IT Resilience Disclaimer: The posting written here is solely of my own comment and ...

Implementing a SaaS Solution – The 3 Major Technical Challenges
So when are you planning to implement a SaaS (Software as a Service) solution? Very soon, if not alr...

So you want an #Innovation Hub?
Innovation, Design Thinking, Digital, Disruption, Agile, Transformation - these are new buzz words t...

The Unsung Hero; The Data Scientist
It is quite likely you are wondering ‘what on earth’ am I on - for cooking up such a tit...

How POC projects made me a better Project Manager
How did I get here? Project Management is a tough job. We need to keep a track on budgets, timeline...

How Data and AI can help in COVID-19 crisis
Since the first report of coronavirus (COVID-19) in Wuhan, China, it has spread to at least 100 othe...

Building thriving business partnerships with Open API
Apple and Google recently collaborated to assist in enabling contact tracing and reducing the spread...

The Future of Indoors with Digital Indoor Systems
Digital Transformation, 5G, and COVID-19 have triggered further growth in indoor traffic Digital tr...

Seizing Opportunities in the ICT Sector
The Increased Pace of Digital Transformation Automation, digitalisation, artificial intelligence (A...

CoVID19, Digital, ML
CoVid19 hit us and has now created the “new Normal” in terms WFH, Video conferences, bal...

Do we really need CEOs, CFOs, and CIOs?
Why CMOs and CTOs are all you need to succeed in today's world This is my first article in a se...

Cinématographe by the Lumière Brothers & History of AI
The Lumière brothers, Auguste and Louis, French inventors and the pioneer manufacturers...

Avenues To Expedite The Incorporation Of 5G Into Industry
5G has been launched in Asia Pacific. South Korea, China, the Philippines and other countries have b...

4G/5G Fixed Wireless Access: A Critical Revenue Growth Engine
In studying key success factors of solutions, it can almost always be shown that the underlying conc...

Big Data Machine Learning IoT and PI
In the era of the Internet of Things (IoT), an enormous amount of sensing devices collect and genera...

Asia’s Plan To Leverage 5G Is Missing A Regional Strategy
The day the world’s first commercial 5G services promised a “great leap” is still ...

Learning from #COVID19…Would remote working be the new normal?
Musings of a Technology Evangelist In the past few months, we have all learnt many new terms&hellip...

Principles of Sustainable Cybersecurity
In past few years the annual rate of cybersecurity breaches has almost been doubled, and as a result...

Data Governance a key element for Digital Transformation
For the last few years, corporate environment, used to speak and hear lots of financial/management t...

Seven Traits of a Millennial CEO
With a staff strength and annual turnover in the order of billions and trillions respectively, Chris...
Ken Soh Lee Meng
Chief Information Officer BH Global and CEO of Athena Dynamics Pte Ltd
Ken Soh Lee Meng is the Chief Information Officer BH Global and CEO of Athena Dynamics Pte Ltd Mr Ken Soh Lee Meng holds concurrent appointments as Group CIO of mainboard listed BH Global Corporation and as the founding CEO of the group subsidiary cyber security company Athena Dynamics Pte Ltd. Mr Soh has more than 28 years of working experience in the ICT industry. Prior to joining BH Global, Mr Soh held various senior positions in public and private sectors at CxO and business leader levels with Master Planning and P&L responsibilities. He holds a Master of Science in Computer Studies from the University of Essex (UK); and a Master of Business Administration (eMBA) from the Nanyang Business School (a Nanyang Technological University and University of California, Berkeley joint programme).