Understanding Sandboxes and CDR
Sandboxing prevents data breaches and network attacks caused by malicious URLs and files. It’s a virtual environment that acts as a safe zone where artificial intelligence runs and tests files and URLs before delivering them to end users. CDR, or Content Disarm & Reconstruction, also targets malicious files. It disassembles files, removes malicious code, and creates sanitized files that comply with file type specifications.
So which is better, sandboxing or CDR?
Do you remember the cheating software at Volkswagen? Modern malware manages to stay under the radar similarly. The sandbox creates a snapshot of the system and then opens the potentially unsafe software. By comparing system blueprints before and after, the sandbox can recognize minimal changes and conclude whether a file is malicious. Unfortunately, there are countless opportunities to fool the sandbox. The malware, for example, may feature a built-in timer that allows it to become hostile and perform actions after a specific time. By setting this timer to 10 minutes, virtually every sandbox will mark the file as safe. Users can’t wait that long. There are more examples, such as waiting for user action. This act will never come in a sandbox, allowing the malware to remain unnoticed.
This problem does not happen with CDR since the technology disassembles and reconstructs the whole file without keeping malicious content. However, even as enthusiasts of CDR technology, we believe that the best defense against cyber-attacks is a combination of efforts. Sandboxing and CDR are different technologies that work with other engines like antivirus to give the best possible protection.
