MDR (Managed Detection and Response) and CDR (Content Disarm and Reconstruction) represent two distinct approaches to cybersecurity that complement one another. Here are reasons why CDR is a valuable addition to MDR:


  1. Proactive vs. Reactive Security: While MDR often focuses on detecting and responding to threats once they’ve been identified, CDR is proactive, preventing malware and other threats from entering in the first place by stripping harmful content from files.

  2. Protection Against Zero-Day Threats: Although MDR can be effective in identifying known threats, it might not always guard against zero-day attacks that lack a known signature. CDR can neutralize such unknown threats by disinfecting potentially harmful content.

  3. Minimizing False Positives: A challenge with detection-based systems (like those in MDR) is the risk of false positives. CDR minimizes this risk as it centers on reconstructing files rather than blocking them based on potential matches to known threats.

  4. Preserving Business Continuity: By sanitizing files yet retaining their usability, CDR ensures employees can continue their tasks unhindered, while MDR focuses more on isolating and responding to threats.

  5. Reducing Response Time: Since CDR can disinfect files in real-time, the time required to respond to a threat is decreased, enhancing an organization’s overall security posture.

  6. Layered Security: A comprehensive cybersecurity strategy demands multiple layers of protection. While MDR tackles the detection and response aspects, CDR adds an additional layer of preventive protection.

  7. Cost Savings: By reducing the number of incidents that require a response, CDR can help lower the costs of incident response and recovery.

In conclusion, while MDR is a valuable service assisting organizations in detecting and responding to threats, CDR provides an additional security layer that proactively extracts harmful content from files. Combining both approaches can lead to a more robust and comprehensive security strategy.

XDR (Extended Detection and Response) and CDR (Content Disarm and Reconstruction) are both valuable cybersecurity approaches, yet they focus on different facets of defense. Here are some reasons why CDR is a valuable addition to XDR:


  1. Complementary Security Layers: XDR primarily centers on detecting and responding to threats across the network, cloud, and endpoints. CDR, on the other hand, focuses on preemptively neutralizing harmful content in files and data streams before they enter the network.

  1. Proactive Security: While XDR detects and reacts to threats after they’ve been identified, CDR is proactive, eliminating potentially harmful content from files, thereby reducing the risk of infection.

  1. Protection Against Unknown Threats: XDR is effective against known threats but might face challenges in identifying new or unknown threats. CDR neutralizes harmful content in files, even if it’s a zero-day threat.

  1. Minimize False Positives: XDR can sometimes mislabel legitimate activities as malicious. CDR reduces the likelihood of false positives by purifying files without completely blocking them, ensuring smooth business operations.

  1. Preserving Business Continuity: By removing malicious content from files and maintaining their usability, CDR ensures that employees can continue their tasks uninterrupted.

  1. Layered Security: Cybersecurity demands a multi-layered approach. While XDR handles detection and response, CDR offers an additional defensive layer at the content level.

  1. Cost Savings: By proactively removing harmful content and thus minimizing infections, CDR can aid in reducing costs associated with incident response and recovery.

In conclusion, while XDR is a potent tool in an organization’s cybersecurity arsenal, CDR provides a specialized and proactive approach to tackle threats at their source. Combining both approaches can yield a more robust and comprehensive cybersecurity strategy.

EDR (Endpoint Detection and Response) and CDR (Content Disarm and Reconstruction) are both valuable cybersecurity solutions, yet they focus on different areas and capabilities. Here are some reasons why CDR is a vital addition:


  1. Differing Focus: While EDR primarily centers on monitoring and responding to suspicious activities on endpoints (like laptops and servers), CDR focuses on removing or neutralizing potentially harmful content from files before they even reach an endpoint.

  1. Proactive Security: EDR systems excel at detecting and responding to threats once identified, but they often act after the threat has become active. CDR is proactive, ensuring files are purified of malware before they are opened.

  1. Protection Against Advanced Threats: Modern malware often employs sophisticated techniques to evade detection. CDR can help guard against zero-day attacks and other advanced threats by removing malicious components from files, even if they haven’t been identified by traditional security solutions.

  1. Minimize False Positives: EDR can sometimes generate false positives, leading to unnecessary alerts and actions. Since CDR cleans files instead of blocking them, the chance of false positives is often reduced.

  1. Preserving Business Continuity: With CDR, employees can continue to safely open and share files, knowing the content has been purified of potential threats, without interrupting the workflow.

  1. Layered Security: An effective cybersecurity strategy is layered and diverse. While EDR assists in detecting and responding to threats on endpoints, CDR offers an added protective layer against infected file attachments and downloads.

  1. Complementary Capabilities: While EDR provides in-depth visibility and control over endpoint activities, CDR offers thorough content inspection and cleansing. Together, they present a more holistic security approach.

In conclusion, although EDR is a powerful and essential tool for modern organizations, integrating CDR can further bolster an organization’s security posture by providing an additional and specialized defense against malware and other file-based threats.

Antivirus software is certainly a step in the right direction for basic security. However, CDR (Content Disarm and Reconstruction) offers certain advantages that go beyond the capabilities of traditional antivirus software. Here are some reasons why CDR would be a valuable addition to antivirus:


  1. Handling Advanced Threats: Traditional antivirus solutions often rely on signature-based detection, meaning they primarily detect known viruses and malware. CDR, on the other hand, is designed to neutralize even unknown and advanced threats (like zero-day attacks) by removing potentially harmful content from files.

  1. Proactive Approach: Instead of waiting for a file to be identified as harmful, CDR actively reconstructs the content of a file to a safe state, removing the potentially harmful elements before they get a chance to activate.

  1. Reduction of False Positives: While antivirus software can sometimes mark legitimate files as harmful (false positives), CDR focuses on purifying and reconstructing files, reducing the chance of disrupting legitimate files.

  1. Protection Against Diverse Threats: Antivirus primarily targets malicious code. CDR, in contrast, addresses a wide range of content threats, such as embedded scripts in documents, which may go unnoticed by standard antivirus.

  1. Preserving Business Continuity: With CDR, employees can safely open and share files without interrupting the workflow, knowing the content has been purified from potential threats.

  1. Layered Security: The cybersecurity world is about layered defense. Combining antivirus with CDR provides a more robust security system, where each layer tackles a different type of threat.

  1. Adapting to Evolving Threats: Cyber threats are constantly evolving. CDR technologies are often designed with these dynamic landscapes in mind and can frequently adapt to new types of threats that traditional antivirus solutions might miss.

In conclusion, while traditional antivirus remains an essential component of any security strategy, CDR offers a specialized and proactive approach that enhances an organization’s security infrastructure. Combining both provides a more comprehensive defense against a wide range of cyber threats.

There are two price lists available: the regular retail price list and a price list for IT service providers. In the market, Bodyguard.io offers the most attractive price per user. The reason for this accessible pricing model is that we want to protect as many organizations as possible. Please get in touch to receive the price list.

Bodyguard CDR impacts various CIS Controls to strengthen security policies. Here are some controls that are relevant:


  • Control 8: Malware Defenses. Bodyguard CDR assists in identifying and removing malicious content from files, which is one of the primary objectives of this control.

  • Control 7: Email and Web Browser Protections. Since a lot of malware enters through email attachments or files downloaded from the internet, Bodyguard CDR can help neutralize these threats.

  • Control 13: Data Protection. By removing malicious content from files, Bodyguard CDR contributes to protecting data against unauthorized access and manipulation.

  • Control 18: Application Software Security. When Bodyguard CDR is applied to software and application files, it can help maintain the integrity of the software by removing potential malicious elements.

Absolutely, click here to try the software for free for 14 days.

It is also possible to request a personal demo here.

We are happy to assist in evaluating the software.

Yes, support in various forms is available through our partner. If desired, 24×7 support can even be provided.

The CDR software processes attachments locally on the employee’s device, ensuring sensitive file content doesn’t leave the device.

However, CDR metadata is collected by the Bodyguard platform to enable reporting via the online customer portal. The metadata includes audit logs and information regarding CDR performance.

The Bodyguard platform runs on AWS infrastructure with data centers located in the EU.

View the data flow chart here for a visual explanation of the data processing.

We are a cybersecurity software company and we continuously evolve. As a customer, you will have access to our plans for improving and expanding the software.

Yes, the original source of the file remains intact. The CDR software processes attachments locally on the device. Files originate from various sources, including but not limited to web browsers, Outlook, Zoom, and Teams. After local processing of a file, the original file remains intact on the servers of the respective application.

Yes, for both IT service providers and organizations, an API integration is available which allows extraction of CDR audit logs and statistics. This information can be utilized in various ways, for instance, to enrich your own reporting or to feed external SIEM systems.