Back to Blog

Sandbox vs CDR

Bodyguard Team

Understanding Sandboxes and CDR

Sandboxing prevents data breaches and network attacks caused by malicious URLs and files. It's a virtual environment that acts as a safe zone where artificial intelligence runs and tests files and URLs before delivering them to end users. CDR, or Content Disarm & Reconstruction, also targets malicious files. It disassembles files, removes malicious code, and creates sanitized files that comply with file type specifications.


So which is better, sandboxing or CDR? 

Do you remember the cheating software at Volkswagen? Modern malware manages to stay under the radar similarly. The sandbox creates a snapshot of the system and then opens the potentially unsafe software. By comparing system blueprints before and after, the sandbox can recognize minimal changes and conclude whether a file is malicious. Unfortunately, there are countless opportunities to fool the sandbox. The malware, for example, may feature a built-in timer that allows it to become hostile and perform actions after a specific time. By setting this timer to 10 minutes, virtually every sandbox will mark the file as safe. Users can't wait that long. There are more examples, such as waiting for user action. This act will never come in a sandbox, allowing the malware to remain unnoticed.

This problem does not happen with CDR since the technology disassembles and reconstructs the whole file without keeping malicious content. However, even as enthusiasts of CDR technology, we believe that the best defense against cyber-attacks is a combination of efforts. Sandboxing and CDR are different technologies that work with other engines like antivirus to give the best possible protection.

Talk with our experts

Find out how CDR for desktops can improve your security
Book demo
Plan demo

More from the Blog

Gartner Analysts identify CDR as particularly useful

In the latest edition of Gartner's HypeCycle report on network security content cleaning technology ranks high on the priority matrix for network security.

Read More

SLR Group and Bodyguard enter into collaboration

SLR Group has identified CDR technology as necessary and has therefore entered into a partnership with Bodyguard to help distribute Bodyguard's CDR technology.

Read More

The most commonly used file types for malware

The past year has seen a turnaround with regard to the dangerous files associated with malware. Archive files such as RAR and ZIP are now more commonly used for malware distribution than Office documents such as Word and PDF.

Read More