Attackers know that if they want to compromise an organization an email with a malicious link or attachment is often the path of least resistance.

Armed with a wealth of information freely shared online, attackers use social engineering as a means to entice employees into opening the message, and if the malware is successful, the endpoint is compromised and likely leads to further damage.

The  2014 Verizon Data Breach Investigations Report indicates email is the initial attack vector 67% of the time in organizations Verizon investigated for breaches.  Well-crafted spear phishing leaves the employee to decide if the link or attachment is malicious unless there’s a security solution that can take the guesswork out of the equation. With thousands of enterprise employees as a target, someone will be enticed—it is just a matter of time.

Many solutions on the market do well identifying known bad links and attachments. But what about zero-day exploits and other unknowns? There are simply too many exploits available for signature-based detection to be effective against targeted attacks.

Adobe Reader has been a favorite for attackers through the use of everyday PDFs. What about password-protected zip files that are used to hide the malware from detection? Businesses can choose to quarantine certain file types, but the most successful campaigns will use everyday attachments, which employees are accustomed to receiving and are more willing to open.

Inbound email containing attachments and links must go through more advanced analysis before reaching an inbox in order to stand a better chance of defending the business. The failure to raise the level of detection will only allow attackers to continue to have their way. This holds true for every sender of email, whether it is a trusted third-party, friend, vendor, or an attacker; delivering clean email to all entities is a necessity.

Once an endpoint has been compromised, non-public information, intellectual property and credentials are at risk as the attacker moves throughout the network and remains persistent in the pursuit of confidential data.

Votiro Identifies and Sanitizes

The senior security experts at Votiro have developed what they say is a military-grade file sanitizing solution. Votiro’s solution is delivered as a cloud-based managed service or as an on-premise Windows-based virtual  appliance.

Votiro’s security solution works on individual files attached to email, downloaded from the Internet, or taken off a removable device such as a thumb drive or CD-ROM. Votiro directs the files into Votiro’s Secure Data Sanitation Device (SDSD) where it then performs an active sanitation process on each file.

This process involves making micro changes to the file in order to interfere with and break any exploit code that might be hidden in the file. Votiro’s technique doesn’t harm the original file format to in order to preserve the message content integrity. When  the sanitization process is complete, the neutralized file is forwarded to the intended recipient.

Votiro’s SDSD solution analyzes and deconstructs every incoming file  since it’s unknown whether it is malicious.  The original artifacts of each deconstructed file (i.e., the headers, footers, file properties, and the file  content) are thoroughly analyzed to detect if exploit code is present. If it is, Votiro manipulates specific attributes to neutralize the exploit. The file artifacts are then reconstructed and the file is considered sanitized, which leaves the rest of the message working as originally intended.

Votiro says its advantage is that it doesn’t need to know anything about the exploit in advance in order to neutralize it. Instead, Votiro is confident with the makeup of legitimate file types so that it can readily identify when there is something in a file that shouldn’t be there.

Votiro says its solution works on 98% of the file types that are typically exchanged among companies and consumers, including:

  • PDF files
  • Microsoft Office files
  • RTF files
  • Image files
  • Archives

Files passing through Votiro’s solution are not only neutralized of malware but also checked

for adherence to company policy as to which files are allowed to enter the organization’s network.

Votiro touts its scanning, which it says is performed in only a few seconds, minimizing latency and keeping user experience a priority.

With the continued uptick in email and web-borne malware as well as increased regulatory pressure, organizations are turning to these types of solutions to prevent attackers from using zero-day exploits to gain a foothold in a private network.

Leave a Reply