Signature-based solutions, as well as sandboxes, are always changing and adapting to new threats, but they will always be a step behind; it’s a and we are left with a never-ending cycle of threats, that leavesing us with no hope of stopping them all. We wanted to break that cycle by taking a new approach and change the way we think about threat protection and prevention.
What makes this new approach unique?
We’ve developed a content disarm and reconstruction (CDR) mechanism, where, instead of detecting threats, we prevent them. It’s a very narrow, closed parameter of things users are doing at work. Content is delivered to the enterprise via different sources like email, web, or FTP, and CDR ensures that no malicious malware is hidden in the content.
When content goes through CDR, ReSec breaks down the file and regenerates the same functional file type content, excluding elements with potential risk. It’s as quick as an antivirus, with no latency. Users don’t need to go through any additional training because the entire process is behind the scenes and operates in real time. The CDR process produces no false positives, because there’s no need for detection. Once deployed, it’s already a part of your email chain, FTP, or it has been integrated at the endpoint level to the organization device control. Whatever goes through the CDR will be cleared of any malicious code that might have been embedded at a deterministic level. It’s a military-grade solution offered to enterprises and organizations, and it’s accustomed to fit the enterprise environment as well as SMB deployed on-premise or via the cloud. No periodic updates are needed, as our solution gets rid of all the “noise” in content delivery, ensuring that whatever goes in is clean, so it is already fitted for tomorrow’s threats.
How does it work?
The platform has a few stages of operation: On the first stage, every file introduced is checked through true file type engines to enforce policy in accordance to the user preset policy. We integrate with active directory to allow policy management per groups. The second stage is a multi-scanning antivirus, which is a quick method to get rid of all known threats. The third stage is running the content disarm and reconstruction engine for numerous file types, including Microsoft Office files, PDFs, images, etc. These will be regenerated according to a set of rules determined by the organization. Let’s say a PDF contains a url for example. We are able to check and modify it, erase it or turn it into text. This is a specific example of regeneration. After that, the file is transferred to the user safely.
What happens when malicious content is identified?
CDR does not identify malicious content. Rather, it clears elements which have the potential to be malicious. It’s a prevention method that doesn’t rely on detection. That’s what makes our solution feasible to smaller enterprises without many resources, as well as to enterprise that are looking for extreme powerful prevention solution.
How easy is it to deploy ReSec, and does it integrate with existing systems?
Our ReSecure platform can integrate with different platforms such as email, where we are part of the channel of incoming emails as an MTA, web solutions like fire-.glass, Citrix and web proxy solutions. ReSecure can also integrate with FTP or as a directory watcher. Our endpoint solution can be integrated with common device control, such as McAfee or NortonLIfeLock, making sure any information introduced via USB will be going through the full process of network security. Another deployment is a cloud solution for organizations who use cloud email providers such as Office365, Gmail or Yahoo!, where we provide complementary protection behind the scenes. The IT department who sets up the solution on-premise also enjoys easy deployment using virtual machines, which can be set to work as a cluster with dynamic load balancing. Thousands of files can be transferred per hour. Deployment can also be done to integrate with existing detection solutions like sandboxes. This helps structure specific work flow in the way the organization decides. Management is also relatively simple. We define a set of rules and a group of users that the rules apply to. Typically, we see four types of policies depending on the enterprise’s needs. Once policies are defined and connected to the group of users, there’s no need to do anything else. We integrate with SIEM systems, which generates all information for the monitoring tool. Users can simply log into their dashboard and view information about traffic going by in real time.
Do you have any new features planned in the near future?
One of the main things we are working on is an improved web browsing solution, something many organizations are in need of regardless of size. We are focusing on this because we feel that current solutions are too expensive and often create limitations that interrupt an organization’s activity. In addition to the improved web browsing solution, we’re working to create a matrix of risk per file based on the structure and elements within the file. This type of alert will inform the user when a threat requires further attention, examination and analysis as it is making threat-free replica of files in real time. Using CDR in this fashion will allow us to create insights about the content being processed. We currently have about 40+ enterprises using our solution. We work with 10 different channels and integrators and have about 10 technology partners who use our service via API. We’ve recently established a New York office, so we’re constantly expanding both our products and our company.
What is your personal perspective on cyber security?
The cyber security market is thriving, with many vendors doing amazing things to battle the ever growing risks. However, I feel bad for the CISO and IT managers who are being frightened on a daily basis and face great uncertainty in respect to how to protect their organization. There are too many solutions out there and the majority of people don’t know which kind of solution they actually need. Security requires layers. CISOs and IT managers need to constantly reevaluate the threat landscape and the organization’s weaknesses. Endpoint solutions don’t replace network solutions, for they both hold significant value to an organization’s security, they just hold significance in two very different areas of security. The overwhelming amount of noise in the market is making it difficult to decide which company has the best technology and making it difficult to pinpoint which solutions are best for an organization. My tip for those individuals is: Determine exactly what is it you’re looking for. If you need an endpoint solution, start asking the following questions - are you willing to change your behavior and the way you work? If you need a network solution, how will you implement it? What is your goal? What are the powerful tools you will use to enable identification and more importantly, prevent the threats? In order to answer these questions, you need to decide what you want to do and what your parameters of success are? There are no silver bullets so be skeptical of those who try to sell you one. Focus on the problems you’re trying to solve, concentrating only on the issues that you’re most concerned about. Obviously, it’s much easier said than done, but if you start asking the right questions, you’ll soon find the solution that fits your organization best.
