At least once in our lives we have encountered some suspicious files online, either attached to mysterious emails, shared via social media, or even downloaded to our PC when surfing the net. However, many of the antivirus and sandboxing technologies that organizations rely on cannot provide full protection against file-borne threats. These technologies only scan for known malware signatures and cannot detect new and unknown threats. This is why there needs to be a new approach to file sanitization, based on advanced Content Disarm and Reconstruction (CDR) technology.
CDR goes beyond traditional malware detection solutions by proactively removing malware from files, ensuring the file is wiped clean and safe to use. Depending on the type of CDR, the technology assumes all files are malicious and scrutinizes all files that are outside of the approved firewall. Unlike antivirus solutions, that block or quarantine files if deemed malicious, CDR rebuilds malicious files—transferring the known, good content into a new file—allowing the file to be opened without risk.
Blocking and quarantining files is one of the biggest problems when we talk about traditional cyber solutions. Most of the time, the files that are being scanned for malicious content inside, are files that we need and are trying to use. Even with older versions of CDR, if one malware is detected inside the content of the file, the file cannot be used, since it is either converted to another file type, flattened, or the valuable active content inside is removed.
Votiro, an innovative company has developed a smart solution that comes to help in situations like this. Votiro offers the most advanced form of CDR, Positive Selection® technology. This new approach is the next evolution of the popular content disarm and reconstruction technology. Positive Selection® uses template-based reconstruction to recreate clean templates with only the known good content included. This approach mitigates malware and ransomware in files without impacting file fidelity, usability, or the user experience.
4imag had the opportunity to interview the CEO of Votiro, Ravi Srinivasan, to gather more information about this innovative solution and the company’s zero-trust content security approach.
Can you give us a little background history on how Votiro was created? How did you and your team come up with the idea of starting a content disarm and reconstruction solution?
“The company was formed in 2010. Our first products shipped in 2012, and later on, we shipped our initial product in 2014, which was disarming files and delivering them safely to users.
Originally the founder of the company looked at the problem of antiviruses: all antivirus products were looking for known malware. Bad actors are always playing one step ahead of the people who are trying to catch known hashes. Bad actors are constantly evolving, innovating, and finding ways to evade existing security postures and technologies. So, we thought, why don’t we take a look at the problem from the other side? If I’m a user, I want safe content coming to me. Could we develop a way to deliver safe content without having to look for malware? That was the problem statement that the founder wanted to solve, and how the whole idea of the company was created.”
What is the main mission that Votiro aspires to reach?
“Since 2014, we have witnessed a great digital transformation and, in the last few years, we have seen the rise of remote work everywhere. More and more people are relying on the flow of content and want to use content safely – whether you download files via email, via the web, or upload files to the cloud. And, the question was: how do we keep that content safe? That’s the mission that we’re on. Content can come in files that people use, such as images or through archives, and it can even be shared on social media. So, our goal is finding ways to deliver safe content wherever the users and applications are.”
What are some of the objectives that you are trying to reach this year?
“Our objectives are divided into three big focus areas. The first is a collaboration with third-party partner companies, contractors, or supply chains. We want to help organizations safely collaborate with others and safely use the content. The second big focus area is the cloud. Many people are migrating content-rich-applications to the cloud and the use of file scanning and filtering raises a lot. Therefore, we want Votiro to be the first choice when sharing, uploading, and downloading content. The third objective is how we deliver safe content on your applications. There’s a lot of digital transformation happening, and more people are using APIs and web services to connect application-to-application, so they’re exchanging content via file transfers. There are so many things happening from one machine to another. So, how do you ensure we’re delivering safe content in that interaction? We call it secure digital interactions.”
As we know, Votiro’s Positive Selection technology makes the company distinguished in the market. Can you please explain to our readers what this approach specifically means regarding file-sharing safety, and how it benefits its customers?
“Content disarm and reconstruction as a methodology has been around for 10 years now. The first generation of CDR technology was used to flatten the file. The second generation, which is now more common, is being used as a service model. This approach focuses on transforming the file. For example, if I get a Word document, I transform it into some rich text or document recursively. I scan it to build a clean file, and then convert it back to a document and send it to the user. As we can see there are a lot of conversions happening, which is why the final result is often very limited in performance and quality.
What Votiro did is come up with an innovation called Positive Selection® technology. We said: why don’t we take a file format, compare it with a good template of the file format, move all the known content to another document, and start with a clean Word document without all the metadata layers of XML. We then clean out the content such as words, pictures, and macros; then we deliver that safe file to the user. What is removed and left behind are objects, executables, or embedded things that were not supposed to be in the file in the first place. This is what Positive Selection® is and we call ourselves the third generation of CDR because of this technology.”
Since CDR technology is a part of the zero-trust approach and measures, what are your thoughts on zero trust approach regarding cyber safety?
“In my opinion, zero trust is the right architecture for a company to use. But I would say, unfortunately, in the market, there’s a lot of confusion. This confusion is because many security vendors have started using zero trust as a way to present themselves. But they’re doing a disservice to the customer. When you look at zero trust as a principle, the idea is you’re not going to trust the device, the data, or the connections to the enterprise. The idea is how do you ensure that content is safe? How do you ensure that the users coming in are authenticated users? I believe zero trust makes sense at the identity level and a content data level. Zero trust content and data is a way to be more preventative, a solution to prevent the malware from ending up on the endpoint in the first place.”
And lastly, based on your yearly experience, what are some tips or best practices to follow that you can tell our readers about phishing attacks and email safety?
“When you look at it from a user perspective, there’s a lot more than the industry can do in terms of raising awareness because we’ve all been taught: don’t click on links – and that’s good advice. However, the bad actors are becoming a lot more sophisticated. If I get an email from a person with whom I have interacted for a week or two, it means I’m expecting some kind of conversation with that person. This specific email could be a phishing attack. It’s hard to just say ‘don’t click on links’ or ‘don’t click on attachments’ because you need to click on links and attachments in your daily work. I would say, let’s help our users to always verify the sender or the way of communication. I think it’d be good for users to be a little bit more vigilant in their day-to-day interactions on the web.”