FAQ
Q. What is the difference between CDR and traditional antivirus?
Antivirus/Sandboxis the maliciousness of the fileDetectionIn this way, it only blocks known threats based on signatures or behavioral patterns.
Zero-Day AttackIt is vulnerable to unknown threats such as this variant of malware, and continuous signature updates are required.
CDR of SHIELDEX Fileis not a detection methodIdentification, Extraction, Reconstruction Methodoperates.
By identifying risk factors and extracting only safe content to recombine into a new file, it is possible to proactively block unknown threats, regardless of whether they are malicious.
Q. Is it possible to respond to zero-day attacks?
Yes, it is possible. CDR identifies risk factors without determining the malicious nature of the file and then extracts and reconstructs only safe content, allowing it to preemptively block zero-day attacks or variant malware that do not have signatures.
You can establish a dual defense system by combining it with the vaccine inspection feature.
Preemptively detects malware known as vaccines before neutralization processing and blocks threats not recognized by CDR.
Q. What file formats are supported?
Supports various formats such as MS Office (Word, Excel, PowerPoint), PDF, Hancom Office, HTML, JSON, images (PNG, JPG, etc.), and compressed files (ZIP, TAR, 7Z).
Supported extensions and content list isSupported Extensions, Support ContentPlease refer to.
Q. Does it look the same as the original after de-identification?
It depends on the policy settings. The 'Maximum Security' mode identifies risk factors and extracts only safe content to reconstruct it as safely as possible, while the 'Maximum Integrity' mode selects safe content for reconstruction while maintaining the original structure as much as possible.
Core content such as text, images, tables, and layouts is identified and maintained as safe content, ensuring business continuity.
However, since risk factors such as macros, scripts, and hyperlinks are excluded, files that require these functions need to be checked before the sanitization process.
Q. Does it affect system performance?
Since it is processed based on static analysis, the system burden is low. It does not execute files like a sandbox, resulting in lower CPU and memory usage, and system resource usage can be monitored through a real-time dashboard.
If a large file or a compressed file contains multiple files, the processing time may be extended, so the policy can set limits on the number of files and the depth of compression to manage system load.
Q. How are password-protected files or encrypted files handled?
Password-protected documents, password-protected compressed files, and files encrypted with DRM are subject to restricted decontamination processing. You can set whether to block them in the policy or to bring them in as they are.
If you do not know the password or encryption key, it is impossible to analyze the internal structure of the file and perform sanitization, so it is recommended to set up blocking according to security policies.
Q. How are large files or compressed files handled?
Large files can have a size limit set in the policy (recommended: 100MB), and if exceeded, they can be handled by blocking or importing the original.
For compressed files (ZIP, TAR, 7Z), you can set limits on the number of internal files and the depth of nesting to prevent system overload.
Each subfile within the compressed file is individually sanitized, and the results can be checked in detail.
Q. How does extension forgery detection work?
Checks the consistency between the actual format (metadata) of the file and its extension. For example, if the extension appears to be docx but the actual format is exe, it is considered tampering.
It is an important security feature to prevent malicious files from entering by disguising their extensions, and it is recommended to enable blocking settings in the policy.
You can allow exceptions for importing original files for specific extensions if necessary.
Q. What is the relationship between vaccine testing and CDR?
Vaccine checks are performed before decontamination to detect known malware in advance. It enhances security with a dual defense system that combines CDR and vaccines.
Files detected in the antivirus scan can be blocked according to policy, and files that pass the antivirus scan are also blocked against unknown threats through CDR.
Q. Can it be applied to a hybrid environment?
Yes, it is possible. It can be integrated through a network isolation solution and REST API, or it can be deployed independently in a network isolation environment.
It has references for integration with existing network linkage solutions such as Hansak, 3Ssoft, HuneSion, and SQubeI, allowing for quick implementation.
With the dual configuration of STN#1 and STN#2, stable service provision is possible.
Q. Can policies be set differently for each user?
Yes, it is possible. You can specify and apply different security policies for each user and group.
Policy management can be segmented according to organizational structure such as by department, role, or external collaborators, and it provides policy change history management and restoration features.
You can also apply temporary policies by setting an expiration date in the group policy.
Q. How is the original file stored?
Original file before sanitization and file after sanitization completionAESIt is stored encrypted.
It can be used for cause analysis and reprocessing in the event of a security incident, and can be checked or reprocessed through the backup file download function.
You can set up a data organization schedule to manage retention periods and operate storage space efficiently.
Q. How is access control managed?
The web console provides IP-based access control (whitelisting), allowing access to the admin console only from registered IPs.
The API is managed through access control based on channel codes and task codes.
You can register access control rules that allow decontamination requests by combining channel codes and work codes, and issue API Keys for each permission to enable granular access control.
Q. Is there an audit log and reporting feature?
Yes, it provides the ability to view audit logs for administrative actions (menu access, configuration changes, etc.) andCSVYou can export in the format.
It also visualizes and provides file influx patterns, risk distribution, and threat detection status, offering the data necessary for security report writing.
Risk levels are classified and visualized into 6 stages from 'Safe' to 'Tampering', and you can check the representative content types and counts for each risk level.
Q. Is it possible to integrate with the existing system?
Yes, it is possible. It provides a standard REST API that can flexibly integrate with various systems such as web gateways, cloud storage, email gateways, and more.
The API guide and sample code are provided for quick integration.
It supports asynchronous processing methods, allowing for efficient integration even when handling large files.