Providing visually identical files with Glasswall CDR technology
We designed Glasswall to protect businesses against the most advanced file-based threats. That’s a big responsibility we take very seriously. It’s how we have become one of only two file sanitization filters in the US Intelligence Community’s highly-classified networks.
Glasswall’s leading CDR (Content Disarm and Reconstruction) technology instantly cleans and rebuilds files to match its known good manufacturer’s specification — automatically removing potential threats.
So whilst we can do all the heavy lifting to ‘Inspect’ the files digital DNA, “Clean’ high risk active content such as macros and embedded links ‘Rebuild’ the file to it’s known good manufacturer’s standard and ‘Deliver’ a safe, visually identical file that’s compliant, standardized and trusted. How do we ensure we don’t go overboard and remove too much content, and how do we validate a file is rebuilt to its known good manufacturer’s standard?
The core engineers at Glasswall know manufacturer’s file type specifications like the back of our hands. So we can ensure the Glasswall CDR technology is built to study, inspect and write code to parse a file according to those manufacturer’s specification. We run thousands of checks against all of the most common business file type specifications, so we know what content can be remediated and sanitized.
Ensuring visual content layer integrity
When you take the original file, and the Glasswall processed file, look at the two and see if you can find any differences…
Doing this manually takes time, and relies on human intervention to play ‘spot the difference’ between the two files, running the risk that mistakes may occur.
Or
Use an automated process that takes images of pages/sheets/slides of files and performs a comparison.
Which would you prefer for a 400 page document?
How we do it?
A Python project, packaged in a docker image and AWS Infrastructure subsequently deployed using (IaC) Terraform, and Kubernetes object configs. The API is now callable from items within our Kubernetes Test Framework cluster.
Subsequently, we could create tooling around the API’s to process mass amounts of files. A specialised tool that came from this is a CLI that can be installed with ease, and begin to process files. In fact we have already taken this approach to enable a large UK government agency to remove malicious content from terabytes of critical data.
This makes the tool accessible, easy to install and use.
Below is an example of how one method of visually comparing to detect differences in files is conducted in Fig A:
Fig A. Visually Comparison using the Pillow Library.
Is it proven?
Our CDR technology has been tested against tens of thousands of files by some of the world’s leading intelligence, government and commercial organizations. We continue to conduct testing on a regular basis as part of our ongoing QA processes.
To summarise
Whilst still a continually evolving project, with testing and analysis in the Continuous Integration pipeline we will continue to refine, improve and innovate our core CDR technology. Glasswall can monitor and ensure visually identical rebuilt files for all our customers.
