SaaS — File Bypass
What is the File Bypass feature?
Before we dive into the feature, let’s gather some context first…
Within our FileTrust Email solution, we have a key process that dismantles an email attachment & sends it through our core engine which outputs a disarmed file. 95% of the time, files are protected and sent to the recipient.
There are cases where the files are so broken, that they cannot be rebuilt by the engine; in those instances we hold those files, preventing the recipient from receiving the file.
For the file to reach the recipient, the file has to be either: Released, Approved or Denied by the system administrator.
This is not a big problem with smaller organizations, but imagine being the administrator of the system for a company with over 1,000 users.
We thought about this matter when building the solution, and had a Threat Censor service capable of minimizing the amount of held files by letting users filter out the same type of issues. Although the process of enabling this additional workflow was manual.
To tackle this matter, and make the lives of system administrators easier, this is where the idea of the File Bypass service came to mind.
So moving onto the initial question with some context, what is File Bypass?
The purpose of the File Bypass feature was to minimize the number of files being held by the system to an extent where system administrators would only be notified when malicious files are detected.
The solution we came up with is very simple. Sometimes complex problems require simple solutions, right?
We decided to make the default action for files with issues to be ‘allowed’, then send them through Reversing Labs to check if the file contains a known malicious hash. If the files are known to be malicious, only then they would be tagged as held and malicious.
The key was to make sure that we can still process and capture problematic files with high confidence. This approach added two layers of security:
- All files are regenerated through our core engine
- Files are scanned by Reversing Labs to check if they could be malicious
This also meant that all the files which couldn’t be regenerated, are scanned through RL and if non-malicious, sent through to the recipient without any disturbance.
