The Art of Defense Against File-Based Attacks

Every organization interacts with files entering through various channels: email, removable devices (like disk on key), file transfer software (FTP), web downloads, and more. Clients, suppliers, and other parties send files to organizations, and it is not always clear whether those files are entirely clean. Since hackers know that organizations cannot block the paths by which files are transmitted, they invest considerable resources in trying to penetrate organizations through file-based attacks. Although many cybersecurity tools are designed to intercept viruses and malware entering the organizational network, some malware is very effective at hiding.

Sasa Software knows how to handle these threats. The company offers security solutions based on the Content Disarm & Reconstruction (CDR) technology it developed. This advanced technology relies on a set of detection tools, a cluster of third-party tools, and proprietary tools created by the company. These tools can deconstruct files and detect problems within them. Unlike other security systems, even when the technology does not detect something wrong with a file, it does not immediately declare it safe. Instead, it rebuilds the file to ensure no hidden threats are left undetected by diagnostic tools.

"The reconstruction process manipulates the file in a way that locks any malicious code inside, neutralizing it," explains the company's CEO, Yakov Yeroslav. "This way, the system protects the organization through all the channels through which files are received, even from those that hide malware in particularly sophisticated ways. This is essential in an era where the once-reliable file transfer solutions, known as Secure Managed File Transfer,are no longer as secure as they used to be. There is an inherent problem during the transportation process, when malicious agents might tamper with the files and inject malware. That's why today, many companies offer clients SMFT systems that include 'vaults,' secure storage locations for files. The use of such tools is becoming widespread globally."

It sounds like a solution has been found for the problem
"It's not that simple. In recent years, it has become clear that these systems can securely transfer files that may contain malware. Therefore, companies operating these systems rely on third-party services for file transfers. During the transfer, the third-party entity transfers the file and conducts deep inspections to ensure it is safe."

"Sasa Software also offers such a service. Thus, when a company wants genuine protection, it must integrate at least two different systems. This process is problematic because when an issue arises, it's unclear who should handle it: Company A or Company B. Moreover, using third parties doesn't always provide the optimal flexibility that security companies can offer. Therefore, the integrated CDR process that we offer is ideal and optimal."

Part of the National Cyber Consortium
Sasa Software is an 11-year-old cybersecurity company with a diverse clientele in Israel and worldwide, focusing on the defense and financial sectors. The company originated as a spin-off of the Plasan vehicle protection factory in Kibbutz Sasa. "They deal with physical security, and we deal with cybersecurity," says Yeroslav. Over the years, the company has made defending against file-based attacks its specialty. The development and implementation of CDR technology have propelled the company into the National Cyber Consortium, led by the Elta division of the Israel Aerospace Industry, which aims to secure government-to-government computer activities. This consortium selects only companies with the best defensive technologies in Israel, and Sasa Software sees its inclusion as a stamp of approval for its unique CDR technology.

"I still remember how, when developing the technology, we argued with Gartner analysts about its necessity," recalls Yeroslav. "Eventually, they understood its importance. Recently, they estimated that in two to five years, it will be as widespread as other core systems used in computing networks, like firewalls and switches."

Top-level integrated security
Sasa Software has integrated the CDR technology into its flagship product for securing organizations: the GateScanner Security Dome. This product provides a solution for the secure transfer of large files from point to point and many additional capabilities. Yeroslav: "This is a unique product on the market. CDR capabilities are perfectly embedded in it, so the organization using it enjoys all the flexibility of this security technology without having to deal with integrating the products of multiple companies. Beyond the ability to transfer files, it also offers secure email capabilities, allowing much larger files to be attached than those supported by standard email systems in organizations. The system secures both the message and its attached files, ensuring they are clean from all directions."

What other features does the product have?
"It supports the establishment of 'thin' scanning stations: computers in the organization that can upload files to the GSSD server and perform optimal file checks. The product includes built-in vaults that ensure that files awaiting download by recipients are secured at the highest level and that no one touches them before they reach their destination. Another standout feature is the automation client, a client that automatically transfers files between different endpoints. It supports the automatic uploading and downloading of files from vaults."

"Since GateScanner Security Dome has matured, there's been significant interest in it," adds Yeroslav. "One of its first customers was Singapore Airport, known as a technological leader in its field. The product currently serves as a cost-effective alternative to existing Secure Managed File Transfer products and vault systems on the market. Clients enjoy the highest level of security and great flexibility, fully integrated into the product. This allows them to concentrate all security matters in one place."

Is there a customer profile for which GateScanner Security Dome is particularly suitable?
"Clients from various sectors have purchased it: defense, energy, retail, education, and more. It's especially suitable for customers whose networks are not decentralized. In the case of a decentralized system, a single central product cannot connect everyone."

What are the future plans?
"We are constantly improving the product. In the near future, we will release a special engine that will enable significant deep inspection of code files and compiled files, which cannot be reconstructed. This and other features will be included in the next product versions."

website>>>
In collaboration with Sasa Software