Business documents are vital to the smooth running of any business, but they are an oft-overlooked source of security vulnerabilities and threats. The ease with which they can be communicated, including over open networks and communications mechanisms, makes them accessible to external actors who look to subvert them for their own gain. This can be seen in the fact that they are the prime threat vector of choice used in 94% of advanced targeted attacks1. These attacks generally deploy zero-day exploits in an effort to bypass traditional security controls that focus on those threats that are already known and for which countermeasures have been developed. Today, such targeted attacks are the method of choice for many attackers who look to embed malware into such documents and organisations of any size, in any industry, are being targeted.
Traditional defences rely on reactive measures, need constant updating, cause computing performance to be degraded and focus largely on detecting known exploits or malware, not proactively protecting against them. A new approach is needed that can stop such exploits in their tracks, analysing and deconstructing files and then only regenerating what is good so that unwanted content and threats can be taken off the table. Whilst content such as malware and malicious embedded files that are known to be bad are removed, this approach ensures that the information contained in the document remains unchanged in the regenerated document, ensuring the integrity of the information is maintained.
This document aims to highlight the security risks associated with documents and to show why taking such threats seriously is vital for the success of any organisation in achieving a security posture that is based on real-world risks. It provides information regarding the ineffectiveness of traditional security solutions in guarding against advanced persistent threats (APTs) and targeted attacks delivered in normally communicated documents, and introduces an alternative method for protecting organisations from these very effective threat vectors.