Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Content Disarm and Reconstruction (CDR) Capabilities

  1. Last updated
  2. Save as PDF

Skyhigh Security’s Security Service Edge (SSE) platform leverages advanced Content Disarm and Reconstruction (CDR) technology to provide a proactive layer of defense against zero-day exploits and obfuscated malware. Unlike traditional sandbox or signature-based detection, CDR focuses on the "known good" structure of a file, stripping away potential threats while preserving the usability of the data.

The following features are currently in General Availability and fully supported within the Skyhigh Security SSE ecosystem.

File Type Declaration 

This capability ensures that the security engine accurately identifies the true nature of a file, regardless of its extension. Attackers often rename malicious .exe files to .txt or .pdf to bypass basic filters.

  • Deep Packet Inspection: Analyzes the file header and binary structure.

  • MIME Type Validation: Cross-references internal data patterns against industry-standard media types.
  • Anti-Spoofing: Prevents "Right-to-Left Override" (RLO) and other renaming tricks.
File Structure Sanity Check:

The sanity check validates that a file conforms strictly to its published specification (e.g., ISO standards for PDF).

  • Structural Integrity: Checks for malformed objects that could trigger buffer overflows.

  • Compliance Verification: Ensures the file does not contain "slack space" or hidden data outside of the standard viewing path.
  • Heuristic Profiling: Identifies deviations from expected file architecture.

 

Neutralization of Active Content

This is the core "Disarm" function. It identifies and disables any executable elements within a flat file.

  • Macro Stripping: Automatically removes VBA/XLSM macros from Office Documents.

  • JavaScript Disabling: Neutralizes embedded JS within PDF forms or headers.
  • Link Sanitization: Analyzes and can neutralize malicious hyperlinks (URL redirection) embedded in the text.
Content Extraction 

The engine breaks the file down into its safe primitive components—text, images, and formatting—stripping the original potentially compromised shell.

  • Safe Re-serialization: Only the extracted clean content is passed to the next stage of the reconstruction pipeline.
  • High Fidelity: Maintains the visual integrity and layout of the original document for the user.
Embedded Object Handling 

Modern threats often hide within "Oleo" objects or nested files (e.g., a malicious Excel sheet inside a Word document).

  • Recursive Inspection: The CDR engine drills down through multiple layers of Embedding.

  • Object Extraction: Identifies and processes objects such as OLE, ActiveX, and embedded attachments.
  • Policy Enforcement: Allows admins to block or sanitize specific embedded file types while allowing the parent document through
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.