Tag Archives: Content Validation

Validating the Payload

10 Nov

In the blog Secure Delivery of a Payload we discussed how secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.
Continue reading

Secure Delivery of a Payload via a Protocol Break

21 Oct

A secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.

In this blog we briefly look at protecting protocol-based attacks. In a future blog we will look at content-based (payload) attacks.

Continue reading

Nexor Merlin – PDF Wizardry in G-Cloud

30 Jul

In the blog Documents: a Hackers Gateway to your Enterprise I discuss a new approach to reducing the risk of malware embedded in documents, as anti-virus solutions are no longer that effective.

The concepts introduced in the blog are now expanded upon in a Nexor Briefing document Preventing Document-Based Malware from Devastating your Business.

Continue reading

Can you be sure a file is what it claims to be?

9 Jul

Content scanning and filtering products are a crucial part of a security ecosystem, validating that files being moved in or out of a network conform to expectation.  But how do you determine what is expected, if the file extension (for example file.PDF) is not reliable.
Continue reading

PDF Security: protection from zero-day content-based malware attacks

23 Mar

Nexor have just released a press statement about a new approach to protecting against PDF viruses and file based malware that has been incorporated into Nexor Merlin. In the press release I am quoted as saying:

“Current Antivirus technology has reached the plateau of what it can achieve. The combination of Nexor and Glasswall technologies provides a new approach that is not dependent on signatures that describe what is known to be bad historically. This enables customers to have confidence that they are protected from the next Beebus like zero-day attack hidden in documents.”

In the coming months I will blog more details about using content security techniques to enable the safe use of PDF, reducing the risk from PDF malware.