Would you like a slice of cake, hold the calories? That’s the basic idea behind Votiro Secured, an Israeli company that’s been protecting clients from external, content-borne attacks since 2010. Votiro’s solutions are based on two key assumptions: 1) People simply cannot be relied upon to follow security procedures with every email and USB stick they receive; and 2) It’s impossible to stay out ahead of malware signatures. As a result, Votiro offers security software that automatically handles content-based threats by removing any element of the file that doesn’t belong.
Like taking the wood and rebuilding the Trojan Horse
Image that the ancient Trojans had seen the Greek gift of a large wooden horse and said, “Nice horse. Let’s take the wood and build it again inside our walls.” The Greek soldiers hidden inside the horse would have been left outside the Trojan fortress. (And the Trojans wouldn’t have lost the war, etc.) That’s how Votiro works.
If a Votiro user receives a PDF file in an email, for example, when he or she clicks on the file, Votiro strips out the “good” parts of the PDF and rebuilds a new PDF file out of them. It removes the text, metadata, images and so forth—everything that is supposed to be in a PDF file—and ignores any other bits that may be there. In a second or two, the user is able to open a fresh, clean, threat-free PDF. Votiro can do this for many common file types.
Cyber policy take
Votiro is enticing from a cyber policy perspective because it allows for passive enforcement of policies. Users will invariably click on links and open attachments even if policy dictates that they should not. With a solution like Votiro, the risk of a policy violation is far lower.
Similarly, a policy that prohibits use of USB drives will inevitably be deficient. It’s virtually impossible to enforce. With Votiro, it’s possible to use USB sticks without worrying about what’s on them. Votiro takes what’s necessary and proper and leaves the rest behind.
Votiro also enables more complex policy definitions like specifying what document types a given class of users can open. All of these policy definition and enforcement capabilities work to reduce the attack surface area for an organization. As organizations strive to comply with frameworks like ISO 27001, the data sanitization features in Votiro can be a big help.