Technology

Content Disarm & Reconstruction

Content Disarm and Reconstruction (CDR) is a signature-free technology that detects and removes all known and unknown malware hidden in files. CDR technology does not use behavior or signature analysis, instead it removes all file components that are foreign to a data container. CDR scans every line of code, and as a result, is able to detect and disarm all potentially malicious code. The technology can be used as a complementary or alternate tool that improves detection rates while lowering the processing time when compared to existing standard technologies used today.

Step 1: Content

CDR analyzes a file’s structure to identify
‘active’ content – or potential malware –
hidden within legitimate components.

Step 2: Disarm

CDR disarms a file containing
embedded malware by
removing all active content.

Step 3: Reconstruct

CDR reconstructs a file with only
its legitimate components,
eliminating all possible threats.

Validated Approach



CDR is one of the fastest growing verticals of cybersecurity and it is expected to double in size to $298 million by 2023.



CDR’s preventative concept is a valuable, complementary add-on feature to existing cybersecurity infrastructure.



M&A and investment in the CDR space totaled more than $100 million in 2018 alone.

“As malware sandbox evasion techniques improve, the use of CDR at the email gateway as a supplement or alternative to sandboxing will increase.”

Learn More