Glasswall Content Disarm & Reconstruction (CDR) (copy)

Make the safest path the fastest: provably malware-free files without slowing users.

Glasswall Halo delivers zero-trust Content Disarm & Reconstruction (CDR) as a cloud-native service. Deploy as a VM or on AKS via Helm, manage secrets with Azure Key Vault, and use MongoDB or Azure Cosmos DB (Mongo API) for policy/async state—following established Azure patterns. Halo exposes OpenAPI-defined REST endpoints for synchronous and asynchronous file processing and policy management, and also runs inline through an ICAP service for secure web gateways and proxies. In production, Halo processes files in under a second (typical median ~35 ms) and rebuilds to vendor-spec “known-good” outputs across 85+ file types. Common uses: secure file uploads, Microsoft 365 storage monitoring (SharePoint/OneDrive), cross-domain transfers, and bulk storage migration—delivering clean, visually identical files with minimal latency.

Why this matters

• Eliminate unknowns by design. CDR doesn’t “detect & block”; it rebuilds every file to a verified known-good standard, removing the ability for malware to exist in the document.  What is CDR?

• Sub-second user experience. Halo secures files in under a second; field data shows ~0.035s median per file.  Engine Performance Data

• Aligned to leading guidance. Glasswall CDR is consistent with recommendations and patterns from NCSC, NSA, and NIST for safely importing data.  Industry Leading File Protection

• Operational fit for Microsoft 365. “Quietly safe” collaboration with M365 storage monitoring.  M365 Integration

Capabilities

• REST endpoints for synchronous/async processing and policy control (OpenAPI).

• Inline ICAP for SWGs/proxies (forward or reverse proxy workflows).  ICAP Performance Summary

• Storage Monitoring for M365. Monitor libraries & sanitise on upload, ideal for “quietly safe” collaboration at scale.  M365 Integration

• Advanced controls. Remove active content (macros, JS, embedded files, links), steganography mitigation, repair structures, and preserve text/graphics/layout fidelity.

Attributes

• Patented four-step CDR: Inspect ? Clean (policy) ? Rebuild ? Deliver - turns untrusted files into compliant, fully functional outputs.

• Depth of coverage. Coverage across 85+ file types, including cpmplex / nested content .  Supported File Types

• ZS6 level Zero Trust File Security – Glasswall implements ZS-6 level file assurance, the highest tier defined in the Zero-Trust Spectrum (Files), representing deterministic rebuild from a clean intermediary model, no lift& shift and fully specification-compliant, policy-enforced output.

• Cloud-native on Azure: AKS + Helm, Key Vault for secrets; Cosmos DB (Mongo API) or MongoDB for state.

Outcomes by audience

• Partners/SIs: Reduce delivery risk; ship a zero-trust control with clean integration patterns (ICAP, APIs, M365).

• Government: Enforce safe cross-domain flows with alignment to NCSC/NSA/NIST while maintaining instant mission UX.

• Regulated industries (FSI, Insurance, etc.): Stop file-borne fraud/malware in KYC/onboarding; provide deterministic evidence of control.

• Enterprises: Zero-trust file security users don’t notice—but auditors do.

https://www.wetransact.io/