Solved

Why block certain file types to be downloaded

  • 10 October 2023
  • 5 replies
  • 138 views

Userlevel 1
Badge

What is the rationale behind Cymulate's recommendation to block specific file types (highlighted in red...) in the Web Gateway Report(Inbound)?

 

 

Our customer is curious about the rationale behind blocking these file types.

(It would be even better if there is official documentation or information explaining the basis for this.)

 

Best regards.

icon

Best answer by Shiraz 15 October 2023, 09:18

View original

5 replies

Userlevel 3
Badge +3

Hi @hrseo 

Blocking specific file types in the Web Gateway (Inbound) is recommended because malicious files can potentially be hidden within any file type.

To address this challenge, one effective solution is to incorporate a sandbox solutions into your security strategy.

Each organization determines which file types to block. Therefore, we do not calculate the policy test results into the overall security score

 

Shiraz

Product manager 

Cymulate

  

Userlevel 1
Badge

I completely agree that it is recommended to block specific file types in the Web GW. However, what our client is curious about is what criteria are used when Cymulate recommend blocking the file type.

 

Cymulate highlights specific file types in red and recommends blocking them in Web GW, claiming they are known to be a source of infections/malicious code.

 

 

Please provide the rationale for recommending blocking on specific file types.

(The file types highlighted in red are claimed for Cymulate to be known as a source of infection/malicious code. What is the basis for this claim?)

 

Userlevel 3
Badge +3

Hi,

The blue file types are defined as “Business essential” files, and as you said the red files are known as more common source of malicious code. 

Userlevel 1
Badge

Hi,

The blue file types are defined as “Business essential” files, and as you said the red files are known as a coon source of malicious code. 

Yes, Where did that source come from?

Where did the basis for the claim that the red files are known as a common sources of malicious code come from?

Userlevel 3
Badge +3

Hi @hrseo 

We need to assume that every file can be malicious. However, we understand that there are files that are essential for most organizations, and that's why we've labeled them as such.

The decision of the CISO is which files to block and which files to allow.

Because policies and needs vary from one organization to another, we do not consider this in the overall score.

 

 

 

Reply