It is often said “a picture is worth a thousand words.” That’s usually good advice when presenting information, however with the rise of insider theft and people changing jobs during the “Great Resignation” it’s taking on a new, more nefarious meaning.
Blocking Steganographic Data Exfiltration
Unfortunately, data theft is on the rise. Many organizations deploy defenses such as data loss prevention (DLP) technologies to prevent people from misusing sensitive data—copying to USB memory sticks, emailing to private accounts, uploading to unauthorized cloud storage, etc. Most of the major DLP vendors’ products do a good job of spotting text in a variety of formats (it’s something we’re especially known for). But, clever thieves are turning to new approaches, such as steganography, to embed sensitive data into images that typically pass through even stringent defenses. Is this just a picture of a sunset, or something worse? (Spoiler: it's just a sunset, I took it myself.)
Steganography is relatively easy to do because many image formats allow extra information to be inserted, even if it’s not part of the picture that ultimately gets displayed. As web security solutions evolve beyond simply blocking access to inappropriate or known-bad sites, they’re incorporating new defenses against image-borne attacks. For example, Forcepoint Remote Browser Isolation (RBI), which is used throughout our web security solutions, applies a Zero Trust approach using technology known as “content disarm and reconstruction” (CDR) that makes web sites and downloaded content safe to use even if they’re secretly harboring malicious code.
But, keeping malware out is just half the picture. We’re also using this same technology to keep sensitive data in. For example, if somebody tries to upload a steganographic image to a personal account in the cloud, our RBI with CDR technology can seamlessly take the image file apart and rebuild it with just the pieces that are directly part of the picture that is to be displayed. This leaves anything inappropriate behind without jeopardizing the quality of the image. It’s bleach for sanitizing files that’s also the best kind of security: protection that keeps you safe without getting in the way.
Here’s a nice video on YouTube from my colleagues Corey Kiesewetter, who writes frequently on RBI and ZTNA topics, and Anthony Bennis showing how steganography can be used to embed sensitive information and how you can stop people from using it to steal sensitive data. We’re incorporating this technology throughout our products, so stay tuned for more.