SlideShare a Scribd company logo

The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content

B
bfanelli

This document discusses using data loss prevention (DLP) technology to detect steganography. It describes how DLP can monitor file movements and copy files like images and music to a forensic archive where other tools can scan them for hidden data. The document provides examples of steganography techniques throughout history and defines modern steganography methods. It also lists some steganalysis tools that can be used for detection.

Technology
1 of 35
Download to read offline
Bill Fanelli Principal Architect Carlton Jeffcoat VP Allen Corporation of America Cyber Security Technologies Division The Message Within: Data Sheet g Extending DLP to target Steganography
Steganography Discovering Critical Evidence - hidden in plain sight -
Introduction • Data Leakage greatly concerns certain industries – High value intellectual property • Pharmaceutical formulas • Proprietary software algorithms p y g – Highly sensitive legal documents • Data Loss Prevention (DLP) explicitly prevents the l k th leakage of this data out of an organization. f thi d t t f i ti – DLP monitors the movement of tagged files and data with keyword content. – DLP technology is uniquely positioned to help with forensics efforts in identifying hidden message carriers. PAGE 4
How to use DLP in Steganography Detection • DLP can monitor the movement of likely carrier files such as image and music files – DLP will copy these files to a forensic archive – Other tools can then scan these files for the presence of hidden data • This presentation will: – Describe these forensic procedures – Detail an implementation of the required workflow PAGE 5
Definition • Steganography – Hiding the existence of the message • Vs. Cryptography – Ob Obscures the meaning of a message e me ning me ge – Does not conceal the fact that there is a message • Steganalysis g y – Detecting the presence of messages hidden using steganography • Legitimate uses of steganography – Digital Watermarking PAGE 6
Steganography - Ancient Methods Wax Tablets • Demaratus of Ariston, exiled in Persia, received news that Xerxes was to invade Greece. • To get word to Sparta he Sparta, scraped the wax off writing tablets and carved a warning message in the wood. He h d then covered the wood with a fresh coat of wax. • The tablet was passed by the sentries without raising any suspicion. s spicion PAGE 7
Steganography - Modern Methods Null Cipher Messages • The German Embassy in Washington, DC, y g , , sent these messages during World War I – Apparently neutral’s protest is thoroughly discounted and ignored Isman hard hit Blockade hit. issue affects pretext for embargo on by-products, ejecting suet's and vegetable oils • D Decoding the message by extracting the di h b i h second letter from each word reveals the actual message – PERSHING SAILS FROM N.Y. JUNE 1 PAGE 8
Technical Steganography • Uses scientific methods to hide a message, g , such as the use of invisible ink or microdots • I 1941 th FBI discovered a Micro Dot In the di d Mi D t carried on a letter from a suspected agent – Micro Dot production p • Create a postage stamp sized secret message • Reduce this in size using a reverse microscope producing an image .05 inches in diameter – The dot was pressed onto a piece of paper Mark IV microdot camera using a hypodermic needle in place of a p period PAGE 9
Simple Example Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
Concerns to Business • Data loss – Covert transmission of corporate IP • Pharmaceutical formulas • Proprietary software algorithms p y g – Highly sensitive legal documents • Hiding illicit activity – Non-job related activity that potentially puts the organization at risk • Gambling • Pornography • Credit card fraud • Terrorism PAGE 14
How big is the problem? 600 Steganography Programs in the Wild 505 500 400 300 200 100 0 2001 2002 2003 2004 2005 2006 Today According to WetStone’s Chief Scientist Chet Hosmer • Where to find them – Neil Johnsons’ Steganography and Digital Watermarking web site • http://www.jjtc.com/Steganography/toolmatrix.htm – StegoArchive.com – Neil Johnsons’ Steganalysis web site g y • http://www.jjtc.com/Steganalysis/ PAGE 15
Steganalysis Tools • For our discussions, we will reference the following steganalysis and malware detection g g y tools from Allen Corporation’s WetStone Technologies – Stego Suite – Gargoyle – Live Wire Investigator PAGE 16
– Stego Suite • Stego Watch – Scan a file system and flag suspected files – Derived from the WetStone’s Steganography and Recovery Toolkit (S-DART) research project for US Air Force Research Laboratory – Exposes an API for researches and developers that allows for new research and steganography detectors • Stego Analyst – Imaging and analysis tool to identify visual clues that steganography is in use in both image and audio files • Stego Break – Obtain the pass p p phrase that has been used – Gargoyle • Hostile program detector with steganography dataset – Malware tool discovery over the network – Target at computers where suspect files originated PAGE 17
Known Methods of Steganography Covert Channels Color 24-Bit LSB Palette Encoding Modification Encoding Algorithm g Modification Word Formatting Substitution Modification Data Appending PAGE 18
Least Significant Bit Encoding • This is the most common steganographic method used with audio and image files • Used to overwrite – Legitimate RGB color codings or p g g palette p pointers in GIF and BMP files – Coefficients in JPEG files – Pulse Code Modulation in WAV files Individual Colors LSB Substitution Combined Color Before After RED 1 0 1 1 0 1 0 0 Before After GREEN 1 1 0 0 0 1 1 1 BLUE 1 1 1 0 0 0 0 0 PAGE 19
Adding a Payload to a Carrier PAGE 20
Steganalysis PAGE 21
Image Filtering PAGE 22
Implementation – Policy & Procedure • Use of these capabilities is driven by risk assessment and A t d Acceptable Use Policy t bl U P li – High risk • E.G., Government Classified, Corporate Legal, Research Lab g • Policy – Not Allowed • Technical Action – Block, Archive, Examine Content, Scan Source Computer • Personnel Action – Possible Termination – Medium Risk • E.G., Human Resources, Contracts, Software Development , , , p • Policy – Not Allowed • Technical Action – Log, Archive, Spot Investigations • Personnel Action – Possible Termination PAGE 23
Implementation - Technology • DLP – D t t movement of potential carriers Detect t f t ti l i – Copy to DLP archive • Steganography scan g g p y – Stego Suite – Examine files for potential covert content • M l Malware tools scan l – Gargoyle – Scan source workstations • Live Investigator – Consolidate findings into forensic documentation package k PAGE 24
DLP Configuration • Technology implementation should always be derived from security policies and procedures • Classified environment – Block and archive everything • Pharmaceutical company – Research area • Block and archive – Legal department • Log and archive – All other areas • Log only PAGE 25
DLP Architecture Policy set in ePO server to archive evidence files Evidence files Policy on endpoints collected in captures evidence files archive for steganalysis PAGE 26
Steganography Scan Configuration • Scan image files in evidence archive – Identify images as possible Steganography carriers • Identify workstations where images originated – S n workstations for steganography tools Scan o k t tion fo teg nog ph tool – Possibly scan for other malware tools • Initiate personnel actions, as necessary p , y – Capture evidence as part of forensic investigation • Continue digital investigation – Examine suspect files – Attempt to extract payload PAGE 27
Steganography Scan Architecture Scan image Scan Capture files f l in workstations k evidence as id evidence for malware part of archive tools forensic investigation PAGE 28
Evidence Archive Scan PAGE 29
Suspect Workstation Scan PAGE 30
Future – Stego Stomping • Server-level technology to filter outgoing e- mail • Modify all files to corrupt potential payload but leave carrier essentially intact – Essentially apply a randomized stego payload to every outgoing image • Proven for JPG formats – Other formats in development PAGE 31
Want to Learn More? • Classes – Steganography Investigator Training • November 11 - 12, 2008 - Fairfax, VA •DDecember 10 - 11 2008 - O li b 11, Online – Live Investigator Training • October 24 - 25, 2008 - Gaithersburg, MD – Hacking BootCamp for Investigators • October 23 - 25, 2008 - Gaithersburg, MD • November 18 - 21, 2008 - Vancouver, BC • December 16 - 18, 2008 - Houston, TX PAGE 32
Contact Us Corporate Headquarters: Allen Corporation of America Inc. p 10400 Eaton Place, Suite 450 Fairfax, VA 22030 (866) HQ - ALLEN (866) 472-5536 Bill Fanelli 571-321-1648 - bfanelli@allencorp.com Carlton Jeffcoat 571-321-1641 - cjeffcoat@allencorp.com www.AllenCorp.com www.WetStoneTech.com www WetStoneTech com A wholly owned subsidiary of Allen Corporation PAGE 33
Stego Suite™ P r o d u c t s Discovering The Hidden 000000000000001111111111111111111000000000000011100000111000001111111111100000000111111111000000011111111 000000101010101001010101010001010100101010100000001111111000010110100101010000000000000000000000111111111 111111111110000000000000000000111111111111111110000000000000000111111111111000000000000001111111111100000 000101010101010101010101010101010101010101010101000000100000001111111111110000000000000111111111000000000 000011111111111111000000000000001111111111100000000000011111111111110000000000011111110000000000111111111 111111111000000000001111111111110000000000000111111111111111100000000000111111111100000001111111111111111 111110000000000001010101010101010100101010010101011010101010101011010101010101010101010100101010010101100 000011011111001010101010101111111111000000010101010101010101010101010010101010101010010101010101000000000 000000000000011111111111111111111000000000000011111111111111111111000000000000101010101010101101010101010 101010101010101010101010101010101010101010100111111111100000000000011111111100000001111111111010100100101 010101010101010101010101010010101010100101010101001010101010101001010101010101010101001010101010101010101 010101010101001010101001010100000000011111111100000000011111111111100000011111000001111111000001010101001 I n v e s t i g a t i o n Stego Hunter™ Stego Watch™ Stego Analyst™ Stego Break™ 010010100101001010010101010111111111111000000000001111111111000000010101010101010101010101010101010101010 101010101010101010000001111111111111000001010101010101001010101010101010101010101010010101010010101010100 101010111111111111111111111111100000000000000000000000001111111111111111110000000000000111111111000000000 001111111111111100000000011111111111110101010101010101000000011111110000001111000101010100011100001111000 Identify Steganography Applications ■ Detect Presence of Hidden Messages ■ Analyze Image Characteristics ■ Reveal Vital Evidence 010111000000110101010101010101010101010101010101010101010101010010101010101010101100011100011110001111000 111000001111000001111100000001111000000001010101010101010100000001111111111100000000000101010101010100101 Stego Suite is comprised of four specialized products: Stego Hunter™, Stego Watch™, Stego Analyst™, and Stego Break™. This comprehensive suite of applications is designed to quickly identify, examine and analyze digital images and/or audio files for the presence of hidden information or covert communication channels. Detecting the presence of steganography is a tedious process; without advanced tools it is close to impossible to detect. Using Stego Suite investigators are able to utilize the latest algorithms for flagging suspicious files through a blind anomaly-based approach, examine files with image filters, analyze DCT coefficient histograms, and track palette manipulation with close color pairs, shortening investigation time drastically and allowing investigators to work specifically within the four tools provided in the suite. Key Features: System Recommendations: ▫ Rapid identification of known ▫ Microsoft Windows® 98 steganography programs ▫ 100 MB free disk space ▫ Flag suspicious files through blind anomaly-based approach ▫ 512 MB RAM ▫ State-of-the-art image and audio analyzer ▫ Pentium® III 1GHz processor D i g i t a l ▫ Crack and extract payloads from carrier License: files ▫ Single user license allows for installation ▫ Court ready investigator reports of entire suite ▫ Scan audio files, JPG, BMP, GIF, PNG ▫ Site licenses are available upon request and more Free software maintenance for one year from the date of purchase! Cornell Business and Technology Park · 20 Thornwood Dr., Suite 105 · Ithaca, NY 14850 1-877-WETSTONE · www.wetstonetech.com Copyright 2005-2008 WetStone Technologies All Rights Reserved
Gargoyle Investigator™ P r o d u c t s Enterprise Module Enterprise Malware Investigation 000000000000001111111111111111111000000000000011100000111000001111111111100000000111111111000000011111111 000000101010101001010101010001010100101010100000001111111000010110100101010000000000000000000000111111111 111111111110000000000000000000111111111111111110000000000000000111111111111000000000000001111111111100000 Internal 000101010101010101010101010101010101010101010101000000100000000001111111111111000000000000011111111100000 Investigation 000000001111111111111100000000000000111111111110000000000001111111111111000000000001111111000000000011111 111111111111100000000000111111111111000000000000011111111111111110000000000011111111110000000111111111111 111111111000000000000101010101010101010010101001010101101010101010101101010101010101010101010010101001010 110000001101111100101010101010111111111100000001010101010101010101010101001010101010101001010101010100000 Incident 000000000000000001111111111111111111100000000000001111111111111111111100000000000010101010101010110101010 Response 101010101010101010101010101010101010101010101010011111111110000000000001111111110000000111111111101010010 010101010101010101010101010101001010101010010101010100101010101010100101010101010101010100101010101010101 010101010101010100101010100101010000000001111111110000000001111111111110000001111100000111111100000101010 I n v e s t i g a t i o n 100101001010010100101001010101011111111111100000000000111111111100000001010101010101010101010101010101010 Enterprise 101010101010101010101000000111111111111100000101010101010100101010101010101010101010101001010101001010101 010010101011111111111111111111111110000000000000000000000000111111111111111111000000000000011111111100000 Reporting 000000111111111111110000000001111111111111010101010101010100000001111111000000111100010101010001110000111 100001011100000011010101010101010101010101010101010101010101010101001010101010101010110001110001111000111 100011100000111100000111110000000111100000000101010101010101010000000111111111110000000000010101010101010 Gargoyle Enterprise Module (GEM) provides corporate IT departments, incident response investigators, or organizations with large and complex networks, the ability to fight against malicious software within enterprise computing environments. GEM is designed to quickly target systems under investigation, collecting hashes of files found on suspect systems. The resulting collection is then analyzed by Gargoyle Investigator Forensic Pro, providing investigators significant details about each targets activities, motives, and intent. As enterprise networks continue to expand in numbers and geographic locations, investigators need a tool that will acquire forensic evidence from targets anywhere, anytime throughout the enterprise. Key Features: System Recommendations: ▫ Perform enterprise wide collection of ▫ Microsoft Windows® 2000 malicious code hashes on multiple targets simultaneously ▫ 230 MB free disk space ▫ Includes a single user license of Gargoyle ▫ 1 GB RAM Investigator™ Forensic Pro ▫ Pentium® III 1GHz processor D i g i t a l ▫ Dataset Creator™ - create and build your own categories for detection ▫ Gargoyle Investigator™ Forensic Pro ▫ Interoperates with popular forensic tools License: such as EnCase™ and FTK™ ▫ Enterprise license with 10 scan option, ▫ Timestamped enterprise discovery additional scans of 25, 50 and 100 are reports for each target suspected available Free software maintenance for one year from the date of purchase! Cornell Business and Technology Park · 20 Thornwood Dr., Suite 105 · Ithaca, NY 14850 1-877-WETSTONE · www.wetstonetech.com Copyright 2005-2008 WetStone Technologies All Rights Reserved
LiveWire Investigator™ P r o d u c t s On Demand Digital Investigation 000000000000001111111111111111111000000000000011100000111000001111111111100000000111111111000000011111111 000000101010101001010101010010101010010101010000000111111100001011010010101000000000000000000000011111111 111111111111000000000000000000011111111111111111000000000000000011111111111100000000000000111111111110000 Live Forensics 000010101010101010101010101010101010101010101010100000010000000000111111111111100000000000001111111110000 000000000111111111111110000000000000011111111111000000000000111111111111100000000000111111100000000001111 111111111111110000000000011111111111100000000000001111111111111111000000000001111111111000000011111111111 111111111100000000000010101010101010101001010100101010110101010101010110101010101010101010101001010100101 Remote Malware 011000000110111110010101010101011111111110000000101010101010101010101010100101010101010100101010101010000 Detection 000000000000000000111111111111111111110000000000000111111111111111111110000000000001010101010101011010101 010101010101010101010101010101010101010101010101001111111111000000000000111111111000000011111111110101001 001010101010101010101010101010100101010101001010101010010101010101010010101010101010101010010101010101010 101010101010101010010101010010101000000000111111111000000000111111111111000000111110000011111110000010101 eCrime I n v e s t i g a t i o n 010010100101001010010100101010101111111111110000000000011111111110000000101010101010101010101010101010101 010101010101010101010100000011111111111110000010101010101010010101010101010101010101010100101010100101010 101001010101111111111111111111111111000000000000000000000000011111111111111111100000000000001111111110000 000000011111111111111000000000111111111111101010101010101010000000111111100000011110001010101000111000011 eDiscovery 110000101110000001101010101010101010101010101010101010101010101010100101010101010101011000111000111100011 110001110000011110000011111000000011110000000010101010101010101000000011111111111000000000001010101010101 LiveWire Investigator is the ultimate tool for incident response, vulnerability assessment, compliance audits and criminal investigations. Quickly and inconspicuously exam live running computer systems, providing the ability to assess vulnerabilities, collect evidence directly from suspect computers, and perform enterprise-wide malware scans. LiveWire does not require pre-installed software deployed on target computers. The “command and control” of LiveWire can be on-site or remote, with any on-site operations controlled directly through the LiveWire application. Investigators can now rapidly and easily collect evidence on live running target systems from anywhere in the world. Key Features: System Recommendations: ▫ Live forensic discovery and triage of 25 or ▫ Microsoft Windows® 2000 or higher more “Live” target systems simultaneously ▫ 100 MB free disk space ▫ File system blueprinting ▫ 128 MB RAM ▫ Remote screenshots ▫ Pentium® III 1GHz processor ▫ Live drive and device captures D i g i t a l ▫ Physical and virtual memory imaging License: ▫ Integrated enterprise malware detection ▫ Single user license with the option to add ▫ Automated timestamped audit trail up to 50 and 100 simultaneous scans ▫ Site licenses are available upon request *Companion product LiveDiscover™ Free software maintenance for one year from the date of purchase! Cornell Business and Technology Park · 20 Thornwood Dr., Suite 105 · Ithaca, NY 14850 1-877-WETSTONE · www.wetstonetech.com Copyright 2005-2008 WetStone Technologies All Rights Reserved

Recommended

10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
Priyanka Aash
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
Infosec Train
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
Datto
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat Detection
Databricks
 

Recommended

10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
Priyanka Aash
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
Infosec Train
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
Datto
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat Detection
Databricks
 
Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 short
Ed Sim
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
Olivier Busolini
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
Paul Walsh
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
Dragos, Inc.
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness Training
Buy Custom Papers
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
CH Asim Zubair
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Gamification of Tabletop Exercises
Gamification of Tabletop ExercisesGamification of Tabletop Exercises
Gamification of Tabletop Exercises
Kelly Ohlert
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
RitamaJana
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
La cybersecurity e la protezione dei dati
La cybersecurity e la protezione dei datiLa cybersecurity e la protezione dei dati
La cybersecurity e la protezione dei dati
Vincenzo Calabrò
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
festival ICT 2016
 
Securing Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudSecuring Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the Cloud
Liwei Ren任力偉
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 

More Related Content

What's hot

Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 short
Ed Sim
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
Olivier Busolini
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
Paul Walsh
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
Dragos, Inc.
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness Training
Buy Custom Papers
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
CH Asim Zubair
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Gamification of Tabletop Exercises
Gamification of Tabletop ExercisesGamification of Tabletop Exercises
Gamification of Tabletop Exercises
Kelly Ohlert
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
RitamaJana
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
La cybersecurity e la protezione dei dati
La cybersecurity e la protezione dei datiLa cybersecurity e la protezione dei dati
La cybersecurity e la protezione dei dati
Vincenzo Calabrò
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
festival ICT 2016
 

What's hot (20)

Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 short
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Ransomware
RansomwareRansomware
Ransomware
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness Training
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Gamification of Tabletop Exercises
Gamification of Tabletop ExercisesGamification of Tabletop Exercises
Gamification of Tabletop Exercises
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
La cybersecurity e la protezione dei dati
La cybersecurity e la protezione dei datiLa cybersecurity e la protezione dei dati
La cybersecurity e la protezione dei dati
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
 

Viewers also liked

Securing Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudSecuring Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the Cloud
Liwei Ren任力偉
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
Intel - API Security & Tokenization
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)
Trustmarque
 
Steganography
SteganographySteganography
Steganography
sandeipz
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Netskope
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security Controls
Pace IT at Edmonds Community College
 
Steganography
Steganography Steganography
Steganography
Uttam Jain
 

Viewers also liked (8)

Securing Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the CloudSecuring Your Data for Your Journey to the Cloud
Securing Your Data for Your Journey to the Cloud
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)
 
Steganography
SteganographySteganography
Steganography
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security Controls
 
Steganography
Steganography Steganography
Steganography
 

Similar to The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content

Steganography.
Steganography.Steganography.
Steganography.
yprajapati
 
Stegnography final
Stegnography finalStegnography final
Stegnography final
Heena Bohra
 
Information Security, some illustrated principles
Information Security, some illustrated principlesInformation Security, some illustrated principles
Information Security, some illustrated principles
boskabout
 
steganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptxsteganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptx
AkashBhosale50
 
Steganography (Distributed computing)
Steganography (Distributed computing)Steganography (Distributed computing)
Steganography (Distributed computing)
Sri Prasanna
 
Stegnography final
Stegnography finalStegnography final
Stegnography final
Nikhil Kumar
 
Steganography ppt
Steganography pptSteganography ppt
Steganography ppt
OECLIB Odisha Electronics Control Library
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
Vincent Ohprecio
 
CSE steganography for data writing and reading
CSE steganography for data writing and readingCSE steganography for data writing and reading
CSE steganography for data writing and reading
misbanausheenparvam
 
Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)
Firdous Ahmad Khan
 
Steganography
SteganographySteganography
Steganography
Neha Sharma
 
Final2
Final2Final2
Final2
pooja pal
 
steganography
steganographysteganography
steganography
Manika Arora
 
Steganography
SteganographySteganography
Steganography
Madhani Harsh
 
digital stega slides
digital stega slidesdigital stega slides
digital stega slides
James Eglinton
 
Phd T H E S I Sproposal
Phd T H E S I SproposalPhd T H E S I Sproposal
Phd T H E S I Sproposal
guest6caaab
 
Steganography
SteganographySteganography
Steganography
PREMKUMAR
 
sharing the data using audio and image Steganography-
sharing the data using audio and image Steganography- sharing the data using audio and image Steganography-
sharing the data using audio and image Steganography-
Nikhil Praharshi
 
Digital preservation and institutional repositories
Digital preservation and institutional repositoriesDigital preservation and institutional repositories
Digital preservation and institutional repositories
Dorothea Salo
 
Steganography
SteganographySteganography
Steganography
ShriSailaxmiS
 

Similar to The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content (20)

Steganography.
Steganography.Steganography.
Steganography.
 
Stegnography final
Stegnography finalStegnography final
Stegnography final
 
Information Security, some illustrated principles
Information Security, some illustrated principlesInformation Security, some illustrated principles
Information Security, some illustrated principles
 
steganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptxsteganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptx
 
Steganography (Distributed computing)
Steganography (Distributed computing)Steganography (Distributed computing)
Steganography (Distributed computing)
 
Stegnography final
Stegnography finalStegnography final
Stegnography final
 
Steganography ppt
Steganography pptSteganography ppt
Steganography ppt
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
 
CSE steganography for data writing and reading
CSE steganography for data writing and readingCSE steganography for data writing and reading
CSE steganography for data writing and reading
 
Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)
 
Steganography
SteganographySteganography
Steganography
 
Final2
Final2Final2
Final2
 
steganography
steganographysteganography
steganography
 
Steganography
SteganographySteganography
Steganography
 
digital stega slides
digital stega slidesdigital stega slides
digital stega slides
 
Phd T H E S I Sproposal
Phd T H E S I SproposalPhd T H E S I Sproposal
Phd T H E S I Sproposal
 
Steganography
SteganographySteganography
Steganography
 
sharing the data using audio and image Steganography-
sharing the data using audio and image Steganography- sharing the data using audio and image Steganography-
sharing the data using audio and image Steganography-
 
Digital preservation and institutional repositories
Digital preservation and institutional repositoriesDigital preservation and institutional repositories
Digital preservation and institutional repositories
 
Steganography
SteganographySteganography
Steganography
 

Recently uploaded

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 

Recently uploaded (20)

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 

The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content

  • 1. Bill Fanelli Principal Architect Carlton Jeffcoat VP Allen Corporation of America Cyber Security Technologies Division The Message Within: Data Sheet g Extending DLP to target Steganography
  • 2. Steganography Discovering Critical Evidence - hidden in plain sight -
  • 3. Introduction • Data Leakage greatly concerns certain industries – High value intellectual property • Pharmaceutical formulas • Proprietary software algorithms p y g – Highly sensitive legal documents • Data Loss Prevention (DLP) explicitly prevents the l k th leakage of this data out of an organization. f thi d t t f i ti – DLP monitors the movement of tagged files and data with keyword content. – DLP technology is uniquely positioned to help with forensics efforts in identifying hidden message carriers. PAGE 4
  • 4. How to use DLP in Steganography Detection • DLP can monitor the movement of likely carrier files such as image and music files – DLP will copy these files to a forensic archive – Other tools can then scan these files for the presence of hidden data • This presentation will: – Describe these forensic procedures – Detail an implementation of the required workflow PAGE 5
  • 5. Definition • Steganography – Hiding the existence of the message • Vs. Cryptography – Ob Obscures the meaning of a message e me ning me ge – Does not conceal the fact that there is a message • Steganalysis g y – Detecting the presence of messages hidden using steganography • Legitimate uses of steganography – Digital Watermarking PAGE 6
  • 6. Steganography - Ancient Methods Wax Tablets • Demaratus of Ariston, exiled in Persia, received news that Xerxes was to invade Greece. • To get word to Sparta he Sparta, scraped the wax off writing tablets and carved a warning message in the wood. He h d then covered the wood with a fresh coat of wax. • The tablet was passed by the sentries without raising any suspicion. s spicion PAGE 7
  • 7. Steganography - Modern Methods Null Cipher Messages • The German Embassy in Washington, DC, y g , , sent these messages during World War I – Apparently neutral’s protest is thoroughly discounted and ignored Isman hard hit Blockade hit. issue affects pretext for embargo on by-products, ejecting suet's and vegetable oils • D Decoding the message by extracting the di h b i h second letter from each word reveals the actual message – PERSHING SAILS FROM N.Y. JUNE 1 PAGE 8
  • 8. Technical Steganography • Uses scientific methods to hide a message, g , such as the use of invisible ink or microdots • I 1941 th FBI discovered a Micro Dot In the di d Mi D t carried on a letter from a suspected agent – Micro Dot production p • Create a postage stamp sized secret message • Reduce this in size using a reverse microscope producing an image .05 inches in diameter – The dot was pressed onto a piece of paper Mark IV microdot camera using a hypodermic needle in place of a p period PAGE 9
  • 9. Simple Example Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
  • 10. Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
  • 11. Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
  • 12. Once upon a our poets eve With darkened sky’s and fallen leaves The raven came to call outside the door Time it said always flows through your life aid, s, and through the throws, running faster ever than before And if you wish to beat the game, to live a life of wealth and fame fame, then try to follow me forever more For here within the words it said Like a dream within your head A secret waits to lead you out the door Within a code that Bacon knew In letters just a bit askew The raven whispers secrets evermore!
  • 13. Concerns to Business • Data loss – Covert transmission of corporate IP • Pharmaceutical formulas • Proprietary software algorithms p y g – Highly sensitive legal documents • Hiding illicit activity – Non-job related activity that potentially puts the organization at risk • Gambling • Pornography • Credit card fraud • Terrorism PAGE 14
  • 14. How big is the problem? 600 Steganography Programs in the Wild 505 500 400 300 200 100 0 2001 2002 2003 2004 2005 2006 Today According to WetStone’s Chief Scientist Chet Hosmer • Where to find them – Neil Johnsons’ Steganography and Digital Watermarking web site • http://www.jjtc.com/Steganography/toolmatrix.htm – StegoArchive.com – Neil Johnsons’ Steganalysis web site g y • http://www.jjtc.com/Steganalysis/ PAGE 15
  • 15. Steganalysis Tools • For our discussions, we will reference the following steganalysis and malware detection g g y tools from Allen Corporation’s WetStone Technologies – Stego Suite – Gargoyle – Live Wire Investigator PAGE 16
  • 16. – Stego Suite • Stego Watch – Scan a file system and flag suspected files – Derived from the WetStone’s Steganography and Recovery Toolkit (S-DART) research project for US Air Force Research Laboratory – Exposes an API for researches and developers that allows for new research and steganography detectors • Stego Analyst – Imaging and analysis tool to identify visual clues that steganography is in use in both image and audio files • Stego Break – Obtain the pass p p phrase that has been used – Gargoyle • Hostile program detector with steganography dataset – Malware tool discovery over the network – Target at computers where suspect files originated PAGE 17
  • 17. Known Methods of Steganography Covert Channels Color 24-Bit LSB Palette Encoding Modification Encoding Algorithm g Modification Word Formatting Substitution Modification Data Appending PAGE 18
  • 18. Least Significant Bit Encoding • This is the most common steganographic method used with audio and image files • Used to overwrite – Legitimate RGB color codings or p g g palette p pointers in GIF and BMP files – Coefficients in JPEG files – Pulse Code Modulation in WAV files Individual Colors LSB Substitution Combined Color Before After RED 1 0 1 1 0 1 0 0 Before After GREEN 1 1 0 0 0 1 1 1 BLUE 1 1 1 0 0 0 0 0 PAGE 19
  • 19. Adding a Payload to a Carrier PAGE 20
  • 22. Implementation – Policy & Procedure • Use of these capabilities is driven by risk assessment and A t d Acceptable Use Policy t bl U P li – High risk • E.G., Government Classified, Corporate Legal, Research Lab g • Policy – Not Allowed • Technical Action – Block, Archive, Examine Content, Scan Source Computer • Personnel Action – Possible Termination – Medium Risk • E.G., Human Resources, Contracts, Software Development , , , p • Policy – Not Allowed • Technical Action – Log, Archive, Spot Investigations • Personnel Action – Possible Termination PAGE 23
  • 23. Implementation - Technology • DLP – D t t movement of potential carriers Detect t f t ti l i – Copy to DLP archive • Steganography scan g g p y – Stego Suite – Examine files for potential covert content • M l Malware tools scan l – Gargoyle – Scan source workstations • Live Investigator – Consolidate findings into forensic documentation package k PAGE 24
  • 24. DLP Configuration • Technology implementation should always be derived from security policies and procedures • Classified environment – Block and archive everything • Pharmaceutical company – Research area • Block and archive – Legal department • Log and archive – All other areas • Log only PAGE 25
  • 25. DLP Architecture Policy set in ePO server to archive evidence files Evidence files Policy on endpoints collected in captures evidence files archive for steganalysis PAGE 26
  • 26. Steganography Scan Configuration • Scan image files in evidence archive – Identify images as possible Steganography carriers • Identify workstations where images originated – S n workstations for steganography tools Scan o k t tion fo teg nog ph tool – Possibly scan for other malware tools • Initiate personnel actions, as necessary p , y – Capture evidence as part of forensic investigation • Continue digital investigation – Examine suspect files – Attempt to extract payload PAGE 27
  • 27. Steganography Scan Architecture Scan image Scan Capture files f l in workstations k evidence as id evidence for malware part of archive tools forensic investigation PAGE 28
  • 30. Future – Stego Stomping • Server-level technology to filter outgoing e- mail • Modify all files to corrupt potential payload but leave carrier essentially intact – Essentially apply a randomized stego payload to every outgoing image • Proven for JPG formats – Other formats in development PAGE 31
  • 31. Want to Learn More? • Classes – Steganography Investigator Training • November 11 - 12, 2008 - Fairfax, VA •DDecember 10 - 11 2008 - O li b 11, Online – Live Investigator Training • October 24 - 25, 2008 - Gaithersburg, MD – Hacking BootCamp for Investigators • October 23 - 25, 2008 - Gaithersburg, MD • November 18 - 21, 2008 - Vancouver, BC • December 16 - 18, 2008 - Houston, TX PAGE 32
  • 32. Contact Us Corporate Headquarters: Allen Corporation of America Inc. p 10400 Eaton Place, Suite 450 Fairfax, VA 22030 (866) HQ - ALLEN (866) 472-5536 Bill Fanelli 571-321-1648 - bfanelli@allencorp.com Carlton Jeffcoat 571-321-1641 - cjeffcoat@allencorp.com www.AllenCorp.com www.WetStoneTech.com www WetStoneTech com A wholly owned subsidiary of Allen Corporation PAGE 33
  • 33. Stego Suite™ P r o d u c t s Discovering The Hidden 000000000000001111111111111111111000000000000011100000111000001111111111100000000111111111000000011111111 000000101010101001010101010001010100101010100000001111111000010110100101010000000000000000000000111111111 111111111110000000000000000000111111111111111110000000000000000111111111111000000000000001111111111100000 000101010101010101010101010101010101010101010101000000100000001111111111110000000000000111111111000000000 000011111111111111000000000000001111111111100000000000011111111111110000000000011111110000000000111111111 111111111000000000001111111111110000000000000111111111111111100000000000111111111100000001111111111111111 111110000000000001010101010101010100101010010101011010101010101011010101010101010101010100101010010101100 000011011111001010101010101111111111000000010101010101010101010101010010101010101010010101010101000000000 000000000000011111111111111111111000000000000011111111111111111111000000000000101010101010101101010101010 101010101010101010101010101010101010101010100111111111100000000000011111111100000001111111111010100100101 010101010101010101010101010010101010100101010101001010101010101001010101010101010101001010101010101010101 010101010101001010101001010100000000011111111100000000011111111111100000011111000001111111000001010101001 I n v e s t i g a t i o n Stego Hunter™ Stego Watch™ Stego Analyst™ Stego Break™ 010010100101001010010101010111111111111000000000001111111111000000010101010101010101010101010101010101010 101010101010101010000001111111111111000001010101010101001010101010101010101010101010010101010010101010100 101010111111111111111111111111100000000000000000000000001111111111111111110000000000000111111111000000000 001111111111111100000000011111111111110101010101010101000000011111110000001111000101010100011100001111000 Identify Steganography Applications ■ Detect Presence of Hidden Messages ■ Analyze Image Characteristics ■ Reveal Vital Evidence 010111000000110101010101010101010101010101010101010101010101010010101010101010101100011100011110001111000 111000001111000001111100000001111000000001010101010101010100000001111111111100000000000101010101010100101 Stego Suite is comprised of four specialized products: Stego Hunter™, Stego Watch™, Stego Analyst™, and Stego Break™. This comprehensive suite of applications is designed to quickly identify, examine and analyze digital images and/or audio files for the presence of hidden information or covert communication channels. Detecting the presence of steganography is a tedious process; without advanced tools it is close to impossible to detect. Using Stego Suite investigators are able to utilize the latest algorithms for flagging suspicious files through a blind anomaly-based approach, examine files with image filters, analyze DCT coefficient histograms, and track palette manipulation with close color pairs, shortening investigation time drastically and allowing investigators to work specifically within the four tools provided in the suite. Key Features: System Recommendations: ▫ Rapid identification of known ▫ Microsoft Windows® 98 steganography programs ▫ 100 MB free disk space ▫ Flag suspicious files through blind anomaly-based approach ▫ 512 MB RAM ▫ State-of-the-art image and audio analyzer ▫ Pentium® III 1GHz processor D i g i t a l ▫ Crack and extract payloads from carrier License: files ▫ Single user license allows for installation ▫ Court ready investigator reports of entire suite ▫ Scan audio files, JPG, BMP, GIF, PNG ▫ Site licenses are available upon request and more Free software maintenance for one year from the date of purchase! Cornell Business and Technology Park · 20 Thornwood Dr., Suite 105 · Ithaca, NY 14850 1-877-WETSTONE · www.wetstonetech.com Copyright 2005-2008 WetStone Technologies All Rights Reserved
  • 34. Gargoyle Investigator™ P r o d u c t s Enterprise Module Enterprise Malware Investigation 000000000000001111111111111111111000000000000011100000111000001111111111100000000111111111000000011111111 000000101010101001010101010001010100101010100000001111111000010110100101010000000000000000000000111111111 111111111110000000000000000000111111111111111110000000000000000111111111111000000000000001111111111100000 Internal 000101010101010101010101010101010101010101010101000000100000000001111111111111000000000000011111111100000 Investigation 000000001111111111111100000000000000111111111110000000000001111111111111000000000001111111000000000011111 111111111111100000000000111111111111000000000000011111111111111110000000000011111111110000000111111111111 111111111000000000000101010101010101010010101001010101101010101010101101010101010101010101010010101001010 110000001101111100101010101010111111111100000001010101010101010101010101001010101010101001010101010100000 Incident 000000000000000001111111111111111111100000000000001111111111111111111100000000000010101010101010110101010 Response 101010101010101010101010101010101010101010101010011111111110000000000001111111110000000111111111101010010 010101010101010101010101010101001010101010010101010100101010101010100101010101010101010100101010101010101 010101010101010100101010100101010000000001111111110000000001111111111110000001111100000111111100000101010 I n v e s t i g a t i o n 100101001010010100101001010101011111111111100000000000111111111100000001010101010101010101010101010101010 Enterprise 101010101010101010101000000111111111111100000101010101010100101010101010101010101010101001010101001010101 010010101011111111111111111111111110000000000000000000000000111111111111111111000000000000011111111100000 Reporting 000000111111111111110000000001111111111111010101010101010100000001111111000000111100010101010001110000111 100001011100000011010101010101010101010101010101010101010101010101001010101010101010110001110001111000111 100011100000111100000111110000000111100000000101010101010101010000000111111111110000000000010101010101010 Gargoyle Enterprise Module (GEM) provides corporate IT departments, incident response investigators, or organizations with large and complex networks, the ability to fight against malicious software within enterprise computing environments. GEM is designed to quickly target systems under investigation, collecting hashes of files found on suspect systems. The resulting collection is then analyzed by Gargoyle Investigator Forensic Pro, providing investigators significant details about each targets activities, motives, and intent. As enterprise networks continue to expand in numbers and geographic locations, investigators need a tool that will acquire forensic evidence from targets anywhere, anytime throughout the enterprise. Key Features: System Recommendations: ▫ Perform enterprise wide collection of ▫ Microsoft Windows® 2000 malicious code hashes on multiple targets simultaneously ▫ 230 MB free disk space ▫ Includes a single user license of Gargoyle ▫ 1 GB RAM Investigator™ Forensic Pro ▫ Pentium® III 1GHz processor D i g i t a l ▫ Dataset Creator™ - create and build your own categories for detection ▫ Gargoyle Investigator™ Forensic Pro ▫ Interoperates with popular forensic tools License: such as EnCase™ and FTK™ ▫ Enterprise license with 10 scan option, ▫ Timestamped enterprise discovery additional scans of 25, 50 and 100 are reports for each target suspected available Free software maintenance for one year from the date of purchase! Cornell Business and Technology Park · 20 Thornwood Dr., Suite 105 · Ithaca, NY 14850 1-877-WETSTONE · www.wetstonetech.com Copyright 2005-2008 WetStone Technologies All Rights Reserved
  • 35. LiveWire Investigator™ P r o d u c t s On Demand Digital Investigation 000000000000001111111111111111111000000000000011100000111000001111111111100000000111111111000000011111111 000000101010101001010101010010101010010101010000000111111100001011010010101000000000000000000000011111111 111111111111000000000000000000011111111111111111000000000000000011111111111100000000000000111111111110000 Live Forensics 000010101010101010101010101010101010101010101010100000010000000000111111111111100000000000001111111110000 000000000111111111111110000000000000011111111111000000000000111111111111100000000000111111100000000001111 111111111111110000000000011111111111100000000000001111111111111111000000000001111111111000000011111111111 111111111100000000000010101010101010101001010100101010110101010101010110101010101010101010101001010100101 Remote Malware 011000000110111110010101010101011111111110000000101010101010101010101010100101010101010100101010101010000 Detection 000000000000000000111111111111111111110000000000000111111111111111111110000000000001010101010101011010101 010101010101010101010101010101010101010101010101001111111111000000000000111111111000000011111111110101001 001010101010101010101010101010100101010101001010101010010101010101010010101010101010101010010101010101010 101010101010101010010101010010101000000000111111111000000000111111111111000000111110000011111110000010101 eCrime I n v e s t i g a t i o n 010010100101001010010100101010101111111111110000000000011111111110000000101010101010101010101010101010101 010101010101010101010100000011111111111110000010101010101010010101010101010101010101010100101010100101010 101001010101111111111111111111111111000000000000000000000000011111111111111111100000000000001111111110000 000000011111111111111000000000111111111111101010101010101010000000111111100000011110001010101000111000011 eDiscovery 110000101110000001101010101010101010101010101010101010101010101010100101010101010101011000111000111100011 110001110000011110000011111000000011110000000010101010101010101000000011111111111000000000001010101010101 LiveWire Investigator is the ultimate tool for incident response, vulnerability assessment, compliance audits and criminal investigations. Quickly and inconspicuously exam live running computer systems, providing the ability to assess vulnerabilities, collect evidence directly from suspect computers, and perform enterprise-wide malware scans. LiveWire does not require pre-installed software deployed on target computers. The “command and control” of LiveWire can be on-site or remote, with any on-site operations controlled directly through the LiveWire application. Investigators can now rapidly and easily collect evidence on live running target systems from anywhere in the world. Key Features: System Recommendations: ▫ Live forensic discovery and triage of 25 or ▫ Microsoft Windows® 2000 or higher more “Live” target systems simultaneously ▫ 100 MB free disk space ▫ File system blueprinting ▫ 128 MB RAM ▫ Remote screenshots ▫ Pentium® III 1GHz processor ▫ Live drive and device captures D i g i t a l ▫ Physical and virtual memory imaging License: ▫ Integrated enterprise malware detection ▫ Single user license with the option to add ▫ Automated timestamped audit trail up to 50 and 100 simultaneous scans ▫ Site licenses are available upon request *Companion product LiveDiscover™ Free software maintenance for one year from the date of purchase! Cornell Business and Technology Park · 20 Thornwood Dr., Suite 105 · Ithaca, NY 14850 1-877-WETSTONE · www.wetstonetech.com Copyright 2005-2008 WetStone Technologies All Rights Reserved