Digital content informs and facilitates every single aspect of business. We create and consume this content in innumerable ways, from our dependency on email to receive and send critical information and documents, to job application portals and shared storage services in the cloud.
Therefore, it’s little wonder that digital content has become such a popular vehicle for cyber criminals for both getting threats into and information out of an organisation. Criminals are increasingly pursuing sophisticated techniques to infect content, including the use of zero-day and undetectable threats. Just this month, researchers discovered a new malware infiltration technique being used in the wild that allows attackers to trigger payloads when victims preview documents.
Similarly, once in the organisation, cyber criminals are also using content as a means of exfiltrating information. Indeed, Deep Secure researchers have demonstrated that attackers could use commands delivered over Twitter to steal more than 300,000 credit card details by concealing them into just 50 images – all while completely avoiding detection. The risk posed by content is presented at every turn and nowhere more so than with corporate access to the Internet via Web browsing and social media.
Achieving end-to-end defences
Whether an employee, a supply chain partner or a customer, every stakeholder in a business needs to know that the content they are engaging with is digitally pure and threat-free. However, security teams have a tough job keeping pace with a dynamic and highly developed threat landscape, and with cyber criminals who innovate faster than most Fortune 500 companies.
Traditional network defence solutions are no match for threats concealed in content – whether achieved through steganography, where information is encoded into an image, or the practice of using polymorphic files that continuously mutate to avoid detection. Once the preserve of nation-state intelligence agencies, these techniques have now descended down the security supply chain. Digital content is now routinely embedded with known, zero-day and even totally undetectable threats.
Faced with the new and imaginative ways cyber criminals are discovering to infiltrate malware or exfiltrate high vale data, there’s mounting pressure on the industry. Given the sheer amount of content consumed by organisations, the old cyber security mantra of “95 per cent secure” is just not good enough.
Mitigating the end-to-end content threat mandates that best of breed technologies work seamlessly together. It is critical that security experts join forces to address today’s greatest challenges and close the gap in the market for defeating both detectable and undetectable threats. That’s why we’ve partnered with McAfee to secure all Web content. Working as part of a connected security ecosystem – combining diverse expertise and solutions for stronger protection – making it impossible for hackers to break through. Indeed, the integration of these technologies shows what can be achieved when security experts join forces.
Securing the entire journey
With threats in content rife, leaving malicious elements at the door is critical to the security of business networks. When it comes to the Web, the first step for the McAfee Web gateway is to authenticate access, apply acceptable usage policies, perform URL filtering and run anti-virus checks for known malware.
However, with many undetectable threats now being concealed in content to avoid traditional detection methods, it is important to also have a solution that does not attempt to determine whether a piece of content is good or bad. Accordingly, the McAfee Web gateway hands the business content to Deep Secure’s Content Threat Removal technology.
Content Threat Removal (CTR) doesn’t attempt to detect threats. Instead it transforms every piece of content handed to it by the McAfee Web Gateway, whether it is entering or leaving the organisation, rendering it 100 per cent threat-free. During the content transformation, only the valid business information is extracted from the content, the original – and any inherent threat – is then discarded and a wholly new piece of content is created, which outwardly looks identical to the original document, while eliminating all the potential hidden threats. At this stage, CTR hands the clean document back to the Web Gateway, which presents it to the intended recipient.
Keep it in the right hands
Managing the business risk inherent in compromised content is not just about stopping potentially malicious threats from coming in, it’s about ensuring that the content and information you have remains in the right hands. Indeed, McAfee previously identified that insiders were responsible for more than 40 per cent of data breaches.
In some cases, the threat is greatest when it comes from an insider intent on deliberately exfiltrating the content. While data loss protection tools can help, they cannot do anything to combat the loss of valuable data concealed in images using steganography and sent out, for example via webmail accounts through the Web gateway. Last year, for example, workers at General Electric were caught stealing information about the designs of turbines, with allegations that this information was then going to being sent on to the Chinese government. In this example, the alleged spies were using steganography, to conceal the information that they wanted to steal within images.
In this scenario, CTR frustrates insiders at the final hurdle: it completely strips out the hidden information in any image leaving the network. By preventing criminals from concealing the information in images, it forces them to try other routes to exfiltrate it in plain sight. This, when applied in conjunction with Data Loss Prevention technologies, can prevent the theft and help identify the culprits.
A new age of cyber security
Today’s threats are larger and more complex than any one vendor can solve. We have to assume that cyber criminals are better at attacking than we are at defending, exploiting the cracks in an organisation’s security posture. That is why security vendors can no longer operate in isolation nor present themselves as “the answer” to businesses’ cyber risk.
The most effective defences are created when vendors work together to develop an ecosystem that assures the end-to-end security of business processes – and the content that informs them. When it comes to the threat posed by content carried over the web and social media, I truly believe collaboration is key to bringing in a new age of cyber security.
Daniel Turner, CEO of Deep Secure
- We’ve also highlighted the best antivirus to help protect your systems from the latest cyber threats