Easy to make and difficult to remove, steganographic attacks are a serious threat – as the IT/OT security experts at Opswat point out.
As Opswat’s senior technical program manager Vinh Lam explains, Opswat’s Deep Content Disarm and Reconstruction (Deep CDR) technology – available in MetaDefender – protects against malware hidden in images – messages concealed ‘in plain sight’ within other messages, as it were, that can steal data.
Free, easily available software like 1-2 Steganography, OpenStego, and QuickStego have made creating steganographic attacks embedded in images can be done in a few minutes with a few bits of Python code.
The Opswat technology difference
Opswat’s MetaDefender Deep CDR works by inspecting profiles, metadata and pixels, thereby ensuring data is sanitised by internally deconstructing and removing elements that don’t match file type standards. Then it reconstructs the files for full usability. It can use recursive sanitisation to check every object in a PDF, for instance.
At pixel level, Opswat removes data that could contain part of a malicious payload and has been unused, adding random noise to the pixels to disrupt malware operations. Structured metadata is also removed, improving privacy as well as security against trojans.
Many anti-malware scanning tools can struggle to detect data that’s been embedded at the bit or pixel level, but Opswat MetaDefender Deep CDR delivers an alternative, zero-trust based method of detecting malicious code that’s been hidden in image files.
Benefits for Opswat partners
With MetaDefender, customer and partner organisations alike can be better protected from cyber security threats in data – whether the source of an attack is web, email, portable media or the endpoint. Opswat multiscanning boasts simultaneous deployment of over 30 anti-malware engines.
Organisations typically struggle to track and secure the full plethora of data transfer channels, any of which could expose them to security challenges.
And when you’re talking about large enterprises with thousands of workers or critical infrastructure in the public or private sectors, the risk goes beyond reputation issues, financial loss and customer relationships to potential for damage that ripples across a whole economy.
At the same time, any file or application can be infected, which is why Opswat bases its sophisticated cybersecurity portfolio on zero trust. This means assuming all files are infected and rebuilding them accordingly.
At QBS, we stand behind the approach. Get in touch today to learn how you can enhance threat prevention, protection and compliance with Opswat, without relying on detection as your primary defence.
( Photo by Jonathan Kemper on Unsplash )