More Than Meets the Eye


This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."

Download it now to read this article plus other related content.

Hidden Value
While most of attention on stego is focused on nefarious behavior, there are some legitimate applications. They aren't being widely applied, but their use is growing.

The most obvious use is to protect intellectual property and trade secrets, for example, when executives are traveling abroad. It's good practice to assume that all communications—emails, phone and instant messaging— are being watched and analyzed at all times. If this sounds paranoid, consider the limited infrastructure in many countries that makes it feasible to monitor the relatively few ingress and egress points.

Even crypto isn't foolproof. For example, if an executive conducting negotiations sends a short message, this could indicate that his company received what they wanted—or maybe the deal is simply dead. However, if there are 50 encrypted messages back and forth, it probably means they are working on an alternative plan, or that negotiations have hit a snag.

In this kind of situation, stego is the perfect alternative, hiding sensitive information within innocuous communications. For example, our traveling executive could use stego to hide business messages in his daily video conference with his family.

What You Don't See Can Hurt

    Requires Free Membership to View

In the past, stego has primarily been used by criminals to evade law enforcement, but it's increasingly used by malicious insiders to steal information that could cost your company millions of dollars.

On the other hand, stego can also be used to protect an organization's critical trade secrets and increase the security of existing security devices.

You are already investing time, money and personnel to secure your company's critical data. If you ignore the risks of stego, your best efforts may be undermined.


This was first published in November 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: