Data infiltration, such as hacking, and “exfiltration,” or the unauthorized transfer of information, continue to be two of the biggest cyber threats faced by the defense sector today, as evidenced by a recent joint FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency report.
So-called zero-day attacks are especially detrimental because organizations are unaware of the vulnerability prior to the attack and therefore have zero days to address or patch the flaw.
Exfiltration can manifest itself in an accidental disclosure of internal data, the unintentional spreading of illicit content, or the spreading of malware by a disgruntled employee, nefarious actors or even a dangerous nation state.
While infiltration typically appears in the form of malware, ransomware, or other malicious payloads, it can also include the infiltration of illicit content, which has the potential to place an organization in the cross hairs of a major lawsuit.
Government agencies have the added challenge of securing information moving between classified and unclassified networks. It is crucial to ensure both the continuity of business processes as well as the security of file-based transfers across different security domains, but this poses an inherent challenge.
As malicious actors evolve, even sophisticated organizations are vulnerable to zero-day attacks if they do not include filtering as part of their cybersecurity efforts. The risk is compounded further when matters of national security are at stake. That is why NSA’s National Cross Domain Strategy & Management Office’s “Raise the Bar” specification mandates filtering complex document types multiple times before they can be moved from one location to another.
In the cyber realm, a single filter can be applied to meet a specific need. Alternatively, multiple filters of similar or different natures can be combined to thwart infiltration or exfiltration threats. Additional layers of security help to raise an organization’s overall cyber assurance level and the combination of different cyber complex file filters can transform an adequate layered cyber architecture into a strong cyber fortress.
Benefits of single-pass integrated file filtering
Alongside the uptick in malware and ransomware attacks, there has been an increased prevalence of illicit content entering organizations. Illicit content can be anything from back-channel communications from untrusted organizations or actors to documents which have had illicit content hidden within them. The illicit content could be hidden in a cropped image, embedded in an Excel file, or camouflaged as an mp4 in a PowerPoint file, any of which could pose just as significant of a threat to an organization as malware or ransomware.
Enter integrated single-pass filtering, which enables organizations to search for and eliminate illicit content, malware, ransomware, and other bad file-based payloads in a single pass rather than using separate products.
Given the time-sensitive and critical nature of operations at government agencies with national security systems, organizations should seek out integrated single pass solutions that include the capability to also cleanse the infected documents without causing significant interruption to the organization’s daily operations. For instance, an integrated single pass filter that automatically redacts or eliminates content that is potentially harmful prior to sending the file on its way, is more beneficial than one that just quarantines the file once the risk has been identified.
Integrated single pass filtering complements a next generation zero-trust security architecture, or ZTA. While the move to zero-trust will deliver benefits to the future of computing in the cloud and on premise, it is far from a universal antidote to cyber-attacks. ZTAs employ layers just like any other good cyber architecture. However, the assumption that your data is safe once it is inside the ZTA is inaccurate. Filtering for malware, ransomware, viruses, and illicit content is still necessary. Data needs to be pristine before entering a zero-trust architecture and filtered for potential exfiltration prior to exiting the environment.
There is no environment that is 100% cyber safe. In the instance of a breach, organizations should consider how they will be able to immediately contain the spread and eliminate the infiltrator. This is where filtering comes into play. Real-time filtering as part of the ZTA’s policy decision point framework is a strategic and secure approach that will improve an agency’s cybersecurity posture without disrupting daily operations.
While basic filtering for malware or ransomware helps to keep a network safer, it may be letting in illicit or unwanted content. For organizations that already employ filtering, it is an opportune time to re-assess how they might benefit by adding integrated single pass filtering to their cyber architecture.
When necessary, security teams may benefit from consulting with industry security experts and procuring technologies that help to reduce their workload to free up time and resources, thus enabling them to step back, assess, and reconfigure their security practices. Agencies will find that single-pass integrated file filtering will quickly become a core component of their cyber architecture, significantly reducing the likelihood of data infiltration or exfiltration, saving time for agency IT personnel, and protecting mission-critical national security information.
By John Meyer, Vice President and General Manager of Arcfield Software Ventures