Extrusion detection is a technology that promises to detect intentional and accidental data leakage from a corporation. Gateway-based extrusion detection software (EDS) products scan outgoing email, web, and IM traffic for confidential information and either alert or block if confidential information is transmitted outside the corporation. One problem with conventional gateway EDS systems is that they cannot scan compressed and/or encrypted files/content.
Therefore, if a determined attacker compresses and/or encrypts a file on his desktop before attaching it to an email, the EDS system will be unable to detect (when it scans the email at the gateway) that sensitive data is being leaked. Similarly, if a user encrypts a file before copying it to a thumb-drive, CD-ROM, or other such local media, conventional desktop EDS systems will be unable to detect that transfer of potentially sensitive data.
The current technique for addressing this issue is to simply block all encrypted/compressed files from leaving the gateway. This solution is problematic, as it incurs a high false positive rate and restricts legitimate outgoing encrypted/compressed content.
What is needed, therefore, are techniques that allow extrusion detection systems to detect and interrogate obfuscated content.