|Applies To||RSA Product Set: Security Analytics, NetWitness|
O/S Version: EL6
|Tasks||This article provides general information about steganography (including null cipher) detection in both Security Analytics and NetWitness for packets.|
|Resolution||It is not possible to "detect" steganography so much as it is to detect statistical anomalies/outliers in the composition of the file. Steganography requires statistical analysis. By design, both Security Analytics and Netwitness (for packets) perform on-the-wire packet decoding using BPF (Berkley Packet Filtering). Security Analytics does not perform statistical analysis of this type. |
At the time of this writing (SA 10.5), steganography is not a feature of Security Analytics or NetWitness.
Steganography is a form of encryption. It works by replacing bits of unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with other bits of invisible information. (Typically this is done in plaintext, but may also be cipher text or images.)