Enterprises traditionally rely on Data Loss Protection (DLP), SASE and SSE solutions to stop data exfiltration, especially in today’s age of insider threats and corporate espionage. However, the SquareX team has discovered that attackers are using what we call Data Splicing Attacks — a new class of data exfiltration techniques that completely bypass these solutions by exploiting architectural vulnerabilities in the browser. With these techniques, adversaries can smuggle out any file or content. 

In this webinar, SquareX researcher Audrey Adeline will dissect the architectural flaws in endpoint and proxy-based DLP, showcase live bypass demos and cover how enterprises can stop these attacks with browser-native security. 

DLP Landscape, Tooling Architecture & Limitations

• Overview of agent-based endpoint solutions (EDLP) and proxy-based solutions, and their architectural limitations

DLP Complexities in the Browser

• The heterogeneity of browser activities 
• Data access paths, identities and data complexities

Live Demos

• Live demonstrations of different techniques, including Data Sharding, Ciphering, Transcoding and Smuggling via Alternate Communication Channels

Industry Recommendations

• Recommendations for Gartner, enterprises and security teams

Q&A 

Researcher, SquareX

Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. She is passionate about furthering cybersecurity education and has run multiple workshops with Stanford University and Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital and graduated from the University of Cambridge with a degree in Natural Sciences.