Many companies are unable to effectively prevent data exfiltration and data theft. According to Exeon, the most common causes of such exposure of confidential and private data are cyberattacks and human error. NDR and machine learning are powerful tools against data exfiltration.
Only timely detection of vulnerabilities and cyberattacks can prevent data from being exfiltrated and then published by malicious actors or used to obtain ransoms. The increasing complexity of networks and application environments is making it increasingly difficult for companies to reliably prevent exfiltration.
Many gateways – mostly due to security gaps
The main problem is that intruders can exploit a variety of vulnerabilities to collect and illegally transmit data using protocols such as DNS, HTTP(S), FTP and SMB. For example, the MITER ATT&CK Framework describes numerous patterns of data exfiltration attacks. Still, staying current with every change in protocols and infrastructure is a huge challenge, making comprehensive security monitoring even more complex. According to Exeon, what is required is an individual analysis based on data volume, specific to devices or networks, with adjusted thresholds to increase effectiveness.
Easy detection despite complex environments
Network Detection and Response (NDR) solutions can make this happen as they enable practical monitoring of relevant network communications, thereby acting as a basis for comprehensive data exfiltration monitoring. This also includes internal communications, as some attackers transfer data directly externally, while others use special internal exfiltration hosts.
The introduction of machine learning algorithms offers several advantages for data exfiltration detection
- Acquisition of knowledge about the communication patterns of data traffic and the upload/download behavior of servers and end devices, which is an important basis for detecting anomalies.
- Automated setting of appropriate thresholds for different clients, servers and networks.
- Detect deviations from learned volume patterns, uncovering suspicious data transfers whether they occur internally or involve exchanges between internal and external systems.
- Using scoring systems to quantify unusual data points, making connections with other systems to evaluate the data, and generating reports for inconsistencies found.
ML-based NDR solutions like ExeonTrace provide a holistic and insightful approach to detecting unusual network behavior and sudden peaks in data transmission. Using machine learning, such solutions enable rapid anomaly detection when analyzing data volumes or covert channels. With this proactive approach, NDRs can identify the earliest indicators of an intrusion, often well before data exfiltration occurs. ExeonTrace integrates seamlessly into existing infrastructure, eliminating the need for additional hardware.
More at Exeon.com
About Exeon Exeon Analytics AG is a Swiss cybertech company that specializes in protecting IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the opportunity to monitor networks, detect cyber threats immediately and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based.