Extrusion prevention, also called exfiltration prevention, is the practice of stopping data leaks by filtering outbound network traffic and preventing unauthorized packets from moving outside the network. In contrast, extrusion detection simply alerts the existence of a problem that should be investigated.
Network administrators responsible for maintaining data securely face unprecedented challenges when it comes to controlling the flow of proprietary data across both private and public networks. A catastrophic data breach involving proprietary information can have a substantial negative impact on an organization's market share, brand, financial health and ability to remain compliant with legal mandates.
Data loss prevention (DLP) software, which combines sophisticated network monitoring systems with real-time packet filtering, uses business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data that could put the organization at risk. In addition to being able to monitor and control endpoint activities, DLP tools can filter data streams on the corporate network and prevent unauthorized data in motion from being extruded.
Currently, there are several broad approaches to extrusion prevention. They include:
- sniffers that monitor files moving across a network. Some sniffers can be configured to look for particular types of data, such as personally identifiable information (PII), and prevent it from being transferred outside a proprietary network.
- Sophisticated algorithms that are used by network anomaly detection (NBAD) or network behavior analysis (NBA) software can identify and stop data transfers that occur outside the normal pattern of operations.
- Cloud access security broker (CASB) gateways that sit between the enterprise and a cloud service provider can be configured to inspect data that is streaming into and out of cloud applications. CASBs can prevent data leak by enforcing enterprise DLP policies pertaining to encryption, access, authentication and authorization.
- Intent-based networking that abstracts and automates business requirements for transporting outbound data can take into consideration the application, the user and the user's device when preventing authorized outbound data.
Continue Reading About extrusion prevention
- Charles Thompson explored the use of extrusion prevention software to deal with internal security threats in school systems.