Network traffic analysis for IR: Data exfiltration

Introduction

Understanding behavior is a prerequisite for developing effective incident detection and response capabilities. ESG research has found that 87 percent of companies use Network Traffic (NTA) tools for threat detection and response capabilities, and 43 percent say that NTA is their first line of defense for that purpose.

Network communication is one of the channels that cybercriminals use for data exfiltration. They can use HTTP or FTP to send files in order to trick (IR) teams analyzing network traffic into thinking that the communication taking place is legitimate. The , alternatively, can use the to mask location and traffic.

The IR teams working in a Security Operation Center (SOC) are always ready to counter data exfiltration using NTA tools and other prevention techniques. In this article, we will learn about data exfiltration, how hackers steal your data, how dangerous data exfiltration is, exfiltration distribution techniques, malicious tactics used to increase sophistication and potential remedies to thwart data exfiltration.

What is data exfiltration?

Data exfiltration is the act of illegally transferring critical data and/or information from a targeted network to the hideouts of the cyber pests. Detecting data exfiltration is a daunting task,

Read More: https://resources.infosecinstitute.com/topic/network-traffic-analysis-for-ir-data-exfiltration/