Detect and Prevent Through Investigation


Data exfiltration presents a significant risk to organizations of all sizes.

In fact, in a 2014 report titled, “Exposing the Cybersecurity Cracks: A Global Perspective,” by the Ponemon Institute, data exfiltration was ranked as the second most feared attack type among security professionals.

While data exfiltration is well-known to the security industry, many executives have little understanding of what data exfiltration is and why it is so important to protect against it.

In 2015, there were more than 169 million breached records across the globe – a number that consistently rises each year. Many organizations have turned to security automation to prevent exfiltration attempts.


What is Data Exfiltration?

Data exfiltration is referred to be a number of names. It is also commonly known as data theft and data extrusion. In short, data exfiltration is the unauthorized transfer of data from one network location to a recipient. Typically, this recipient is a nefarious organization or hacker attempting to steal data. In short, it is a form of security breach that generally occurs when an intruder is able to gain access to systems without authorization, and steal the data that is stored there.


Part of what makes data exfiltration so dangerous is that it can be automated or conducted manually or remotely. This means that data exfiltration is not only an external risk but an internal one as well.


It has been a serious problem for small and large companies alike. Recently, HBO suffered the effects of data exfiltration when hackers were able to gain access to their systems and leak detailed scripts from the upcoming Game of Thrones season. This was not the first time that HBO had suffered a hack. Many of the large, well-known hacks have been data exfiltration operations.


How does Data Exfiltration work?

The most common way for hackers to gain access to systems is through social engineering. The most common way to achieve this is to trick an employee, with authorized access to those systems, to enter their login details. Typically they redirect a legitimate employee to a website that is designed to mimic the system that they hope to gain access to. This is called “phishing.” Phishing is one of the most common social engineering strategies in data exfiltration attempts. This is one of many ways that malicious external sources can attempt to steal data. It is also why they are so hard to protect against. Many successful data exfiltration attempts were unknowingly facilitated by someone within the company. It is also why security automation has become a critical tool in stopping data theft, as identifying these types of breaches can be difficult.


Role of Security Automation

Companies often have a hard time accepting automation in security processes. There are a few reasons for this. They may fear change in such a critical and important part of their business. They may not trust automation entirely yet, especially among the Baby Boomer generation. They may resent the loss of control. Despite these reasons, the industry is swiftly moving toward more automated processes, specifically in their dealing with data exfiltration.


One of the biggest reasons for this is that data exfiltration can be tough to identify. Often, security professionals spend a lot of their time combing through false positives and flagged logs in old, archaic SIEM software. This leads to a lot of overlooked suspicious behavior and chasing down false-positives. Having some automated processes in place to help with the identification of data exfiltration alone can be a huge benefit in that time that it saves.


Security automation not only increases efficiency, it also provides fewer errors in general. Even the most experienced IT professionals can make mistakes when they are tired. Cybersecurity automation allows high-risk threats to be identified as they happen. This allows security techs to respond quickly and confidently to these issues and mitigate damage before it occurs.


Security Automation in the Context of Security Orchestration

Security Automation should be viewed in the context of a broader Security Orchestration solution that bridges the gap between alert overload and analyst capacity.  Even the most advanced automation systems filter only a percentage of security alerts that register on a company’s network. It is important to recognize that automation alone is not the answer. As part of the broader solution, we aim to strike a balance between automated workflow and human intervention to drive the optimal response throughout the orchestration process.


Executed effectively, an orchestration platform creates the integrated fabric across the security footprint bringing simplicity, context, and efficiency throughout security operations and incident response.


Security Automation Will Become Integral to Security Operations’ Necessity

As the methods employed by nefarious parties become more sophisticated, the tools that companies use to secure their networks must exceed that sophistication. While the old methods of monitoring SIEM solutions still work to some extent, it will become increasingly difficult for security professionals to sift through logs on their own to identify problems. Security automation provides fast, reliable detection of threats that are free from human error. Using security automation systems has been proven to improve response time, decrease false-positives in threat detection, and streamline processes for cybersecurity teams.