Network Egress: How to Protect Your Company From Unwanted Data Breaches

Network Egress: How to Protect Your Company From Unwanted Data Breaches

Kory Underdown
July 5, 2022

Look there, in the sky! Is it a bird? A plane? No…it’s network egress!

Just kidding…you won’t find network egress in the sky (even though it kind of sounds like a type of bird, right?), but you will find it in your company. 

Network egress or data egress refers to data leaving a network, often through email, loading web pages via DNS, cloud storage, etc.  Data breaches via network egress affect over 90% of organizations that are using or are connected to a network—a.k.a. nearly all of them. Most of these attacks are the result of internal issues (that are usually avoidable) such as carelessness, ignoring security rules, falling for phishing schemes, and so on. 

Companies are becoming more decentralized with the rise of hybrid and remote work, and with this change comes increased concerns about network egress. Because of this, it’s important for organizations to find new solutions to stop data theft at the source. 

Here’s everything you need to know about network egress to protect your company. 

How network egress works

All networks have an entrance and an exit point for data. When data enters the network it’s called ingress, and when data leaves the network it’s called egress

How does data egress happen?

Network egress is a normal part of network activity. In fact, you probably participated in network egress today! The challenge with network egress is reached when an unauthorized party tries to take information or gain access to proprietary systems.

You might be surprised by how common data egress is, because it’s tied to activities that workers do in their everyday, including:

  • Transferring files via FTP/HTTP
  • Using cloud storage for your work documents
  • Sending external emails 
  • Uploading documents to the web
  • Transferring information to devices like USBs and external hard drives
  • Even common DNS traffic for website IP lookups is a form of egress

See how easy it is to put company data at risk? 😬 If it doesn’t worry you at least a little bit, it should. Keep reading to find out how you can prevent harmful network egress. 

Who is vulnerable to network egress attacks?

Bad news for companies hoping that network egress attacks aren’t a threat for them: Any company with a network, data storage, a domain, or a connection to a network is vulnerable to these attacks. In short, nearly everyone can be affected. 

Typically the goal of an attack is to gain access to data and move it out of a network to an external location. Such attacks can leave your client data, employee information, and company internal information at great risk. And you definitely don’t want that. 

How to prevent harmful network egress

Jerry Perullo, former Chief Information Security Officer (CISO) for the Intercontinental Stock Exchange and host of the podcast #LifeAfterCISO, was recently a keynote for our virtual Cybersecurity conference. As a former CISO, Jerry is practically an encyclopedia of the do’s, don'ts, and what now’s of network egress. 

In his presentation, Jerry weighs in heavily on the avenues of egress attacks, how they’re perpetrated, and some rules of thumb to reduce or eliminate them at the source. 

“Any security leader who is starting with and relying on this idea of full visibility, inventory and asset management, and waiting to get that done before moving on to what they’re going to do about it, is not going to be very successful.” 

Jerry has an interesting perspective and forward-thinking theory of what other CISOs need to do to stay ahead of breach issues like network egress. For him, preparation is vital for prevention. In short: Don’t wait until a breach happens to try and fix it. 

Here are some questions companies should ask to uncover egress vulnerabilities:

  • Does our organization see a rapid growth of digital assets or shadow IT (SaaS apps)?
  • Is our organization heavily reliant on software patches for data breach protection?
  • Have we or are we going to relocate data to a new network?
  • What will protect against the next wave of attacks or vulnerabilities, not just patch the current ones?

No doubt companies should have a clear action plan if a data breach occurs, but as Jerry argues, it’s better to work on preventing breaches rather than having to react to them. By that point, some of the damage has already been done.

What is the best way to prepare for egress attacks?

What’s the best way to prepare for egress attacks? It’s an easy answer: Lock down all egress.

Here’s Jerry’s two-fold advice for locking down egress attacks:

“Get all the DNS queries going through a single source. The next piece is policy, unless you implement a policy the first step is kind of pointless.” 

Since malware and other threats that exploit egress rely on insecure outbound activity, companies have to take extra precautions to stay safe, such as DNS encryption provided by DNSFilter, which adds another layer of security to data in transit. Even if the data is intercepted, it's still not in plain view.

Even if an organization is in danger of an internal data breach, or have other security measures in place, egress filtering, DNS encryption, and limiting which DNS queries are allowed on your network is a great first line of defense against malicious egress activity. The most important thing for companies to do is create proactive, not just reactive, strategies for dealing with egress.

Network egress: The best defense is a great offense

If you’ve never heard of network egress before, you might think it’s harmless. After all, we already established that it sounds like a type of bird. But network egress can put your company at great risk of losing valuable data unless you take precautions early, and review them often. If there’s one thing you should take away from Jerry’s advice, it’s that the best defense against network egress is a great offense that takes proactive measures to prevent risks.

For a deeper dive into Jerry’s thoughts on network egress, watch his keynote presentation here.

Search
MORE Cybersecurity

Cybersecurity Report Mid-year 2022

Inside this report, you’ll see there’s been significant increases in botnet, DDoS, and phishing attacks, often on critical systems and infrastructure.

Get the Report

SIEM Integration with Data Export Feature

Data Export feature allows customers to transmit DNS query data from DNSFilter to an external location in real-time.

Learn More about Data Export

Lifesaver Program

Current OpenDNS customers get FREE DNS security through September 2022 when you commit to a 1-year deal with DNSFilter.

Get More Details
LATEST POSTS

How to Spot a Nation-State Cyber Attack

From cyber espionage to cyber terrorism, cybercriminals now pose a significant threat to national security and public safety.

"MSP Friendly, Intuitive, Powerful" — ArcLight Case Study

ArcLight Solutions is a longstanding MSP primarily working with healthcare clients, rural hospitals and private practices.

Compliance ≠ Security: Healthcare Organizations’ Biggest Threats

Compliance and security are not the same. And in healthcare, this difference is incredibly important. Checking off compliance boxes will not ensure patient data

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.