Network Egress: How to Protect Your Company From Unwanted Data Breaches

Look there, in the sky! Is it a bird? A plane? No…it’s network egress!

Just kidding…you won’t find network egress in the sky (even though it kind of sounds like a type of bird, right?), but you will find it in your company. 

Network egress or data egress refers to data leaving a network, often through email, loading web pages via DNS, cloud storage, etc.  Data breaches via network egress affect over 90% of organizations that are using or are connected to a network—a.k.a. nearly all of them. Most of these attacks are the result of internal issues (that are usually avoidable) such as carelessness, ignoring security rules, falling for phishing schemes, and so on. 

Companies are becoming more decentralized with the rise of hybrid and remote work, and with this change comes increased concerns about network egress. Because of this, it’s important for organizations to find new solutions to stop data theft at the source. 

Here’s everything you need to know about network egress to protect your company. 

How network egress works

All networks have an entrance and an exit point for data. When data enters the network it’s called ingress, and when data leaves the network it’s called egress

How does data egress happen?

Network egress is a normal part of network activity. In fact, you probably participated in network egress today! The challenge with network egress is reached when an unauthorized party tries to take information or gain access to proprietary systems.

You might be surprised by how common data egress is, because it’s tied to activities that workers do in their everyday, including:

  • Transferring files via FTP/HTTP
  • Using cloud storage for your work documents
  • Sending external emails 
  • Uploading documents to the web
  • Transferring information to devices like USBs and external hard drives
  • Even common DNS traffic for website IP lookups is a form of egress

See how easy it is to put company data at risk? 😬 If it doesn’t worry you at least a little bit, it should. Keep reading to find out how you can prevent harmful network egress. 

Who is vulnerable to network egress attacks?

Bad news for companies hoping that network egress attacks aren’t a threat for them: Any company with a network, data storage, a domain, or a connection to a network is vulnerable to these attacks. In short, nearly everyone can be affected. 

Typically the goal of an attack is to gain access to data and move it out of a network to an external location. Such attacks can leave your client data, employee information, and company internal information at great risk. And you definitely don’t want that. 

How to prevent harmful network egress

Jerry Perullo, former Chief Information Security Officer (CISO) for the Intercontinental Stock Exchange and host of the podcast #LifeAfterCISO, was recently a keynote for our virtual Cybersecurity conference. As a former CISO, Jerry is practically an encyclopedia of the do’s, don'ts, and what now’s of network egress. 

In his presentation, Jerry weighs in heavily on the avenues of egress attacks, how they’re perpetrated, and some rules of thumb to reduce or eliminate them at the source. 

“Any security leader who is starting with and relying on this idea of full visibility, inventory and asset management, and waiting to get that done before moving on to what they’re going to do about it, is not going to be very successful.” 

Jerry has an interesting perspective and forward-thinking theory of what other CISOs need to do to stay ahead of breach issues like network egress. For him, preparation is vital for prevention. In short: Don’t wait until a breach happens to try and fix it. 

Here are some questions companies should ask to uncover egress vulnerabilities:

  • Does our organization see a rapid growth of digital assets or shadow IT (SaaS apps)?
  • Is our organization heavily reliant on software patches for data breach protection?
  • Have we or are we going to relocate data to a new network?
  • What will protect against the next wave of attacks or vulnerabilities, not just patch the current ones?

No doubt companies should have a clear action plan if a data breach occurs, but as Jerry argues, it’s better to work on preventing breaches rather than having to react to them. By that point, some of the damage has already been done.

What is the best way to prepare for egress attacks?

What’s the best way to prepare for egress attacks? It’s an easy answer: Lock down all egress.

Here’s Jerry’s two-fold advice for locking down egress attacks:

“Get all the DNS queries going through a single source. The next piece is policy, unless you implement a policy the first step is kind of pointless.” 

Since malware and other threats that exploit egress rely on insecure outbound activity, companies have to take extra precautions to stay safe, such as DNS encryption provided by DNSFilter, which adds another layer of security to data in transit. Even if the data is intercepted, it's still not in plain view.

Even if an organization is in danger of an internal data breach, or have other security measures in place, egress filtering, DNS encryption, and limiting which DNS queries are allowed on your network is a great first line of defense against malicious egress activity. The most important thing for companies to do is create proactive, not just reactive, strategies for dealing with egress.

Network egress: The best defense is a great offense

If you’ve never heard of network egress before, you might think it’s harmless. After all, we already established that it sounds like a type of bird. But network egress can put your company at great risk of losing valuable data unless you take precautions early, and review them often. If there’s one thing you should take away from Jerry’s advice, it’s that the best defense against network egress is a great offense that takes proactive measures to prevent risks.

For a deeper dive into Jerry’s thoughts on network egress, watch his keynote presentation here.

  • There are no suggestions because the search field is empty.
Latest posts
Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition

What a weekend at the Long Beach street circuit! The energy was electric, the excitement palpable, and DNSFilter was at the heart of the action, ensuring our guests had an unforgettable experience with Juncos Hollinger Racing and Romain Grosjean, the #77 driver for Juncos Hollinger.

Securing Public Wireless Networks Securing Public Wireless Networks

In the current era of digital transformation, securing public wireless networks has emerged as a fundamental challenge for IT professionals worldwide. The evolution of technology and the increasing reliance on digital platforms for both business and personal use have made public Wi-Fi networks indispensable. However, greater access creates greater vulnerabilities, making these networks prime targets for cybercriminals. The imperative to secure pu...

How to Secure Public Wi-Fi Networks How to Secure Public Wi-Fi Networks

In the quest to safeguard public Wi-Fi networks from the myriad of cyber threats, certain proactive steps stand out as fundamental. These measures form the backbone of a comprehensive security strategy, ensuring that the network remains robust against unauthorized access, data breaches, and various forms of cyberattacks.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.