Network Egress: How to Protect Your Company From Unwanted Data Breaches
by Kory Underdown on Jul 5, 2022 12:00:00 AM
Look there, in the sky! Is it a bird? A plane? No…it’s network egress!
Just kidding…you won’t find network egress in the sky (even though it kind of sounds like a type of bird, right?), but you will find it in your company.
Network egress or data egress refers to data leaving a network, often through email, loading web pages via DNS, cloud storage, etc. Data breaches via network egress affect over 90% of organizations that are using or are connected to a network—a.k.a. nearly all of them. Most of these attacks are the result of internal issues (that are usually avoidable) such as carelessness, ignoring security rules, falling for phishing schemes, and so on.
Companies are becoming more decentralized with the rise of hybrid and remote work, and with this change comes increased concerns about network egress. Because of this, it’s important for organizations to find new solutions to stop data theft at the source.
Here’s everything you need to know about network egress to protect your company.
How network egress works
All networks have an entrance and an exit point for data. When data enters the network it’s called ingress, and when data leaves the network it’s called egress.
How does data egress happen?
Network egress is a normal part of network activity. In fact, you probably participated in network egress today! The challenge with network egress is reached when an unauthorized party tries to take information or gain access to proprietary systems.
You might be surprised by how common data egress is, because it’s tied to activities that workers do in their everyday, including:
- Transferring files via FTP/HTTP
- Using cloud storage for your work documents
- Sending external emails
- Uploading documents to the web
- Transferring information to devices like USBs and external hard drives
- Even common DNS traffic for website IP lookups is a form of egress
See how easy it is to put company data at risk? 😬 If it doesn’t worry you at least a little bit, it should. Keep reading to find out how you can prevent harmful network egress.
Who is vulnerable to network egress attacks?
Bad news for companies hoping that network egress attacks aren’t a threat for them: Any company with a network, data storage, a domain, or a connection to a network is vulnerable to these attacks. In short, nearly everyone can be affected.
Typically the goal of an attack is to gain access to data and move it out of a network to an external location. Such attacks can leave your client data, employee information, and company internal information at great risk. And you definitely don’t want that.
How to prevent harmful network egress
Jerry Perullo, former Chief Information Security Officer (CISO) for the Intercontinental Stock Exchange and host of the podcast #LifeAfterCISO, was recently a keynote for our virtual Cybersecurity conference. As a former CISO, Jerry is practically an encyclopedia of the do’s, don'ts, and what now’s of network egress.
In his presentation, Jerry weighs in heavily on the avenues of egress attacks, how they’re perpetrated, and some rules of thumb to reduce or eliminate them at the source.
“Any security leader who is starting with and relying on this idea of full visibility, inventory and asset management, and waiting to get that done before moving on to what they’re going to do about it, is not going to be very successful.”
Jerry has an interesting perspective and forward-thinking theory of what other CISOs need to do to stay ahead of breach issues like network egress. For him, preparation is vital for prevention. In short: Don’t wait until a breach happens to try and fix it.
Here are some questions companies should ask to uncover egress vulnerabilities:
- Does our organization see a rapid growth of digital assets or shadow IT (SaaS apps)?
- Is our organization heavily reliant on software patches for data breach protection?
- Have we or are we going to relocate data to a new network?
- What will protect against the next wave of attacks or vulnerabilities, not just patch the current ones?
No doubt companies should have a clear action plan if a data breach occurs, but as Jerry argues, it’s better to work on preventing breaches rather than having to react to them. By that point, some of the damage has already been done.
What is the best way to prepare for egress attacks?
What’s the best way to prepare for egress attacks? It’s an easy answer: Lock down all egress.
Here’s Jerry’s two-fold advice for locking down egress attacks:
“Get all the DNS queries going through a single source. The next piece is policy, unless you implement a policy the first step is kind of pointless.”
Since malware and other threats that exploit egress rely on insecure outbound activity, companies have to take extra precautions to stay safe, such as DNS encryption provided by DNSFilter, which adds another layer of security to data in transit. Even if the data is intercepted, it's still not in plain view.
Even if an organization is in danger of an internal data breach, or have other security measures in place, egress filtering, DNS encryption, and limiting which DNS queries are allowed on your network is a great first line of defense against malicious egress activity. The most important thing for companies to do is create proactive, not just reactive, strategies for dealing with egress.
Network egress: The best defense is a great offense
If you’ve never heard of network egress before, you might think it’s harmless. After all, we already established that it sounds like a type of bird. But network egress can put your company at great risk of losing valuable data unless you take precautions early, and review them often. If there’s one thing you should take away from Jerry’s advice, it’s that the best defense against network egress is a great offense that takes proactive measures to prevent risks.
For a deeper dive into Jerry’s thoughts on network egress, watch his keynote presentation here.
When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.