Data Exfiltration - jibingl/CCNA-CCNP GitHub Wiki
- Cisco Stealthwatch is a Network Detection and Response (NDR) solution designed for protecting data exfiltration.
Protocols being used for data exfiltration attack
| Protocol/Attack | How it works | Cisco Solution |
|---|---|---|
| DNS Tunneling | Hide data in DNS query or send non-DNS traffic over port 53 | Umbrella |
| HTTP/HTTPS | HTTP POST to send files out | Stealthwatch |
| Extract data via emails | Secure Email Gateway | |
| ICMP Tunneling | Hide data inside ICMP packets | Stealthwatch |
| FTP/SCP | Anonymous upload to a "blind drop" FTP server | Stealthwatch |
| NTP Tunneling | Hide data in extension fields, unused padding, or even by subtly manipulating timestamp fields to encode information |
Cisco Stealthwatch now is rebranded as Cisco Secure Network Analytics