Protecting Firms from Data Exfiltration

Data Exfiltration

Seems like a cool term but it is bad news for your business if it happens to you.  Data exfiltration means that information (documents, folders, email) from your firm is extracted to the Internet without your knowledge and then hackers demand a ransom in order for them not to release that information to the public OR inform your clients that they have the information.   It’s like reverse ransomware!

Triella does many things to protect the systems of our clients who are on any of our Advantage maintenance plans.   Many of them are not known to our clients and so we though we would take a moment to highlight just one of them – daily firewall review.

Role of the Firewall

The firewall installed at your office should be the only point where information can flow in and out of your network.  If you have installed remote tools like Teamviewer, GotoMyPC or LogMeIn as examples it widens your security footprint since there are now multiple ways in which a hacker can get into your network.   Assuming you have not installed these programs, then you have a single chokepoint in the whole network through which all data must flow.

Each day, we receive a firewall report from each of our clients on our plan showing how much data is transiting across this link.  It will look like this for a really large client:

The vertical axis is the amount of data flowing across the firewall and the horizontal access is the time of day.  For each client there is a defined pattern.  When we see anomalies in that pattern we can investigate.

The firewall will tell us which machines, by IP address, are sending and receiving the most amount of data.  Automate, our monitoring software, will tell us who that IP belongs to by telling us the name of the machine.   Finally, ThreatLocker monitors all file access on all machines and thus we can check a specific machine to see if it is moving files out to the Internet.

We did detect this for one client so far.  Data was going from the client to a web site in Germany.  Using ThreatLocker, we were able to block that site so that no computer in the office could send data to that site.   This thwarted a potential exfiltration attack.

This is just one way in which Triella is working to keep your data safe. Call us now to learn more about our maintenance plans. 647.426.1004 x 227

Charles Bennett is the Principal Consultant at Triella.  We are a technology consulting company specializing in providing technology audits, planning advice, project management and other CIO-related services to small and medium-sized firms. Charles can be reached at 647.426.1004. For additional articles, go to our blog page. Triella is a VMware Professional Partner, Microsoft Certified Partner, Citrix Solution Advisor – Silver, Dell Preferred Partner, Authorized Worldox Reseller and a Webroot Reseller.

© 2020 by Triella Corp. All rights reserved. Reproduction with credit is permitted.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Follow us
Subscribe to our newsletter