Data exfiltration is the unauthorized transfer of data out of an organization. Attackers use encrypted channels, DNS tunneling, cloud storage, or physical media such as USB drives to extract sensitive information.
Detection is challenging because exfiltration often uses legitimate protocols. DLP systems, network monitoring, and analysis of unusual data flows help identify suspicious transfers. Exfiltration is particularly critical with insider threats, since employees already have legitimate access rights. Effective monitoring combines network analysis with behavioral monitoring at endpoints.