Egress Filtering

Monitor and control the data that is leaving your environment.

An Egress Filtering Assessment is the first step in achieving data transmission awareness within your organization. This assessment is critical for understanding the environment and mapping out the key information processes and devices, network topology, and controls that have an impact on how data is transmitted.

Benefits

Attackers use relaxed egress filtering policies to their advantage. Once a system is compromised, they can rely on that system initiating outbound connections to provide reverse command and control for the attackers. The Egress Filtering Assessment will help to identify and reduce points of egress within the environment by understanding how data should flow through the infrastructure, what business processes require external connections, and what protocols and ports are required to establish a connection.

Expertise

SecureState has developed an egress filtering methodology that meets data security requirements. The primary components SecureState evaluates during this process are the confidentiality, integrity and availability of data within the environment, and to provide confidence and knowledge with the following areas:

  • What data is currently traversing protected or sensitive dataset zones
  • What controls are in place to prevent data loss or unauthorized access
  • Can the business maintain continuity if datasets are affected
  • How quickly and effectively can the organization respond to a data loss or unauthorized access event
  • Are controls and procedures in place effective and efficient
Approach and Methodology

The Egress Filtering Assessment consists of a multipart process to assess the current and newly defined data protection standards for the organization, as well as the access controls, retention, and remediation capabilities that could have an impact. 

Identify: SecureState will focus on how the people, processes, technologies, and locations integrate within the business environment.  Examples include:

  • Individuals who have access into, administer, or shape the business environment
  • Processes involved in handling data, administering or monitoring system components and access controls within the environment application development processes, and the processes and policies surrounding the protection of data
  • Technologies as they pertain to storage, processing, and transmission of data
  • Locations involved in the storage, processing, and transmission of sensitive data including corporate and remote or satellite locations, and data centers, unless deemed out of scope at the time of the assessment.
  • Control sets and configurations implemented to protect and monitor critical datasets.

Develop: Securestate will provide a comprehensive analysis of security controls required on a system or network component. It is critical to understand how the overall hardening and protection techniques have been applied and the underlying risks to the datasets that may be associated. SecureState performs both automated and manual assessments to identify potential security threats and misconfigurations.  SecureState performs this review by first understanding the overall architecture of the organization, then applying industry best practices and hardening techniques tailored to the pertinent datasets that support the business.

Implement: Once data is identified and verified, it is then initially plotted, analyzed, and correlated for the effectiveness of controls that protect data access. The end result will provide your organization detailed information on, and recommendations for, the following:

  • Data locations and types
  • Data segmentation requirements
  • Data storage, transmission and process hardening
  • Systems that store, process or transmit sensitive data, and how sensitive datasets are introduced into the environment
  • Access and accountability controls based on roles/need-to-know
  • Limiting the damage of a potential data incident, which reduces recovery time, costs, and liability, and helps ensure data controls and segmentation are compliant

SecureState also performs a dataset identification to provide basic detail and a systematic approach to understanding why data exists, its impact, and its value to the organization.  The dataset will become a risk inventory that can be implemented to properly allocate funds and resources to defend the key assets, reducing the scope, time, effort, and resources needed to protect what is truly important. Employing a proper data protection and retention scheme is cost effective, and allows a business to focus on protecting its higher risk data assets.

egress_filtering
Get Started!