Your IP: Unknown · Your Status: Unprotected Protected


Blog In Depth

What is data egress?

Dec 04, 2019 · 2 min read

What is data egress?

Cyberattacks on organizations are getting worse and worse. Currently, the average cost of a data breach $3.62 million, a 12% increase since 2014. Furthermore, 60% of small and medium sized companies go out of business within six months after an attack. It’s only bound to get worse — the frequency, cost, and fines for data breaches is escalating.

With 2019 on track to become the worst year on record for data breaches, it’s the perfect time to review potential security issues your company may face. While most organizations are concerned about exterior threats, data egress is just as important. But what is data egress, and how can you prevent sensitive data loss?

Ingress vs. egress: what’s the difference?

In network activities, egress is traffic that originates within the network and then leaves to an outside location. This data can be outbound emails, messages, files going to external cloud storage, and so on. Ingress is the opposite of egress — it means traffic that is entering your network from outside.

How do criminals use egress traffic to steal data? Usually it’s done using data exfiltration techniques like backdoor Trojans or social engineering disguised as regular network traffic. If your company doesn’t have proper data egress filtering, criminals can exfiltrate data without you even noticing.

How to prevent unauthorized data egress

Monitor your company’s network. The first step is to keep track of what’s happening on your network. Network monitoring enables you measure metrics such as uptime, availability, response time, and helps you detect suspicious activities.

Keep track of data. Locatting, identifying and organizing sensitive company data is another good step in data loss prevention. It can help you decide what kind of protection is needed and who can access particular data.

Control access. Implement an authorization policy so each new device connected to the network has to be approved before joining it. With NordVPN Teams you can manage who can access specific resources from a centralized control panel.

Firewall rules. A firewall is a gatekeeper that can manage data ingress and egress. Some companies have been breached precisely because their egress rules enabled intruders to funnel data without anyone noticing. Configure your firewall with the right rules to block potential unauthorized data egress.

Firewall logging. Log data for ingress and egress traffic to manage potentially malicious activities. This data can let you analyze traffic by utilizing SIEM tools (Security Information and Event Management). It compiles, correlates, and manages data across your security systems and other networks. If properly set up, it can help prevent unauthorized data exfiltration.

Incident response. In case a breach does happen, having a response plan can do a lot to prevent further damage to the company. Even with seemingly bulletproof security systems, be prepared for the worst-case scenario.

Start protecting your business today.


Sybil Andrea
Sybil Andrea successVerified author

Sybil spends her days browsing the net, which is where she started to learn about cyber security. She believes that everyone should have the right to go online safely, so now she shares her insights as a NordVPN content writer.


Subscribe to NordVPN blog