Thousands of data breaches occur in the U.S. every year, costing companies close to a whopping $10 million per breach. While countless tools and vendors aim to reduce the number and impact of these breaches, the reality remains that they continue to grow. This is due in part to the fact that many solutions are focused on what (or who) is entering the network, but remain blind to what is exiting it. Modern production applications are increasingly reliant on a web of external vendors and APIs, resulting in egress traffic that exposes the organization to as much risk as ingress traffic does.
Egress traffic refers to the data that flows out from a particular network or device to another network, such as the internet or a different local network. It can include various types of data, such as web requests, emails, file downloads and more. Ingress traffic is the opposite of egress traffic. It refers to the data that flows into a particular network or device from another network. Understanding and managing both types of traffic is essential to ensure efficient network operation and security, but many companies have a blind spot when it comes to egress. Over the years, this has contributed to massive data breaches that could have been mitigated with better visibility into, and control over, egress.
Regardless of an attacker’s strategy, a cyber attack must exfiltrate sensitive data to be successful. For the vast majority of attacks, a tool that can restrict outbound access based on identity or scan for sensitive data on egress can prevent or significantly reduce the impact of a data breach. There have been numerous breaches over the last decade that could have been mitigated with a zero trust strategy for egress, including the following that resulted in long-lasting reputational damage.
This 2020 attack involved the insertion of malicious code into SolarWinds' Orion IT management software, which was distributed to thousands of SolarWinds customers through software updates. While the breach was not solely due to poor egress security, implementing egress best practices could have mitigated its impact and prevented aspects of the attack. For example, if the affected networks had a tool controlling which external APIs SolarWinds could access, it might have prevented the malware from communicating with the attacker's servers.
In 2014, customer credit card information was exfiltrated from Home Depot point-of-sale (POS) systems to external servers controlled by attackers. If Home Depot’s team had better visibility into the egress traffic from individual store locations, they may have been able to identify the compromised POS systems and the extent of the breach faster. A zero trust strategy designed to limit external access from Home Depot's store location networks and enforced by an egress controller could have prevented access to the attacker's external systems altogether.
Implementing a zero trust strategy for egress has become even more critical in recent years as attackers have gotten more sophisticated and attack vectors have significantly increased. Organizations can reduce or eliminate the impact of cyber attacks by deploying tools that increase visibility, restrict outbound access, and scan for sensitive data on egress - as evidenced by the above high-profile breaches and many more like them.
The following best practices set the foundation for egress security for a platform engineering team. By implementing these practices, organizations can greatly reduce the risk of an egress-related data breach.
Visibility into and control over egress traffic is an indispensable part of a platform team’s security strategy as core production applications become more interconnected and as attackers grow more sophisticated. Implementing the above best practices with home grown tooling, however, can be a challenging task and a significant distraction for busy engineers.
Qpoint offers an easy to deploy and flexible solution to enable platform teams to enhance egress observability, apply zero trust security principles, and increase operational resilience for the platform as a whole and the core production applications that run on their networks.
Are you ready to safeguard egress for your production application environments? Explore how Qpoint can help you tap into and take control of your egress traffic in our docs or with a demo by our solutions engineering team.