Rapid7, Inc.
DATA EXFILTRATION DETECTOR

Abstract:

Disclosed herein are methods, systems, and processes for detecting data exfiltration. A data exfiltration event in a network is detected. Traffic data regarding outgoing traffic of a source in the network associated with the data exfiltration event is received. A logarithmic transformation is applied to the traffic data to generate transformed data. An outlier identification technique is selected based on the transformed data and is executed on the transformed data to determine that the outgoing traffic is indicative of the data exfiltration event. An alert is generated in response to the determination that the outgoing traffic is indicative of the data exfiltration event.