Rapid7, Inc.
Data exfiltration detector

Abstract:

Methods and systems for detecting a data exfiltration event on a network. The method includes receiving traffic data and applying a transformation to transform the traffic data at least closer to a normal distribution. The method further includes selecting at least one outlier identification technique based on a property of the transformed data, and then executing the at least one selected identification technique to determine whether the traffic data is indicative of a data exfiltration event.