Episode 88 — Data Exfiltration: paths, choke points, and practical controls
Data exfiltration is a recurring CloudNetX scenario because it highlights that attackers often use allowed pathways to move data out, making egress control and visibility essential. This episode defines exfiltration as unauthorized movement of data from protected environments to external destinations, and it explains common paths such as web uploads, cloud storage services, email, API calls, and DNS-based techniques. The first paragraph focuses on choke points as the architectural concept that makes exfiltration controllable: if outbound traffic is unconstrained, detection is difficult and containment is slow, but if outbound paths are well-defined, policy enforcement and monitoring become feasible. It explains how segmentation supports this by isolating sensitive systems and limiting their outbound connectivity, and how identity and logging support accountability by tying outbound actions to specific systems and users.
