08-16-2022 06:40 AM
When I use Threat Insight to test DNS Exfiltration prevention, a small part of the document goes through "Exfiltrates". Now this part could be two raws including two client's credit card numbers. Yes, the list of credit cards was not completely exfiltrated, but part of it did leak, which is still an issue.
Is there a way to prevent this?
Solved! Go to Solution.
08-17-2022 01:11 AM
Threat insight works based on behavior analysis. the idea is Infoblox will look into the dns traffic and score the behavior based on:
- entropy or randomness
so based on that it's expected infoblox will pass the dns query before it block the rest of dns exfiltration.
If you are sending data over txt file than you will get some data transfered, but if you try to exfiltrate some other extension like ppt, xls, jpg then you will get corrupted file