-
Notifications
You must be signed in to change notification settings - Fork 1
Data Exfiltration
FeIix edited this page May 3, 2026
·
3 revisions
- Cisco Stealthwatch is a Network Detection and Response (NDR) solution designed for protecting data exfiltration.
| Protocol/Attack | How it works | Cisco Solution |
|---|---|---|
| DNS Tunneling | Hide data in DNS query or send non-DNS traffic over port 53 | Umbrella |
| HTTP/HTTPS | HTTP POST to send files out | Stealthwatch |
| Extract data via emails | Secure Email Gateway | |
| ICMP Tunneling | Hide data inside ICMP packets | Stealthwatch |
| FTP/SCP | Anonymous upload to a "blind drop" FTP server | Stealthwatch |
| NTP Tunneling | Hide data in extension fields, unused padding, or even by subtly manipulating timestamp fields to encode information |
Cisco Stealthwatch now is rebranded as Cisco Secure Network Analytics