When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/white-paper-c11-736595.htmlWhen investigating an event, it is important to determine if data exfiltration has occurred. Data exfiltration refers to the unauthorized transfer of data from a computer or network to an external location. To identify data exfiltration, different types of data can be collected and analyzed.
Firewall logs provide a record of network traffic that has been allowed or blocked by the firewall. This data can be used to investigate the source and destination of network traffic and identify any unusual patterns or activity. However, firewall logs may not provide detailed information about the actual data being transferred, making it difficult to determine if data exfiltration has occurred.
Full packet capture is the process of recording all the network traffic that passes through a specific network segment or device. This data can be used to reconstruct network sessions and identify the exact data that was transferred. Full packet capture is a powerful tool for investigating events and can provide detailed information about data exfiltration. However, it requires significant storage capacity and can be resource-intensive.
Session data refers to information about network sessions, including the source and destination IP addresses, the protocols used, and the duration of the session. This data can be used to investigate network activity and identify potential data exfiltration. Session data is less resource-intensive than full packet capture but may not provide the same level of detail.
NetFlow data is a type of session data that provides information about network traffic flows. This data can be used to identify the volume of data transferred, the source and destination of the traffic, and the protocols used. NetFlow data is less resource-intensive than full packet capture but can still provide valuable information for investigating events and identifying data exfiltration.
In conclusion, all of the provided options can be used to investigate an event and identify data exfiltration. However, full packet capture and NetFlow data are typically more effective for identifying data exfiltration due to their ability to provide more detailed information about network traffic.