Exfiltration Vector

What is an Exfiltration Vector?

An exfiltration vector is the specific channel, method, or path an attacker or malicious insider uses to transfer sensitive data outside an organisation's control. It's the "how" of a data exfiltration event: the technical route through which data moves from inside the governed environment to a destination where the organisation no longer controls it.

Understanding vectors is operationally important because different vectors require different detection approaches, and the hardest vectors to detect aren't the technically sophisticated ones. They're the ones already permitted by the organisation's own security controls.

Why vector selection determines whether detection is possible

Conventional thinking about data exfiltration assumes attackers will use obviously anomalous channels: unknown external IP addresses, blocked protocols, suspicious domains. DLP tools were designed with that assumption. Block the bad destinations, inspect the suspicious traffic, alert on unusual protocols.

That assumption broke. MITRE ATT&CK explicitly documents exfiltration over web services and cloud storage as common attacker techniques, specifically because these destinations are typically already permitted. An employee uploading to Dropbox, Google Drive, or OneDrive is using approved infrastructure. A DLP rule blocking those destinations would disable legitimate business workflows. So most organisations don't block them. Attackers use them deliberately because they know this.

The real problem is that the most effective exfiltration vector today is often the most boring one: the same path a legitimate employee would use to do their job. That's what makes vector selection a detection design problem, not just a policy enforcement problem.

The main exfiltration vector categories

Permitted cloud storage and file sharing

Google Drive, Dropbox, OneDrive, Box, SharePoint external sharing. These platforms are legitimate business tools that also serve as exfiltration destinations because the traffic they generate is encrypted, goes to trusted CDN infrastructure, and is typically on allowlists. Network DLP that doesn't perform SSL inspection sees only encrypted traffic to known-good domains. Endpoint DLP may see the file write operation but only if it's configured to monitor uploads to these specific applications. The vector works because it's indistinguishable from normal use at the channel level.

Corporate email to personal accounts

Sending an attachment to a personal Gmail or Hotmail account remains one of the most common insider exfiltration vectors, precisely because it requires no technical sophistication. The sender has legitimate access to the files. The email gateway is configured to allow outbound traffic. The only detection opportunity is at content inspection: does the attachment contain sensitive data, and is the destination a personal email domain? DLP at the email gateway addresses this when it's correctly configured with accurate classification. When classification is rule-based with 60% accuracy, the rate of misses is significant.

Removable media and USB transfer

Physically copying data to a USB drive is slow and produces physical evidence, but it bypasses all network monitoring entirely. Cloud DLP doesn't see it. Network DLP doesn't see it. Endpoint DLP configured to monitor USB write operations is the only control layer that catches it. Many organisations have USB policies that are written but not technically enforced, creating a vector that exists on paper as blocked but operationally as open.

Print and physical reproduction

Printing sensitive documents creates a physical copy that leaves the organisation with no digital tracking. DLP tools with print monitoring capabilities can flag and block sensitive content going to printers, but this control is often absent or configured only for specific content types. High-volume printing of sensitive records before departure is a consistent pre-offboarding indicator that endpoint DLP should detect but frequently misses.

Covert network channels

DNS tunnelling embeds data in DNS query strings, exploiting the fact that DNS traffic is rarely inspected for content at enterprise scale. HTTP/S covert channels manipulate header fields or steganographically encode data in permitted web traffic. These techniques require more sophistication and are used primarily by well-resourced external attackers rather than insiders, but they produce no obvious egress event and evade standard DLP entirely. Detection requires network traffic analysis that specifically looks for volumetric and entropy anomalies in DNS and HTTP traffic patterns.

GenAI and shadow AI applications

Browser-based GenAI tools have become a significant emerging vector. An employee pastes customer data into a prompt for analysis. The model processes it. No file was created. No download occurred. The traffic goes to a permitted HTTPS endpoint. No DLP rule fires because there's no file to inspect, and the content entered the channel as typed text through a web interface. The data is now in a third-party model's context, potentially retained in training pipelines depending on the provider's terms. This vector is growing faster than most organisations' visibility into it, and the detection approach requires monitoring what enters GenAI sessions rather than just what files are transferred.

How detection coverage maps against vectors

The honest picture of coverage by vector type:

Email exfiltration is relatively well-covered by DLP tools at the email gateway, when classification accuracy is high enough to avoid significant false negative rates. It's one of the most mature detection use cases.

Cloud storage upload via browser is partially covered by network DLP with SSL inspection enabled, and more completely covered by endpoint DLP that monitors file write operations and browser-based upload activity. Coverage gaps exist where SSL inspection isn't deployed or where specific platforms are excluded.

Removable media is covered only by endpoint DLP configured to monitor and enforce USB write policies. Many organisations have the policy. Not all have the technical enforcement.

Print channels are covered by endpoint DLP with print monitoring, which is deployed less consistently than other endpoint DLP capabilities.

Covert network channels require specialised network traffic analysis beyond standard DLP capabilities. Coverage is typically absent in environments without dedicated network anomaly detection.

GenAI channels are largely uncovered by conventional DLP tools, which weren't designed for conversational data entry. Browser extension-based monitoring, endpoint telemetry of clipboard operations, and API-level monitoring of GenAI platform traffic are emerging approaches, none of which has reached the maturity level of email or cloud storage DLP.

That's the coverage map. The vectors attracting the most attention in enterprise security programmes right now are precisely the ones at the bottom of the list, specifically the approved-channel and GenAI categories, because they have the least mature detection coverage against the highest current threat activity.

The detection shift that addresses approved-channel vectors

Blocking exfiltration vectors at the channel level only works for obviously malicious channels. Permitted-channel exfiltration can't be blocked at the channel level without disabling legitimate business operations.

The detection shift required is from channel-level control to sequence-level behavioural detection. The upload to Dropbox isn't suspicious. The access to a customer database that user hasn't touched before, followed by an unusually large export, followed by local file staging, followed by that upload: the sequence is suspicious. None of the individual events are blockable at a channel. The sequence is detectable across the behavioural model.

That's why sequence-based intent detection, built across identity baselines, data classification context, and endpoint telemetry, is the detection approach that addresses the hardest exfiltration vectors. Not because channel-level controls are useless, they're necessary for the vectors they cover. But because the vectors that evade channel-level controls require a fundamentally different detection model.

Frequently asked questions

What is an exfiltration vector?

An exfiltration vector is the specific channel, method, or technical path used to transfer sensitive data from inside an organisation's governed environment to an external destination outside its control. Common vectors include permitted cloud storage platforms, corporate email to personal accounts, removable media, covert network channels, and browser-based GenAI tools.

What is the most common data exfiltration vector?

Cloud storage platforms and email are the most common vectors by frequency in enterprise environments, primarily because they're already permitted business tools. Their prevalence as exfiltration vectors is a direct consequence of their presence on allowlists. MITRE ATT&CK documents exfiltration over web services as a specific documented technique for exactly this reason.

What exfiltration vectors does DLP detect?

Email DLP covers outbound attachments through corporate mail gateways. Network DLP covers web uploads to inspected channels, with gaps where SSL inspection isn't deployed. Endpoint DLP covers USB writes, print operations, and local file operations. Cloud DLP covers content already inside cloud platforms. No single DLP type covers all vectors. Covert network channels and GenAI-based exfiltration require detection approaches beyond conventional DLP.

How do attackers choose exfiltration vectors?

Attackers select vectors based on two criteria: what data they're moving and what controls they can identify as absent or weak. For insider threats, the selected vector is typically whatever is easiest and already available: the tools they use for work. For external attackers, vector selection is more deliberate: permitted cloud storage platforms, because they're allowlisted; DNS tunnelling, because DNS inspection is rare; or covert channels in encrypted traffic, because they're invisible to most network DLP tools.