T1020 Automated Exfiltration

The control describes the implementation of strong technical and procedural safeguards, such as TLS with strong keys)to protect sensitive data during transfer and prevent unauthorized access or interception. For this technique, encryption and off-system storage of sensitive information may be one way to mitigate the successful exfiltration of files.

Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection. This control enforces the classification of data by type, criticality, and sensitivity level to enable appropriate protections (including DLP measures), mitigating attacker techniques such as data exfiltration, unauthorized disclosure, and the misuse of unprotected sensitive information. Certain data loss prevention capabilities can restrict the attempt of mass automated exfiltrating tagged sensitive data and prevent the execution of it.