Egress filtering controls and monitors outbound network traffic leaving an organization’s network, blocking or logging connections that violate security policy. While most organizations focus heavily on blocking inbound threats, egress filtering addresses the other half of attacker activity: communicating with command-and-control servers and exfiltrating stolen data.
Effective egress filtering blocks outbound connections on unexpected ports, prevents internal systems from connecting directly to the internet when they should route through proxies, and flags large or unusual data transfers to external destinations.
CISSP Relevance
Egress filtering is addressed in Domain 4 (Communications and Network Security). CISSP candidates must understand egress filtering as a complement to ingress controls and how outbound traffic monitoring supports both threat detection and data loss prevention objectives.
External reference: CISA Technical Advisory on Network Defense
Related terms: Firewall, Data Loss Prevention