Egress filtering is the restriction or inspection of outbound network traffic leaving a device, subnet, or environment. It matters because attackers often need outbound communication for exfiltration, malware delivery, or command-and-control success.
What is Egress Filtering?
Organizations use egress filtering to reduce data exfiltration, unauthorized protocols, risky destinations, and malware callouts. It is a powerful but sometimes underused control for limiting what compromised systems can do after infection.
What Egress Filtering Commonly Supports
Common uses include data-loss prevention, malware containment, outbound policy enforcement, cloud egress governance, and command-and-control disruption.
Egress Filtering vs. Open Outbound Access
Egress filtering constrains what traffic can leave. Open outbound access gives compromised or careless systems much more freedom to communicate externally.
Frequently Asked Questions
Why is egress filtering important?
Because stopping outbound abuse can limit the damage even after an attacker gets a foothold.
Does egress filtering break applications?
It can if done carelessly, which is why discovery and staged policy design matter.
Related Cybersecurity Terms
