The IT Law Wiki


Exfiltration is "[t]he unauthorized transfer of information from an information system." [1]


"Cyber criminals can use malware or other methods to infect a network and steal data using a process known as exfiltration.... Therefore, to prevent malware and data exfiltration, cyber defense systems often use a concept known as defense-in-depth, the deployment of a variety of network security devices at different layers of the network, to protect sensitive network data."[2]


  1. NIST Special Publication 800-53, App. B, Glossary.
  2. Centripetal Networks, Inc. v. Cisco Sys., Inc., 2020 WL 5887916, at *6 (E.D. Va. Oct. 5, 2020).

See also[]