Data & Storage / DLP / Egress
FR EN

Data & Storage

DLP / Egress

Data loss prevention (DLP) and egress control: keep sensitive data from leaving the perimeter.

Plane
Data & Storage
Flow steps
8 · 10
Frameworks
OWASP LLM02 · NIST 800-53

Technology

Why use it

Monitor and block outbound flows carrying sensitive data, intentionally or via a hijacked agent.

Why it matters to security

Last rampart against exfiltration: it inspects what goes out, where the attacker wants to send the data.

Implementations Microsoft Purview DLPNightfallegress gatewaysoutbound firewall rules

Watch what leaves as much as what enters: exfiltration is the endgame.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • DLP inspection of outputs (PII, secrets).
    NIST 800-53 SI-15OWASP LLM02:2025
    Outbound content is analyzed before leaving the system.
  • Egress restricted to an allow-list of destinations.
    NIST 800-53 AC-4 · SC-7
    Flows only go to approved destinations.
  • Outbound-flow logging.
    NIST 800-53 AU-2
    Every outbound transfer is traced.

Enterprise

Enterprise standard
  • Exfiltration prevention at the boundary.
    NIST 800-53 SC-7(10)
    The boundary actively blocks unauthorized transfers.
  • Data classification applied to egress.
    NIST 800-53 AC-4 · AC-16
    “Secret” data cannot take a public channel.
  • Alerts on abnormal volumes/destinations.
    NIST 800-53 SI-4
    An egress spike to an unknown destination triggers an alert.

Advanced

High-assurance / regulated
  • Egress decision delegated to the PDP in context.
    NIST 800-53 AC-24
    The right to send depends on data, destination and risk.
  • Adaptive blocking correlated with the SIEM.
    NIST 800-53 SI-4
    A known exfiltration behavior is blocked automatically.
  • Watermarking / tracing of sensitive data.
    NIST 800-53 AU-10
    You can trace the origin of leaked data.

Architecture notes

  • A hijacked agent exfiltrates via legitimate channels.details ▸
    A mundane API call or email is enough.
    Pair output DLP with allow-listed egress: inspect content AND bound destinations.

References

OWASP LLM02:2025
Sensitive Information Disclosure — egress is the last control point.
NIST SP 800-53 Rev5
AC-4 (Information Flow), SC-7 / SC-7(10) (Boundary / exfiltration), SI-15, AC-16, SI-4, AC-24.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone