Detecting if an unauthorized actor is using valid credentials to exfiltrate data at high speeds.
Traditional security tools (e.g., legacy NGFW, SSL inspection proxies) often fail to inspect FileCatalyst traffic because: filecatalyst detection and response
Update firewall rules to block the source IP of a suspected high-speed exfiltration attempt. Detecting if an unauthorized actor is using valid
FileCatalyst can also be used maliciously by threat actors. Some examples include: filecatalyst detection and response
Immediately disable the compromised FileCatalyst user account.
Force-kill active transfers associated with the suspicious event. Best Practices for Hardening Your Environment