Perception Update - Unusual Data Movement Classification

A suite of classifiers to detect unusual movements of data both internally and to external servers.  Data volumes are accumulated over time to detect both short large volume transfers and “low and slow” leaking of data.

This feature provides the analyst with a clear picture of data movements across, into and out of their network.  This enables them to mitigate against potential data exfiltration or unusual lateral movement activities.

Data movement is at the heart of cyber security.  If you asked any InfoSec professional what their biggest concern is it’s usually loss of sensitive, valuable, or important information.  In fact, almost all highly publicised breaches involve loss of customer data (although this is usually due to data protection rules requiring companies to inform customers of data loss).

The new set of classifiers is designed to detect movement of data anywhere within or out of a network.  Not only do they protect against the big exfiltration attempts, they also act over a significant period of time to detect segmented exfiltration of data in small chunks.  Since Perception also analyses internally, it now detects data moving between hosts (attempting to hide real data origin), as well as data exfil being distributed to multiple destinations

This update is sensor based, and will be pushed to all managed customers at the pre-agreed upgrade time.  Self-monitored customers can update their own sensors using the software upgrade process.  If you have any further questions about this upgrade please contact us at