Computers and computer networks are increasingly interconnected over private and public networks, exposing them to increased risk of attack. A specific type of attack called a data breach (or data exfiltration) is one that occurs when data is taken from within a computer network. Data exfiltration has been described by the free encyclopedia WIKIPEDIA, at online URL with search term “Computer Security”, as an unauthorized release of data from within a computer system or network. Malicious actors or “hackers” employ various techniques to transmit or steal sensitive information (data exfiltration). This is done by either gaining unauthorized access to an organization's through the use of malicious software referred to as “malware”. Malware is software (or script or other code) designed to compromise the security of the target device, gather sensitive information, or gain unauthorized access to computer systems and connected networks.
Current network security assessment frameworks and testing technology focus on assessing for technical vulnerabilities at the application, network, or host level that would allow a malicious attacker to gain access or control over an organization's IT assets from the perspective of an anonymous outsider, or malicious insider. Data breaches occur after unauthorized access is obtained and the attacker begins to steal data, this is commonly referred to as a “data breach”. Organizations do not have an automated and repeatable method to test their networks and security controls for common methods of data exfiltration.