Monitor Outbound Network Traffic

Applies To: WatchGuard Advanced Reporting Tool This topic applies to the optional WatchGuard endpoint security module, Advanced Reporting Tool. The Advanced Reporting Tool is available with WatchGuard EPDR and WatchGuard EDR.

To minimize the attack surface and avoid exfiltration of data, it is important to know the external ports that outgoing traffic is sent to. Use the Outbound Network Traffic tab to see where data is sent (and received), and to identify possible data breaches and compromised systems.

If you do not monitor outgoing traffic on sensitive ports, you could expose your company to potential attacks. We recommend that you close open ports when you do not need them and monitor ports continuously when access is required.

To see outbound network traffic destinations, from the WatchGuard Endpoint Security management UI:

1. In WatchGuard Cloud, select Monitor > Endpoints.
2. Select Status.
3. From the left pane, select Advanced Visualization Tool.
   A new browser tab opens.
4. From the left pane, select Advanced Reporting > Data Access Control.
5. Select the time period to filter the data on.

6. Click Refresh.
   The dashboard shows information for the time period selected.
7. Select the Outbound Network Traffic tab.
8. In the Data section, review the Countries with Outbound Connections tile.
   This tile shows information about the volume of data sent from your network to a country. The charts show the absolute and relative amounts of data transferred.
9. In the Map section, review the highlighted destinations.
   The map shows the destinations where the largest amount of data was sent and helps you to identify abnormal traffic destinations.

Related Topics

Data Access Control Dashboard

Monitor User Activity

Monitor Bandwidth-Consuming Application Processes and Users

Monitor the Data Files Accessed