Outbound security groups dictate the conditions under which outgoing traffic from a resource should be allowed.
It is a good practice to clamp down on outgoing traffic as well as it severely reduces the risk of a resource being used as a hop in a Denial of Service attack.
For example, a web server should have outgoing access only on port 443 to a third-party API service that it consumes.