How to use this site; DLP PHI Testing (23 min)
|
|
|
Data Security Testing & Tuning
Test and tune; DLP, CASB, and UEBA solutions.
For Compliance and Data Protection; test
and tune policies and controls as required by most
frameworks & standards as part of a continuous improvement model.
Data Fact: Web based data leaks happen through browser http "post", "file upload", or "get".
The below tests challenge the ability for an organization to prevent and detect sensitive data leaks.
|
|
|
Select one of the tests below or pick from the navigation bar above
Test 1: POST
the most common way data is leaked
Post tests this month:
20904
Post leaks this month:
0
Post tests today:
1424
Post leaks today:
0
3.238.88.35
tested
0
times and leaked data via post
0
times this month
|
Test 2: GET
most commonly unchecked method of data loss
Get tests this month:
4613
Get leaks this month:
0
Get tests today:
174
Get leaks today:
0
3.238.88.35
tested
0
times and leaked data via get
0
times this month
|
Test 3: File Upload
most common for large data leaks
File uploads this month:
1191
File uploads today:
95
3.238.88.35
tested
0
files today and
0
uploads this month
|
Test 4: email data
most common for accidental data leaks |
DLP threshold
auditing
Credit Cards, US SSN, Medical
records, and Sample data pre loaded and ready to instantly
test increments of 1, 5, 10, and 30.
Audits this month:
69
Audits today:
6
3.238.88.35
tested
0
times today and
0
times this month
|
FTP cloud client extraction testing
Test data exfiltration over FTP leverging our
external FTP testing client.
FTP uploads this month:
76
FTP uploads today:
6
3.238.88.35
tested
0
files today and
0
files this month |
Find stats for a specific IP:
|
|
|
---trusted partner test site---
---------------------- Fight ransomware and phishing
with our email fraud testing platform!
|
|
|
|
DLP testing since 2011 |
|
|
Most data leaks are sourced
from Shadow IT or personal file storage, personal email,
and personal chat apps. This type of leakage is what we test
for on this site.
The other cause of large
data breaches is ransomware and data stealing malware
that executes as the user. The large majority of these
threats come through fraudulent email. Test email fraud
defenses at
emailSpoofTest.com
Another is a direct attack
on cloud apps or physical infrastructure. Direct
attack is risky and difficult for an attacker and
relatively rare.
By preventing your data
from going to unknown destinations on the web you can
prevent shadow IT and data misuse. Use this site to test
all of the different ways data can be leaked to an
untrusted destination.
|
|
|
There are 2 major ways data
is leaked;
1) Internal Theft (Users being users)
a. Sending Data where it should not go
b. Tricked
into sending Data where it should not go
2) External theft (Bad
people being bad)
a.
Attacking the user (see item 1)
b.
attacking infrastructure
|
|
|
As outlined above, data risk is mostly from users and sometimes
"bad actors". The bottom line is; if you can prevent an "insider" from misusing the data then an attacker
or malware will also be under the same data constraints
|
|
|
|
|
|
Federal agencies and
Enterprises of all sizes use this site to test the ability to
leak or exfiltrate sensitive data by uploading data out to
dataleaktest.com servers.
This site is also used
by these agencies for mandatory DLP solution validation
for Governance, Risk, and Compliance (GRC) frameworks
such as: HIPAA, PCI DSS, ISO 27002, NIST 00-53, CIS CSC
Top 20, COBIT5, ITIL, FERC/ NERC, NIPSOM, and UL 2900.
The site is also
popular for proof of concept (POC) / product evaluations to
compare efficacy of competing solutions
like Symantec, McAfee, Digital Guardian, Forcepoint, Fidelis to
name some of the most popular.
The tests on this site
challenges the ability for an organization to prevent and detect
sensitive data leaks.
The most common data exfitration
methods are: user error, unsecure business processes, shadow IT,
insider threats, IOT, compromised assets, malware & bot based
data theft. |
|
|
|
Medical industry DLP challenges (6 min)
|
|