DLP Validation and Testing||
Your public IP address is: 220.127.116.11; more info
Updated Feb 14, 2020
SSL is: off ; more info
How Data is Stolen
In this article we won't detail the process of data theft but rather the methods. We don't believe teaching the public how to steal and not get caught is a good idea so we will focus on the theft tech....
Data Encryption: usually the first step in stealing data. Collect the data and use a tool such as winzip/ 7zip/ winrar/ etc. to "zip" up multiple files into a single encrypted file. Once the file is encrypted the bad guy know that the data can no longer be detected or viewed without the decryption key or password.
Open VPN: Open (open source) VPN (Virtual Private Network) is a private tunnel that leverages PSK (pre shared keys) to privately share information across the web. The Open VPN protocol can be detected by network inspection tools (by protocol signature) but the contents of the tunnel cannot be viewed. Bad guys often use custom/ non-standard encryption keyson keys which also can be detected by some of the more advanced malware detection tools.
FTPS and SSH: protocols that cannot be inspected for data content by any network based data security tool. FTPS and SSH use a shared secret technology or PSK (pre shared keys) and sometimes called "client side certificates". These technologies do not use PKI (Public Key Infrastructure) which is used in HTTPS and the reason we can inspect HTTPS/ SSL.
Catching the Thief (Insider Threat)
Data Encryption: Data Endpoints can be configured to monitor and block critical information from being packaged with data encryption tools. Unfortunately very few companies do this. As a whole the company should also keep track of and control where encrypted files are allowed to go. Doing these 2 things will catch many thieves and bots.
Open VPN: Monitor and block open VPN connections with custom or non-standard encryption. Monitor and control the destinations of VPN technologies with a good Web Security solution.
FTPS and SSH: for these protocols that cannot be inspected at the network layer we employ the Data Security Endpoint. Endpoint typically will view and control the data that these FTPS and SSH tools have access to. The data Security Endpoint will control what data can and cannot be accessed by the FTPS and SSH tools.