DLP Policy Testing Tool
Use this tool to safely check if your DLP solution is configured and functioning correctly. Try it with your own data, or use our sample PII and payment card data. If your upload is successful, then your DLP policy is not functioning correctly and your endpoint is at risk of data egress.
Test HTTPS Post
A request method supported by the HTTPS protocol for submitting filled-in forms, updating databases, and uploading files to the server. Sensitive data can be lost when completing a web form or uploading a file to a web server. Check to see if your DLP policies are able to block this type of action.
NOTE: HTTPS Post is a request method supported by the HTTPS protocol for submitting filled-in forms, updating databases, and uploading files to the server.
Test HTTP Post
A request method largely implemented in HTML files for submitting filled-in forms, updating databases, and uploading files to the server. Sensitive data can be lost when completing a web form or uploading a file to a web server. Check to see if your DLP policies are able to block this type of action.
NOTE: HTTP Post is a request method supported by the HTTP protocol for submitting filled-in forms, updating databases, and uploading files to the server.
FTP Test
FTP is an unsecure way to transfer files and does not meet compliance requirements of data protection standards. Data sent via File Transfer Protocol (FTP) can be vulnerable. Check to see if your DLP policy blocks FTP uploads.
Frequently Asked Questions
Testing DLP policies
Data Loss Prevention solutions help to prevent sensitive data from being lost beyond your organizational controls. In many cases, the loss of data such as PII, PHI and payment card data can result in regulatory fines and reputational damage, so it’s important to ensure your DLP policies are configured correctly. Use this tool to check whether your policies are configured correctly and able to prevent data egress from the endpoint.
What is a DLP policy?
Data Loss Prevention solutions rely on a set of policies to determine how, and when certain data types can be shared or moved by employees. DLP policies are typically built around the types of data that you want to protect (e.g. PII, PHI, PCI data), and the exit points that are monitored for potential exfiltration. These can then be applied to individual computers, users, groups, or at a company-wide level.
How does the DLP Testing Tool work?
You can use this tool to evaluate whether your DLP policies are performing as expected across endpoints (please ensure that your policies are set to “block”). DLP solutions such as Endpoint Protector can prevent data exfiltration from a number of different exit points - spanning removable USB storage, printers, Bluetooth connections, email, cloud uploads and more. For simplicity, this DLP testing tool monitors file uploads through HTTPS, HTTP and FTP protocols. These are common protocols for submitting forms, and uploading files to a server or cloud storage.
Why use the DLP Testing Tool?
The purpose of a DLP policy is to prevent the unauthorized exfiltration of sensitive data. If policies are not correctly configured, or if your DLP solution is not correctly installed, then they can fail. This can put your data at risk of accidental loss, or theft, or a wider data breach. This tool can help to validate new, or revised policies, and ensure you are meeting your data compliance obligations.
What type of data can I test?
Security is important to us. So, to make things easy, we have included sample PII, and payment card data. We highly recommend that you do not share your own live / production data. Please note that data sent through the form is not processed, nor stored on our servers; and files uploaded through the form are automatically deleted after the POST command executes. Files uploaded through FTP are automatically deleted after 2 minutes.
What if the DLP test fails?
If you were able to successfully post data using the DLP Testing Tool, it’s important to check your DLP policy configuration and try again. If you would like to evaluate Endpoint Protector as an alternative to your existing DLP solution, please request a demo.