What is dlptest.com used for?

DLPTest.com is a Data Loss Prevention (DLP) testing resource that focuses on testing to make sure your DLP software is working correctly. If DLP has been installed correctly and the DLP policies have been built correctly, this website can be used to demonstrate your data is be protecting. Data Loss Prevention is typically broken into three vectors called Data-In-Use (DIU), Data-At-Rest (DAR), and Data-In-Motion (DIM). DLPTest.com currently has features to test Data-In-Use and Data-In-Motion.

What is Data-In-Use?

Data-In-Use also known as Endpoint Protection requires installing an Endpoint Agent on the user computers. The Endpoint Agents should be installed on laptops, desktops, and virtual desktops such has Citrix VDI. Once the Endpoint Agent has been installed the DLP software can be setup to monitor different channels. Most vendors support USB transfers, CD/DVD burning, moving data from Network Shares, monitoring web browsers (IE, Chrome, Firefox), FTP transfers, and cloud storage as supported channels for monitoring.

What is Data-In-Motion? 

Data-In-Motion is the ability to monitor traffic on the network including but not limited HTTP, HTTPS, FTP, and SMTP. Data-In-Motion is typically broken into 3 different modules in order to integrate with different parts of the network. The simplest module is the Network Monitor which most vendors require a physical server due to limitation with virtual network cards and the Network Monitor monitors traffic using a SPAN port or Network Tap. The major limitation with Network Monitor is that it can only look at unencrypted traffic so it is unable to view HTTPS and SMTP over TLS. Most security vendors state that 60% to 80% of all enterprise network traffic is encrypted at this point. In order to get more insight into with encrypted traffic there are the Email Prevent and Web Prevent modules. Email Prevent should sit in line in between the email router (Exchange) and the edge MTA (Email Gateway) to monitor outbound email traffic. Web Prevent is used to integrate with a Web Proxy using the ICAP protocol to monitor HTTP, HTTPS, and FTP traffic. Some vendors offer Web Prevent built into their Web Proxies to help simplify the deployment.