About This Site
What is Fortrafied DLP Test?
▼
Fortrafied DLP Test is a free testing resource for validating Data Loss Prevention (DLP) solutions. It provides tools to test whether your DLP software is correctly installed, configured, and capable of detecting and blocking sensitive data across multiple channels including HTTP, HTTPS, email, FTP, clipboard, and print operations.
Is any submitted data stored or logged?
▼
No. Data submitted via HTTP/HTTPS POST forms is received by the server endpoint and immediately discarded. It is not stored, logged, or transmitted anywhere. Most tools (data classifier, regex tester, hash generator, sample data generator) run entirely in your browser with no server communication at all.
Is the sample data real?
▼
No. All sample data is synthetic and computer-generated. SSNs, credit card numbers, names, addresses, medical records, and all other data are fictitious. Credit card numbers use valid Luhn check digits so they pass format validation, but they are not real card numbers. No actual personal, financial, or health information is used anywhere on this site.
Who is this site for?
▼
This site is designed for security teams validating DLP configurations, IT administrators deploying data protection solutions, compliance officers testing data protection controls, and anyone evaluating or testing DLP solutions.
DLP Testing
What are the three categories of DLP?
▼
Data in Motion (DIM): Monitoring and controlling data as it moves across the network via HTTP, HTTPS, FTP, SMTP, and other protocols. This is handled by network DLP appliances, proxies with ICAP integration, or cloud DLP services.
Data in Use (DIU): Monitoring data being accessed, copied, pasted, printed, or screen-captured on endpoints. This requires an endpoint DLP agent installed on user workstations.
Data at Rest (DAR): Discovering and classifying sensitive data stored on file servers, databases, cloud storage, and endpoints. This involves scanning repositories for sensitive content.
Data in Use (DIU): Monitoring data being accessed, copied, pasted, printed, or screen-captured on endpoints. This requires an endpoint DLP agent installed on user workstations.
Data at Rest (DAR): Discovering and classifying sensitive data stored on file servers, databases, cloud storage, and endpoints. This involves scanning repositories for sensitive content.
Should I test in monitor mode or block mode first?
▼
Always start with monitor mode. This allows your DLP solution to detect and log incidents without disrupting data flow. Once you have confirmed that policies are triggering correctly and there are no excessive false positives, switch to block mode and re-run the tests to verify that the DLP actively prevents data exfiltration.
Why does my DLP not detect HTTPS traffic?
▼
HTTPS traffic is encrypted with TLS. For your DLP to inspect the content of HTTPS traffic, SSL/TLS interception (also called SSL inspection or SSL decryption) must be enabled on your web proxy or next-generation firewall. This requires deploying a trusted CA certificate to all endpoints so the proxy can decrypt, inspect, and re-encrypt the traffic.
What is ICAP and how does it relate to DLP?
▼
ICAP (Internet Content Adaptation Protocol) is a protocol that allows a web proxy to offload content inspection to an external server. In DLP deployments, the web proxy sends HTTP/HTTPS content to the DLP server via ICAP for content inspection. This allows the DLP to scan web traffic without being inline, reducing latency and allowing more thorough content analysis.
How do I test endpoint DLP (Data in Use)?
▼
Endpoint DLP requires an agent installed on the user's workstation. Once installed, you can test by:
1. Clipboard: Copy sensitive data and paste it into various applications
2. USB: Try copying sensitive files to a USB drive
3. Print: Attempt to print documents containing sensitive data
4. Screen Capture: Try taking screenshots of sensitive content
5. Cloud Upload: Attempt to upload sensitive files to cloud storage services
Use the Clipboard Test and Print Test pages to assist with these tests.
1. Clipboard: Copy sensitive data and paste it into various applications
2. USB: Try copying sensitive files to a USB drive
3. Print: Attempt to print documents containing sensitive data
4. Screen Capture: Try taking screenshots of sensitive content
5. Cloud Upload: Attempt to upload sensitive files to cloud storage services
Use the Clipboard Test and Print Test pages to assist with these tests.
What is the difference between EDM and regex-based detection?
▼
Regex-based detection uses regular expression patterns to identify data that matches a specific format (e.g., XXX-XX-XXXX for SSNs). It detects any data matching the pattern, which can lead to false positives.
Exact Data Matching (EDM) uses hashed fingerprints of actual sensitive data records. The DLP solution hashes each cell/field of sensitive data and matches against content being transmitted. EDM is much more precise because it only matches against known sensitive data, dramatically reducing false positives. However, it requires importing a structured data source containing the actual sensitive data.
Exact Data Matching (EDM) uses hashed fingerprints of actual sensitive data records. The DLP solution hashes each cell/field of sensitive data and matches against content being transmitted. EDM is much more precise because it only matches against known sensitive data, dramatically reducing false positives. However, it requires importing a structured data source containing the actual sensitive data.