Scribd Logo
Upload

Welcome to Scribd!

  • Your Security Score Is:: How Do You Perform Against Sensitive Data Exfiltration Attempts?

    Uploaded by

    Scribd User
    18 views5 pages
    Your security score is 55/100. You failed tests related to preventing data exfiltration through credit card numbers, office documents, IBANs, and PDFs. You passed some but failed other tests related to blocking known and unknown malware, phishing attacks, and zipped malware. You passed all tests related to blocking malicious websites, cookie/script attacks, downloads, adult/embargoed sites, and securing ports/protocols at the firewall level.

    Original Description:

    Original Title

    report

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Your security score is 55/100. You failed tests related to preventing data exfiltration through credit card numbers, office documents, IBANs, and PDFs. You passed some but failed other tests related to blocking known and unknown malware, phishing attacks, and zipped malware. You passed all tests related to blocking malicious websites, cookie/script attacks, downloads, adult/embargoed sites, and securing ports/protocols at the firewall level.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views5 pages

    Your Security Score Is:: How Do You Perform Against Sensitive Data Exfiltration Attempts?

    Uploaded by

    Scribd User
    Your security score is 55/100. You failed tests related to preventing data exfiltration through credit card numbers, office documents, IBANs, and PDFs. You passed some but failed other tests related to blocking known and unknown malware, phishing attacks, and zipped malware. You passed all tests related to blocking malicious websites, cookie/script attacks, downloads, adult/embargoed sites, and securing ports/protocols at the firewall level.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    YOUR SECURITY SCORE IS:

    F
    55/100

    How do you perform against sensitive data exfiltration attempts?


    Data Loss Prevention

    0/20
    Fail
    Are you able to stop leakage of Credit Card numbers?
    This test determines whether your security solution is capable of identifiying and blocking
    exfiltration attempt of number combinations that match the format of credit card numbers(i.e
    4111 1111 1111 1111).

    Fail
    Are you able to stop leakage of sensitive Office Documents?
    Sensitive information like socail security numbers, source codes, IP/MAC addresses and credit
    card informations can be exfiltrated from your network by saving them to Office Documents.
    This test determines whether your security solution can block such attempts or not.

    Fail
    Are you able to identify leakage of IBAN information?
    This test determines whether your security solution is capable of identifiying and blocking
    exfiltration attempt of number combinations that match the format of IBAN.
    Fail
    Are you able to identify leakage of sensitive information via
    PDFs?
    Sensitive information like social security numbers, source codes, IP/MAC addresses and credit
    card informations can be exfiltrated from your network by saving them to PDF documents. This
    test determines whether your security solution can block such attempts or not.

    How do you perform against web-borne Advanced Threats?


    Advanced Threat Protection & Content Filtering

    35/60
    Fail
    How do you perform against a known malware?

    This test determines whether your security solution is capable of blocking known malware.
    Even tough signature based solutions are not capable of providing 100% protection, a gateway
    antimalware system can help you prevent infection from "known bad".

    Fail
    Are you able to block a Zero-Day Attack?

    This is one of the most important test you should take for assessing your security solution. This
    test determines whether your security solution is capable of blocking Zero-Day Attacks. Your
    security solution must be capable of blocking "unknown" softwares that has no signatures in
    signature based antimalware databases.

    Pass
    Are you able to block a Phishing Attack?

    This test determines whether your security solution is capable of identifiying and blocking
    phishing attacks by using a valided phishing site on Phishtank.com.
    Pass
    Are you able to block a Botnet?
    Infected(Zombie) endpoints or systems try to "callback" their Command and Control Servers for
    downloading malicious softwares and take control of entire networks. This test determines
    whether your security solutions is capable of blocking "callback" attempts to validated C&C
    Servers.

    Fail
    Are you able to download a zipped malware?

    Attackers frequently try to hide malicious softwares by zipping it multiple times as most of the
    solutions only analyze incoming softwares in the first depths within the archieve. This test
    determines whether your security solutions is capable of blocking malicious softwares that are
    zipped multiple times.

    Pass
    Are you able to access a malicious website?

    This test determines whether your security solution is capable of blocking a website that is
    known for hosting malicious softwares.

    Pass
    Are you able to block cookie stealing attemps and cross-site
    scripting?

    XSS attacks are used for injecting malicious code into known good sites for using them as hosts
    for the malicious intent of the attacker.This test determines whether your security solution is
    capable of blocking such infected sites or not.

    Pass
    Are you able to Drive-by Downloads?

    Drive-by attacks are used for unintentionally downloading malicious software onto your system
    using vulnerabilities on your browsers. This test determines whether your system is capable of
    blocking such attacks.

    Pass
    Are you able to access Adult Websites?

    This test determines whether your security solution is capable of blocking access to websites
    that are categorized as Adult.

    Pass
    Are you able to access websites and services hosted in
    embargoed countries?
    Companies want to block access of their users to embargoed countries' hosted services for
    complying with US and EU regulations. This test determines whether your security solutions is
    capable of blocking such attempts.

    Are you able to secure your all ports and protocols at the gateway?
    Firewall

    20/20
    Pass
    Are you able to block attacks coming from all ports and
    protocols?

    This test determines whether you have open and unmonitored ports facing internet. Securing
    only Web Protocols would not be enough for stopping attackers to gain access to your system
    as all ports and protocols can be used for malicious intents. Security solutions must be capable
    of preventing attacks happening on all ports and protocols.

    Pass
    Are you able to block secure shell access(SSH) attempts?
    Attackers can open remote shell access to your critical assets for gaining access into your
    network.This test determines whether your security solution is capable of blocking such SSH
    connections.

    Pass
    Are you able to monitor and block requests sent to your high
    ports?

    This test determines whether you have open and unmonitored non-standard ports which can be
    used by attackers to gain access in to your systems.

    Pass
    Are you able to block remote desktop requests?

    This test determines whether your security solution is capable of blocking remote desktop
    attempts coming from internet.

    You might also like