Every time you read about a major data breach, the company was losing data for several months or years before they knew about it. Even after a full forensics review, it’s often unknown exactly how long the network had been compromised. Why does this keep happening? Because organizations do not sufficiently test their egress controls.

As security professionals, we spend the majority of our time and resources on the keeping the bad guys out, but what happens if a system is compromised or there’s an insider threat on your network? How well protected are you from the internal network back out to the Internet? Can your current security controls detect data being siphoned out of your network?

For most organizations, the answer to all of those questions is typically “I don’t know.” Stratum’s XFIL tool can quickly provide you with the information to answer those questions.

What is XFIL?

XFIL is a patented data exfiltration tool that simulates how hackers transmit data from an organization’s network. XFIL simulates 260+ methods that data can leave your network in the event an internal system is compromised. It essentially simulates an Advanced Persistent Threat (APTs) and automates the testing of your security controls including egress filtering, Data Loss Prevention (DLP), Security Operations Centers (SOCs) and MSSPs (Managed Security Services Providers). XFIL provides an innovative approach to bring the simulated attack full circle and provides valuable insight into your ability to detect an actual breach.

XFIL Analysis is provided as a standalone assessment or as part of a comprehensive Stratum penetration test engagement. The assessment will:
o Test and validate your network security controls such as MSP, proxies, IDS/IPS, DLP, firewalls etc.
o Emulate an attacker’s attempts to exfiltrate sensitive data from your network.
o Begin with simple file transfers, then increase sophistication using non-standard ports and protocols
o Test using encryption, advanced tunneling and customizable data for their environment
o Identify blind spots from the inside of your network out to the Internet

XFIL Assessments

One of the great things about XFIL is that it can be leveraged in a variety of different ways and customized for your environment to target only those risks that you are most concerned with. In a standard XFIL engagement, Stratum will perform exfiltration testing to assess your susceptibility to data exfiltration attacks. The exfiltration test will simulate the various techniques commonly used by hackers to steal data undetected from an organization’s networks.

XFIL Assessments test the following network security controls:
o Intrusion Detection and Intrusion Prevention Systems (IDS/IPS)
o Egress Rules
o Proxy Configurations
o Content filtering
o Data Loss Prevention (DLP)
o Incident monitoring and detection

XFIL assessments include data types considered sensitive by your organization to better simulate a data breach. Standard data types included are: SSN, CHD, PII, and PHI. You may also select custom data or representative of your proprietary data. Examples of this are known keywords or files that that should flag in your DLP system and/or be detected by your SOC or MSSP.

The exfiltration techniques start with simple methods such as emailing documents and data types and progresses to more complicated techniques using DNS tunneling. Exfiltration techniques include, but are not limited to:
o Protocol templates (HTTP, HTTPS, FTP, and more)
o Encryption templates (DES, 3DES, AES)
o Data type templates (PHI, PII, PCI, SSN, and more)

XFIL assessments include:
o Network Identification
o Data Exfiltration Testing
o Exfiltration Event Correlation
o Analysis and Reporting

To learn more about Stratum XFIL, please contact us at info@stratumsecurity.com