BlackFog 30-Day Data Exfiltration Assessment: See What Is Leaving Your Network

What the Assessment Reveals

Most organisations are shocked by the results of a 30-day BlackFog assessment. The platform reveals data exfiltration activity that no other security tool has detected: unauthorised data transfers to suspicious destinations, connections to known dark web infrastructure, data flowing to profiling and tracking networks, and communications with command-and-control servers. The assessment provides concrete, evidence-based visibility into data flows that have been occurring undetected — often for months or years.

• Unauthorised outbound data transfers from protected devices
• Connections to known malicious infrastructure and C2 servers
• Data flowing to advertising networks, analytics trackers, and profiling services
• Geolocation of data destinations — identifying transfers to high-risk jurisdictions
• Volume analysis: how much data is leaving and which devices are most active
• Threat classification: categorisation of each exfiltration type detected

The Five-Step Assessment Process

The assessment follows a structured five-step process designed to minimise disruption while maximising insight. Kyanite Blue manages every step — from initial scoping to final report delivery. The entire process requires less than 30 minutes of your IT team's time for installation, with Kyanite Blue handling all monitoring, analysis, and reporting.

• Step 1 — Licence: Kyanite Blue provides a 30-day enterprise licence key for up to 25 devices
• Step 2 — Activation: lightweight agent installed on selected devices (5 minutes per device, no reboots required)
• Step 3 — Console: Kyanite Blue configures your Enterprise Console access at console.blackfog.com
• Step 4 — Monitoring: 30 days of continuous data flow monitoring with Kyanite Blue managing alerts
• Step 5 — Report: customised report delivered with findings, risk assessment, and recommendations

Which Devices to Include

Kyanite Blue helps you select the 25 devices that will provide the most representative picture of your organisation's data exfiltration risk. We typically recommend a mix of executive laptops (high-value targets), finance team devices (financial data access), HR systems (personal data access), IT administrator workstations (privileged access), and general staff devices (representative baseline). This cross-section reveals exfiltration patterns across different risk profiles and data access levels, giving the most actionable assessment results.

The Assessment Report

The customised report delivered at the end of the 30-day assessment is designed for both technical and board-level audiences. It includes an executive summary with headline findings and risk rating, detailed technical analysis of every exfiltration type detected, device-by-device breakdown showing which endpoints are most exposed, destination analysis showing where data is flowing (by geography, organisation, and threat classification), and specific recommendations for immediate risk reduction. Kyanite Blue presents the findings in a 30-minute briefing and provides a full written report for your records.

What Happens After the Assessment

If the assessment reveals significant exfiltration activity — and in our experience, it always does — Kyanite Blue provides a clear onboarding path to full BlackFog deployment. The transition from assessment to production is seamless: the same agent, the same console, the same policies. We extend coverage from 25 devices to your full endpoint estate, configure organisation-specific policies based on assessment findings, and begin ongoing managed monitoring. There is no gap in protection between assessment and deployment.