Breach detection tool gets thumbs-up from Big Three
Monitoring the dark web for dumps of your business’s corporate data just got a little easier, with the world’s three leading security monitoring platforms all now having enabled integration of UK-based RepKnight’s “BreachAlert” platform, six weeks after the company released its API integration.
Gartner Top Three current vendors (Magic Quadrant for Security Information and Event Monitoring, or SIEM) IBM QRadar, LogRhythm and Splunk have all made integration possible, RepKnight said in a statement issued today.
BreachAlert searches for data specific to a business, including corporate email credentials, client lists, IP addresses of critical infrastructure, or keywords relating to brand, product or app names across the dark web and other paste and dump bin sites used to buy and sell illicit corporate data.
RepKnight CEO Jeremy Hendy said: “Large organisations invest a lot of resource to prevent data breaches from their own networks. But that doesn’t help detect breaches of corporate data that’s already outside the firewall — sitting on the networks and endpoints of thousands of their clients, suppliers, and business partners. It only takes one of those third parties to suffer a breach, and highly sensitive information can rapidly propagate onto dump sites, forums, and dark web marketplaces.”
(As Computer Business Review reported in April, a colossal 12TB of data – including confidential intellectual property, penetration test results and other sensitive files in the cloud – can be pulled from exposed Amazon S3 buckets, rsync, SMB, FTP servers, misconfigured websites, and NAS drives.
Digital Shadows found that 1.5 billion files were exposed across the internet’s most ubiquitous file sharing services, with sensitive IP, security audits and network and infrastructure details among the files publicly accessible online.
Europol Launches Dark Web Investigations Team
The integration, which will help simplify incident response workflow on SIEM platforms, comes days after the European law enforcement agency Europol announced that it was setting up a dedicated Dark Web Investigations Team.
The team will deliver a “complete, coordinated approach: sharing information, providing operational support and expertise in different crime areas and the development of tools, tactics, and techniques to conduct dark web investigations and identify top threats and targets”, Europol said in a release.
“The team also aims to enhance joint technical and investigative actions, organise training and capacity-building initiatives, together with prevention and awareness-raising campaigns – a 360° strategy against criminality on the dark web.”