Digital Shadows Improves SearchLight Security Tool

By Sean Michael Kerner  |  Posted 2016-05-18 Print this article Print
Digital Shadows

The new update to the cyber situational awareness platform enhances the detection of typosquatting and breached credentials.

Digital Shadows is improving its flagship SearchLight data analysis platform, enabling users to more easily detect breached credentials, as well as typosquatter domains. Digital Shadows is in the business of helping organizations with security intelligence in a bid to improve cyber situational awareness.

The SearchLight platform was originally launched in the United States on Sept. 21, 2015, and has benefited from incremental improvements ever since.

"There are many incremental, ongoing updates we make for Digital Shadows SearchLight, such as increased source coverage, incident processing and improvements to the portal's user interface," Alastair Paterson, CEO and co-founder of Digital Shadows, told eWEEK. "The capabilities we have released this week mark fundamental changes to the way we provide situational awareness to organizations."

As an example, Paterson said SearchLight has always searched for instances of credential compromise, but now with the update, Digital Shadows can ascertain if the credentials are part of a previous breach and if they are duplicates.

"Having this new information at our fingertips helps us to set better severity levels for our clients so they can better prioritize how they deal with incidents," he said.

The way the credential compromise technology works is Digital Shadows searches across a wide range of sources for instances of credential compromise. Those sources include "paste sites," which include not only Pastebin, but also many other paste sites such as Ghostbin and Pastee. Paterson noted that information is also collected from dark Web forums as well as code sharing sites and even social media sources.

"Constantly monitoring all of these sources allows us to detect leaked credentials wherever they may crop up online," he said. "The true value, however, comes in the context we provide alongside the instances."

Digital Shadows' new breach database enables the validation of the credentials to understand the threat posed to the organization, according to Paterson. As such, Digital Shadows clients receive instances of credential compromise that have been assessed by the Digital Shadows intelligence operations team, who strip out false positives and place them in context.

There are many ways in which Digital Shadows validates whether compromised credentials constitute a threat.

"For example, we can take an organization's password policy to assess if the leaked credentials match these rules," Paterson explained. "With our breach database, we can understand if these credentials are recycled or unique."

Paterson added that his company is also constantly monitoring threat actors so that if a group or individual releases credentials, it can provide an assessment of the credibility and threat level posed. In addition, Digital Shadows clients can register VIPs such as senior executives and board members or high-risk technical staff like system administrators to look for potential credential compromise.

"Based on what the client cares about, we alert them at different severity levels and through email-based alerts, as well as our SearchLight portal," Paterson said.

With the new SearchLight update, typosquatting domains—Web domains that are spoofed based on a simple typo in a bid to trick users—can be identified.

"The ability to detect spoof profiles on social media, targeting on IRC [Internet Relay Chat] channels, as well as typosquatting domains means that we provide more comprehensive cyber situational awareness," Paterson said.

The new typosquatting feature searches for permutations of domains that an organization wishes to monitor, he said. The searches will typically bring back a high number of results, many of which will not constitute a threat.

"Our intelligence operations team will sift through these domains and use tools to assess the domain registry, site content and possible motivations," Paterson said. "This means that when we alert our clients, the alerts are relevant and free of false positives."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel