Data is stolen or leaked out from organizations on a regular basis to various criminal sites, often referred to as the Dark Web.
While identifying lost or stolen data on the regular web is commonplace since the data can be found, finding things on the Dark Web can be a more challenging exercise, given that resources try to remain as hidden as possible from public view. Identifying and finding personally identifiable information (PII) on the Dark Web is what Terbium Labs does, providing organizations with a managed intelligence service known as Matchlight.
“We search the part of the internet where people traffic in stolen data, this thing we call the Dark Web now, for signs of our clients’ data,” Danny Rogers, co-founder and CEO of Terbium Labs, told eWEEK. “With Matchlight, we developed a concept that we call data fingerprinting, which is a fuzzy hashing protocol where our customers hash their own data and we only operate on those hashes to find data.”
Terbium Labs was founded in 2013 and has raised $19 million in venture funding to date, including a $2 million investment from Omidyar Network announced on March 25. Rogers explained that one of the core challenges his firm was founded to help solve was finding a way to discover data that organizations didn’t want anyone, including their security partners, to be able to access.
“We want you to search for the needle in the haystack, but we can’t tell you what the needle is,” Rogers said one of his early customer engagements told him. “It’s an interesting crypto-engineering problem.”
How Matchlight Works
Rogers explained that the Matchlight system looks at PII records for employees, customers, executives and board members of an organization and then hashes all the data. A cryptographic hash is an approach that encrypts data in an effort to protect it. Rogers emphasized that Terbium Labs never actually sees the real customer PII data.
The Matchlight system then goes out onto the Dark Web, looking across different marketplaces, forums and sites for elements of data that belong to Terbium Labs’ customers. The Dark Web searching technology that Terbium Labs uses is all custom-built to find the data hashes on sites that by design don’t want to be searched or discovered.
“Unlike regular sites that want to be indexed by Google, Dark Web sites don’t want to be known,” Rogers said. “So there’s a bit of an adversarial element in trying to discover and search the sites.”
Rogers said Terbium Labs is in a sense a big data analytics company, given the complex engineering challenges it faces it identifying and analyzing Dark Web information.
Reporting
Terbium Labs has an analyst team that runs the Matchlight system for customers and provides reporting and context to help make sure there are no false positives. Customers can also get access to all the raw data via a portal.
“There’s a protocol internally to prioritize certain alerts that come through the system,” Rogers said. “We have a full-service intelligence operation.”
From a competitive perspective, Rogers said that what Terbium Labs provides isn’t traditional threat intelligence capabilities, which is something that multiple vendors offer.
“We’re not really threat-focused because we’re not looking at threat actors and malicious IP. I think that has become a commodity at this point,” he said. “We call what we do data intelligence.”
What’s Next?
Over the course of 2019, Rogers expects that Terbium Labs’ technology will improve in a number of ways. He said that one effort is to create an even more coherent experience for customers to be able to explore data collected by Matchlight.
“We do a lot of reporting and run Matchlight as a managed service, and we really want to open this up a bit for folks to able to explore a lot of the raw data underneath,” he said. “There are a lot of areas where we can continue to have further impact on the Dark Web and make the world a lot safer.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.