Story image

RepKnight adds dark web monitoring to top 3 SIEM vendors

04 Jun 2018

Today RepKnight announced the integration of its BreachAlert Dark monitoring platform with Splunk, IBM QRadar, and LogRhythm.

Gartner’s current Magic Quadrant for Security Information and Event Monitoring (SIEM) listed these vendors as the top three in the industry, with the market worth US$2 billion annually.

According to RepKnight, what the integration effectively means is that customers of these vendors will now be able to receive BreachAlert notifications directly into their core security operations centre platforms and correlate dark web data with in-house network activity.

The company says this integration couldn’t come soon enough, as the aforementioned Gartner report also asserts that “organisations are failing at early breach detection, with more than 80% of breaches undetected by the breached organisation.”

RepKnight CEO Jeremy Hendy says the reason for this is simple – the company believes that less than 1 percent of organisations are currently monitoring for leaked data being outside their network.

“Large organisations invest a lot of resource to prevent data breaches from their own networks. But that doesn’t help detect breaches of corporate data that’s already outside the firewall — sitting on the networks and endpoints of thousands of their clients, suppliers, and business partners,” says Hendy.

“It only takes one of those third parties to suffer a breach, and highly sensitive information can rapidly propagate onto dump sites, forums, and dark web marketplaces — often with disastrous consequences to your reputation.”

Hendy says what makes BreachAlert unique from other threat intelligence feeds is that it searches for targeted data specific to the organisation, like corporate email credentials, clients lists, IP addresses of critical infrastructure, or keywords relating to brand, product or app names. Furthermore, the SIEM integration allows the data to be automatically correlated with in-house activity.

“RepKnight’s vision is to look after your data, not just your network. Our BreachAlert SaaS platform makes it easy for organisations of any size to proactively monitor for their data being leaked online,” says Hendy.

“For our larger customers, integrating BreachAlert feeds into their SIEM platform is a natural step. As well as simplifying their incident response workflow, the integration allows dark web activity to be correlated with what’s happening inside the network.”

According to RepKnight, many attacks on businesses begin with compromised login credentials that often result from hacks to a third party website that an employee has signed up for with their work email address and a reused password.

Its BreachAlert platform has been designed to address staff or client login credential leaks to be addressed as soon as possible by providing live feeds of compromised credentials directly into the SIEM, in addition to an interactive historical database of more than 6 billion compromised credentials.

The solution scans the Dark Web and hundreds of other paste, dump, and bin sites used by cybercriminals to exchange, buy and sell corporate data, to then alert customers in real-time as soon as their data appears on the dark web.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.