Today RepKnight announced the integration of its BreachAlert Dark monitoring platform with Splunk, IBM QRadar, and LogRhythm.
Gartner’s current Magic Quadrant for Security Information and Event Monitoring (SIEM) listed these vendors as the top three in the industry, with the market worth US$2 billion annually.
According to RepKnight, what the integration effectively means is that customers of these vendors will now be able to receive BreachAlert notifications directly into their core security operations centre platforms and correlate dark web data with in-house network activity.
The company says this integration couldn’t come soon enough, as the aforementioned Gartner report also asserts that “organisations are failing at early breach detection, with more than 80% of breaches undetected by the breached organisation.”
RepKnight CEO Jeremy Hendy says the reason for this is simple – the company believes that less than 1 percent of organisations are currently monitoring for leaked data being outside their network.
“Large organisations invest a lot of resource to prevent data breaches from their own networks. But that doesn’t help detect breaches of corporate data that’s already outside the firewall — sitting on the networks and endpoints of thousands of their clients, suppliers, and business partners,” says Hendy.
“It only takes one of those third parties to suffer a breach, and highly sensitive information can rapidly propagate onto dump sites, forums, and dark web marketplaces — often with disastrous consequences to your reputation.”
Hendy says what makes BreachAlert unique from other threat intelligence feeds is that it searches for targeted data specific to the organisation, like corporate email credentials, clients lists, IP addresses of critical infrastructure, or keywords relating to brand, product or app names. Furthermore, the SIEM integration allows the data to be automatically correlated with in-house activity.
“RepKnight’s vision is to look after your data, not just your network. Our BreachAlert SaaS platform makes it easy for organisations of any size to proactively monitor for their data being leaked online,” says Hendy.
“For our larger customers, integrating BreachAlert feeds into their SIEM platform is a natural step. As well as simplifying their incident response workflow, the integration allows dark web activity to be correlated with what’s happening inside the network.”
According to RepKnight, many attacks on businesses begin with compromised login credentials that often result from hacks to a third party website that an employee has signed up for with their work email address and a reused password.
Its BreachAlert platform has been designed to address staff or client login credential leaks to be addressed as soon as possible by providing live feeds of compromised credentials directly into the SIEM, in addition to an interactive historical database of more than 6 billion compromised credentials.
The solution scans the Dark Web and hundreds of other paste, dump, and bin sites used by cybercriminals to exchange, buy and sell corporate data, to then alert customers in real-time as soon as their data appears on the dark web.