Shine a Light on the Dark Web with USM Anywhere

August 8, 2017 | Jeff Olen
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Ask any security professional what keeps them up at night, and it won’t be long before the conversation turns to compromised user credentials. And research suggests that there are good reasons for this. According to the latest Verizon Data Breach Investigations Report, a whopping 81% of hacking-related breaches leveraged either stolen or weak passwords.

Establishing and communicating a policy to promote good password hygiene for your company is an obvious and necessary first step. However, the risk of compromised credentials extends well beyond the immediate control of your organization. Employees are adopting more and more cloud-based services, which are only sometimes sanctioned by IT, and using their corporate e-mail addresses when signing up. To add to the risk, password reuse continues to be an all too common practice, with many using the same credentials across multiple accounts and services. Given these trends, it’s a safe bet to assume that you don’t have full control over what happens to your users’ credentials or visibility into all the places that these could be stored.

So, what happens when one of these cloud services gets hacked? Well, let’s just say it’s not good, as it could be months, or even years, before that breach is discovered and disclosed. Meanwhile, these stolen credentials could have been bought and sold on the “dark web”, a haven for cybercriminals that – due to its illicit nature – is exceedingly difficult for most organizations to monitor.

Introducing the AlienApp for Dark Web Monitoring

AlienVault USM Anywhere addresses the compromised user credential problem with its new AlienApp for Dark Web Monitoring. Taking advantage of the extensibility of USM Anywhere, the AlienApp for Dark Web Monitoring is powered by technology from SpyCloud, a pioneer in breach discovery. By extending the USM Anywhere platform with the expert human and machine intelligence provided by SpyCloud, you can quickly identify when your users’ credentials have been compromised, and immediately take action to mitigate risk.

The AlienApp for Dark Web Monitoring provides monitoring for all e-mail addresses related to a domain, along with monitoring for up to 10 individual email addresses, such as those of executives and other high-risk targets in your organization.

Now, let’s take a closer look at how it works.

As with all AlienApps, USM Anywhere customers do not need to purchase or download anything additional to leverage this functionality – the AlienApp for Dark Web Monitoring is available immediately within USM Anywhere.

To begin monitoring the dark web for compromised credentials, navigate to the AlienApp for Dark Web Monitoring configuration screen (under Settings | AlienApps). Enter your company’s domain name to monitor all email addresses related to that domain, along with up to 10 individual e-mail addresses that you wish to monitor for compromise. For both domains and e-mail addresses, you will need to verify ownership before monitoring will be enabled.

Once you have set up your watchlists and confirmed ownership of the domain and/or e-mail addresses, USM Anywhere will automatically query the SpyCloud breach database every 24 hours. If any of your employees’ credentials have been newly exposed in a breach, USM Anywhere will raise an alarm with the following information:

  • The e-mail address of the exposed credentials
  • Whether the breach has been publicly disclosed
  • Whether the exposed password is hashed or stored in cleartext
  • Whether the credentials have been seen in a prior breach
  • Whether the credentials were obtained through an infected machine with a key logger

Armed with information about the nature of the breach and the extent of exposure presented directly within the USM Anywhere interface, you can immediately take action to minimize the risk to your organization from corporate credentials that have been compromised and discovered in the dark web.

Try It for Yourself

The AlienApp for Dark Web Monitoring joins a growing collection of AlienApps, including Office 365, Cisco Umbrella, ServiceNow, Okta and more. AlienApps now not only enable deep integrations with security products you already have, but also extend the threat detection and response capabilities of USM Anywhere with embedded functionality from companies like SpyCloud that are at the leading edge of today’s most challenging security problems.

The AlienApp for Dark Web Monitoring is included for all USM Anywhere customers at no extra charge. Start a Free 14-Day Trial of USM Anywhere today to see how AlienApps can help your organization shine a light on the dark web and take threat detection and response to the next level.

Jeff Olen

About the Author: Jeff Olen, AlienVault
Jeff joined the AlienVault product management team in 2016, with a primary focus on the USM Anywhere platform. He has more than 15 years of experience managing award-winning software products in a variety of industries including security, education, legal and digital media.
Read more posts from Jeff Olen ›

‹ BACK TO ALL BLOGS