Unified Digital Risk Management Against a Global Threat

In a time when it’s hard to imagine how the world could be more politicized and divided by geographic boundaries, the internet remains a unifying force. More than 4.5 billion people around the world are active internet users,[i] and while most people use the internet for good—to work, to interact with friends and family, for access to goods and services, for research purposes—a certain percentage of the population will always be lured to the idea that exploiting the boundary-less nature of the internet is a mere matter of knowing where to look and what to look for.

The internet is essentially an open platform that makes it easy for a cyber criminal in, say, Syria to target an executive in Japan, based on who that executive is, what company that person works for, and what information they have access to. All it takes is a little know how and a few vulnerabilities in systems, software, or humans and the criminal can find stolen or leaked passwords, intellectual property, financial information, and much more.

Exposing exposure

In early 2013, Erwan Keraudy, Steven Keraudy, and Matthieu Finiasz discovered a new way to scan the internet for leaked and stolen credit card numbers. Their goal was to help prevent fraud and financial loss by letting consumers know when their card data was exposed on the internet. The system worked so well that they had soon collected 1 million credit card numbers. While happy that the tool was effective, the trio realized that the scope of the problem was too extensive for a business focused on selling or providing information directly to consumers. As such, they formally founded CybelAngel and pivoted to working with banks, helping the banks find data leaks about their customers and the misconfigurations that led to exposure.

CybelAngel was more than a dark web scan or Shodan search, and the co-founders knew they could build out a platform to help organizations identify sensitive data exposure—from intellectual property to financial and customer information, and threats against high-profile executives. Today, CybelAngel scans the internet at all layers (surface, deep, and dark web), looking for targeted information based on keyword searches. The platform ingests more than 1 billion documents and ~3 million keywords per day, providing extensive coverage for the company’s customers.

The platform works, said Todd, Carroll, CISO at CybelAngel, “by using our proprietary machine learning algorithms to search through metadata. Once the platform finds the relevant metadata, it’s scored and an alert is sent to administrators. The reason this tool is so powerful is because we don’t have to look at a thousand documents and send a thousand alerts. We only look at what’s most relevant to each customer based on their settings and what’s within their risk tolerance. It’s not about the ‘most’ data; it’s about what’s most important.”

Machine learning-assisted identification

And Carroll should know a thing or two about finding the needle in the haystack. As a retired Deputy Special Agent in Charge with the FBI, Carroll worked in national security and counterterrorism before moving into cyber security. His work had him investigating foreign intrusions into U.S. companies’ systems; managing insider threat, espionage, and intellectual property investigations; and improving intelligence collection method and data analysis. A little over a year ago, he transitioned to the private sector to become CybelAngel's CISO.

“When I met the founders, I knew this was an opportunity to do something different. We’re a global company supporting over 100 organizations around the world, and we’ve never churned a customer,” Carroll said during our briefing. “What companies need to know about their data, their customers, their systems—there are no boundaries. If you have connected devices, you’re at risk. Our platform not only scans the internet for data, but looks at where the data is stored, how it’s transferred, how it can be accessed—by authorized users and criminals alike—and provides the information on where a data leak is coming from.” Thus, the goal for the team at CybelAngel isn’t data gathering on their customers’ behalf just to learn about exposure. It's about finding leaks, reducing the volume of alerts IT departments must investigate, and providing actionable remediation instructions that alleviate further harm.

Cross-categorization; unified focus

CybelAngel's platform falls into a space that bridges data leak prevention and digital risk management. Although not initially intended to be used to track targeted attacks against executives, the platform is a perfect fit for identifying when a high-profile person’s data has been leaked and is being shared across the internet. Similarly, CybelAngel can be used to trace domain impersonation and/or spoofing that puts reputable companies at risk of brand damage. It’s equally effective at finding exposed sensitive documents on M&A activity, intellectual property, and (of course, based on their origins) customer credit card information. From misconfigured S3 buckets to exposed MongoDBs, companies' sensitive data is ripe for the picking, and the technology homes in on where data is exposed and how criminals can get to it.

“It’s basic cyber hygiene,” said Carroll, “and not enough companies are looking closely enough at who has access to what data or how they’re sharing it.” Although in a perfect world companies could prevent threat actors from ever accessing sensitive data in the first place, the reality is that their connected landscapes are so vast and too many vulnerabilities exist that it’s inevitable some data will be leaked, either intentionally or inadvertently. CybelAngel can’t prevent an incident, but it has all the right capabilities to identify and alert on digital exposure, allowing companies to rapidly investigate, remediate, and minimize harm from over exposure.