Security teams should know when employees are being phished from a common source. They should also know when their brand is being hijacked and used on social media for God-only-knows-what-purpose. And they should most definitely be aware of fake promotions tricking customers to visit malware-laden sites. Dealing with these situations should be a total lay-up for security teams – and yet, it is not.
The challenge is that these threats typically occur outside the normal security team purview. They have found a home in that murky realm of social networking, mobile applications, and on-line collaboration tools found outside the grasp of the traditional security tools being used today. Even hybrid cloud security controls procured by the CISO team are poorly positioned to detect these threats.
So, my recent chat with Evan Blair, co-founder of ZeroFox, seemed especially relevant to current CISO concerns. I called Evan, because while I knew that external brand protection has been available for some time, it is rarely highlighted by cyber security teams. I wanted to know why – and Evan explained three platform advances that should tip the balance in favor of improved digital risk monitoring by enterprise teams:
Platform Automation. Early brand protection tools seemed less like platforms, and more like curtains hiding teams of shady investigators trolling the Dark Web. While professional investigation remains central to brand protection, vendors such as ZeroFox have created light, simple SaaS solutions with powerful automation capabilities that increase incident accuracy and reduce mitigation cycle times.
Improved Connectors. The digital risk industry has made external brand threats more visible through virtual connectors to SIEMs, log management systems, and SOC hunting platforms. ZeroFox, for example, offers connectors to a list of security companies that looks like the booth assignments at RSA. This is good news for CISOs, because it helps connect outside threats to inside security infrastructure.
Beyond Scraping. Many of you might equate brand protection with the infamous process of scraping. Evan helped me understand that with advanced machine learning algorithms, open API-based platform communications, and improved relationships with social media providers, ZeroFox and other vendors now have more powerful means to identify digital risk. This is also good news for our industry.
I believe that all enterprise security teams should immediately review their budget planning and consider adding a monthly subscription to this sort of service in their 2018 allocation. It’s only a matter of time before the regulators and auditors notice that this vital control is missing. So, it’s not whether you’ll be doing digital risk monitoring, but rather when.
(PS: By the way, our country should sponsor digital risk monitoring at the national level. Social media risks to our major institutions are growing – and most solutions involve asking other countries to please knock it off. Good luck with that. We’d be much better served by listening to experts like Evan Blair from ZeroFox and improving our national digital risk controls.)