At Enzoic, we understand the need for threat intelligence that allows both businesses and users to take action to keep themselves safe. Effective threat intelligence for compromised credential screening involves constant evolution, discerning reconnaissance, and real-time analysis and deployment. Unfortunately, most threat intelligence services are vague and laconic, relying on misleading statistics and alarmist reports as veneers for validity. Nearly everyone who has used an identity monitoring service has seen alerts like “Your email has been found on the Dark Web” or “Your Personal Information has been Compromised in a Data Breach”. If you’ve received one of these, what did you do next? Often, there’s no action you can take at all except perhaps staying alert. Many of these alerts are triggered by automated systems constantly rehashing the same data as it is traded between threat actors on forums, or uploaded to different file-sharing systems. Consequently, users suffer alert fatigue and the severity of the issue becomes a cause of complacency.
Enzoic’s industry-leading threat research provides real-time, actionable data collected 24/7/365 by a comprehensive combination of human and automated research. Our threat research team constantly identifies new platforms, channels, and data exposures, often obtaining and processing data months before popular breach notification services. But collecting data is just the first step. To transform huge amounts of data into anti-ATO action, our threat research team uses proprietary systems to identify the highest-risk data (e.g. emails, passwords), extract it, and make it available so that affected users can be securely notified of exactly which credentials were breached. If these credentials are the same (or similar) as ones used for business accounts, administrators can implement automatic steps to lockout accounts or force password changes. So, if one of your employees’ credentials is picked up by our systems on a hacking forum or anonymous chat platform for instance, you will be able to protect your business from threat actors seeking to exploit this entry-point vector.
While many ‘breach notification’ companies are indiscriminate about the data they collect, or focus only on large exposures, Enzoic’s broad reach is tuned to the most active threat sources, quickly filtering out repeat and irrelevant information. In addition to obtaining the large exposures, our research team identifies and monitors channels that threat actors use to share data for the express purpose of ATO, and constantly scans file-sharing services known to host newly posted account credentials. For example, sometimes passwords are shared as just a few lines in a chatroom; although this may not be a large ‘breach’, it only takes one compromised account to give a threat actor the foothold they need. Consequently, our systems are constantly scanning and parsing even the smallest communications for targeted threat data to deliver the most current and encompassing protection possible.
An active defense requires specific threat knowledge, but also broad understanding and integration with the threat landscape. Among Enzoic’s many systems for threat intelligence are honeypots that allow us to monitor threat actor behavior in real-time and build an up-to-the-minute understanding of the exact behavior we can help our clients defeat. A honeypot is a computer system or network set up to appear vulnerable, attracting attacks from threat actors in ways that allow part of the attack to succeed, but not enough to compromise the system. Meanwhile, monitoring software runs in the background and “watches” the attack, collecting information on the hacker, such as IP address, attack vectors, and credentials they use to attempt access. By cross-referencing the compromised data we collect with the statistics from honeypots, we can better understand the full threat landscape and provide deeper insights for both our research team and our clients.
Enzoic’s tools for cybersecurity professionals provide secure, real-time solutions for protecting your network against compromised credentials. Our plugins and API provide NIST-compliant protection and decrease user friction compared to prevalent (but ineffective) methods like mandated regular password changes. As a business, protecting your network starts with your employees, and Enzoic’s cutting-edge, specialized research and software are a crucial part of the strong security posture that a business must establish in today’s world.
By: Dylan Hudson