SpyCloud’s early warning solution raises alerts on detection of compromised employee or company assets. The company leverages a combination of human intelligence and SpySight engine, an automated scanner, to acquire leaked or stolen assets that are in the hands of threat actors. Last year, over 10 billion compromised assets were collected and approximately 50 million new records are added weekly. “Once the data is collected, we parse, normalize, de-duplicate, validate, crack passwords, analyze, and enrich the records to ensure the information is valuable to our customers,” adds Ross.
Helping protect credentials, SpyCloud offers a web portal where users can enter website domains, email addresses, and other company information in the watchlist panel to receive historical breach exposure reports instantly. SpyCloud monitors the “underground” for stolen assets that match the watchlist and sends instant alerts to users. The solution provides the full context of each record—the passwords, source, and a description of the breach. To prevent ATO for employees, enterprises can leverage SpyCloud’s automated Active Directory monitor tool, which can be installed on any device connected to Active Directory Services. The tool compares stolen assets of active users and forces a password reset once a positive match is detected.
By providing a set of actionable and easy to integrate ATO prevention tools, our customers are able to effortlessly integrate SpyCloud into their existing security workflows and see instant ROI
Enterprises can integrate SpyCloud’s API into their existing customer login solutions to identify customers with exposed credentials and reset their password. The API is user-friendly and fully documented, it includes console access to test different queries and provides the code snippets needed for integration into various systems.
On detecting infected users, firms can make use of SpyCloud API’s more sophisticated functionality to effectively thwart attacks. “SpyCloud prevents identity theft and fraud by detecting when accounts have been compromised by botnets and malware, and proactively resetting accounts or triggering additional security challenges,” explains Ross. In addition, SpyCloud provide Maltego transforms for interactive data mining and rendering graphs for fraud investigations. The tool can be used for online investigations to find relationships between pieces of information from various sources located on the internet. Investigators can pivot on a username, password, IP address, or email and find a wealth of data to research breaches and threat actors.
“The threat of Account Takeover keeps rising year after year. We are laser-focused on preventing cybercrime as it relates to these attacks to prevent account fraud, reputation damage, and intellectual property theft for our customers,” says Ross. “By providing a set of actionable and easy to integrate ATO prevention tools, our customers are able to effortlessly integrate SpyCloud into their existing security workflows and see instant ROI,” concludes Ross.