All enterprises face key challenges in their quest to protect their organization from cyber threats. One challenge I hear consistently from security professionals is the difficulty keeping up with the volume of alerts generated by their security controls. The problem they face is that each alert needs to be analyzed and understood before a decision is made. To do that, teams are using a range of tools and information like open source feeds, specialist news or blogs, and threat intelligence sources to enrich their understanding of the alert before they can make a decision. This enrichment takes time. Unfortunately time is perhaps the scarcest commodity for security professionals because there aren’t enough of us, the number of alerts is ever increasing and the pressure is on because the costs of poor decisions are going up.

Shadow Search, the enhanced search capability we are adding to our SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) service, is all about giving a bit of time back to security teams. Our customers were telling us that the insight we provided with our Digital Shadow alerts could be really useful in support of their security operations process for alerts from other sources. When we looked at this, we felt there was an opportunity to add more information sources and scope to make the massive amounts of data from the deep, dark, and open web more accessible and discoverable from the SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) portal, better supporting these customers as they make decisions.

So I am excited that we have just launched our new “Shadow Search” capabilities, designed specifically to provide the data that security teams need to make decisions faster. Shadow Search transforms the threat intelligence search function, delivering market leading coverage and user experience. Users now have unrestricted access to a vast and expanding Digital Shadows (now ReliaQuest) content repository to investigate and pivot between data sources, threat actor information and incidents.

Shadow Search includes security relevant sources as diverse as criminal forums, reputable security blogs and dark web pages, in addition to Digital Shadows (now ReliaQuest) cyber threat intelligence (CTI) and third-party threat intelligence feeds. Organizations can use this practical and actionable information to enhance their understanding of threats, in their business context. Examples of use cases include the ability to:

  • Investigate security incidents – pivot from observed incidents on your network to gain further context about a threat or threat actors
  • Monitor global events and industry trends – access to real-time data and finished threat intelligence allows you to track threats associated with geography, sector or area of interest and stay ahead of the unfolding developments
  • Manage third party risk – identify weaknesses in your supply chain, including if a supplier has been the subject of a breach, or vulnerabilities in your software are being commonly exploited in the wild
  • Research threat information to help prioritize resource usage – detect new activity by a tracked threat actors and changes to malware campaigns to support business cases

Analysts can save their searches and return to them or subscribe to receive updates that meet their specific enterprise criteria.

Shadow Search benefits include the following:

  • Immediate access to threat data– Get instant access to raw collection when you need it.
  • Broad coverage – A vast repository of data including curated threat intelligence, content for hard to reach web sources (dark web) and more, including exploits and observables, all in one place opened up for search.
  • Relevant results – Smart filters and powerful search syntax allowing users to focus in on the information that’s most relevant to them.
  • Actionable information – Rich results with associated observables, intuitive interface, and full export enables users to make operational use of the results.

Collaborative development

Having only recently joined Digital Shadows (now ReliaQuest), I got my hands on the capability after it had been extensively trialed by our beta customers; a huge thank you goes to those who collaborated with us on that process. I found the UI intuitive, and the timeline and summary views help put the results in context.

We’ve added features like advanced filtering by source, date range and information type and export capabilities in direct response to the feedback we have had from the beta. See the screen shot above for a view of the Shadow Search interface, but only a hands-on demo really does it justice. It will be at RSA Conference for those who are attending and if you can’t make it, we would be happy to arrange a demo for you.

Our beta clients now tell us it’s easy to investigate an incident and pivot to related research and forums or research threat actors and that the unrestricted access to the original sources and proprietary Digital Shadows (now ReliaQuest) cyber threat intelligence (CTI) is very welcome. Most importantly, we are now hearing that it is saving them time.

One beta test meeting with a worldwide manufacturer particularly stands out for me: “You’ve incorporated all my requirements and suggestions; this is awesome. It will save me time and help me focus on priority research and threat investigations.”

In Summary

I think Shadow Search is a truly valuable addition to our SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) service and will help our clients to use our wealth of knowledge to investigate threats and make decisions faster, giving back valuable time to the security operations function. Learn more about Shadow Search by downloading our datasheet or requesting a demo. It will be available to all customers in Q2.

Shadow Search for Digital Shadows SearchLight (now ReliaQuest GreyMatter DRP)™