Data Leakage / SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster
Lauren Place
Read More From Lauren Place
November 23, 2020 | 5 Min Read

BACKING UP…INTO A DITCH

I am a terrible driver. While I’ve sat through Driver’s Ed courses, studied physics and trigonometry, possess a general knowledge of how a car should be positioned to park, and am extremely well-intentioned in my execution of parallel parking, the end result has sometimes landed me… in a bad situation. The same could be said for the employees and third parties who may be transferring and backing up your company’s sensitive files to publicly-accessible sources.

In today’s digital era, files must be stored and accessible from many locations. More often, they’re backed up to a cloud-based service or transferred to or through a third party, but even the world’s best endpoint security, proxies, and CASBs can’t stop all these leakage mistakes.  Well-meaning employees and contractors may think of these methods as secure, but threat actors are actively hunting for these online file repositories and transfer services because they know mistakes happen. In a 2019 scan we conducted across 17 million file repositories, often used for backing up data, over 2 million of them had been encrypted by ransomware.

Additionally, in our most recent global report on misconfigured file exposures, over 2.3 billion files were exposed in the last year across SMB-enabled file shares, misconfigured network-attached storage (NAS) devices, File Transfer Protocol (FTP),Rsync, and Amazon S3 buckets— of which an estimated 500 million files are exposed documents.

Exposed documents are a critical part of data leakage detection, and we’re pleased to announce some updates to our detection coverage capabilities and user interface that make SearchLight the best solution to uncover at-risk documents that have been exposed online.

SECURITY FOR YOUR MARKED, TECHNICAL, AND COMMERCIAL DOCUMENTS

SearchLight not only includes the detection of marked documents—documents with protective markings, DLP identifiers—but also technical and commercial documents which can include security assessments, product designs, legal documents, payroll data, etc that are often unmarked.

SearchLight also assesses the content of each exposed document and assigns it a category as well as a risk score based on your organizational priorities of each category— whether legal-related, personnel-related, financial, etc.

Technical Categories (3):

  • Product (technical requirements, UI designs, product road map, etc)
  • Infrastructure (IT network schematics, office floor plans)
  • Security (security assessments, pen tests, etc)

Commercial Categories (7):

  • Financial (corporate tax documents, sales forecasts, bank statements, etc)
  • Legal (NDAs, partnership agreements, contracts)
  • Personnel (payroll data, staff lists, employee credentials, etc)
  • Project (risk registers, business cases, audit reports, etc)
  • Purchase (order forms, purchase orders or requests, sales contracts, etc)
  • Sale (order forms, purchase orders or requests, contracts, etc)
  • Resale (order forms, purchase orders, or requests)

GET MORE COVERAGE, BOTH FILE SOURCES & FILE TYPES

This release extends our coverage to include documents that sit within an archive file (.zip) as well as all common forms of business documents. We index from several different sources including file stores such as Amazon S3, SMB, FTP, and RSync. You can see a comprehensive list below:

Types of files:

  • Archive files (.zip)
  • PDFs (.pdf)
  • Documents (.doc, .docx, .odt, .rtf)
  • Spreadsheets (.xls, .xlsx, .ods)
  • Presentations (.ppt, .pptx, .odp)

Sources of exposure:

  • Online file stores, such as Amazon S3, SMB, FTP, and RSync
  • Web index folders and CDNs.

REDUCE DUPLICATED WORK WITH GROUPING ALERTS OPTIONS IN TRIAGE

Oftentimes, there are many exposed documents within a single online file store, creating a cumbersome number of the same tasks to be performed to mitigate the exposures.  SearchLight users can now have a succinct view of their document exposure by using the  “Group by source” feature which combines all related document alerts into one group. Teams can then review key details and document screenshots for all alerts efficiently and complete state changes for many alerts all at once. 

In addition to viewing alerts and context by group, users can also commit bulk actions such as adding attributes to allowlists and exporting alert details to .csv or.xlsx files. The addition of these grouping options makes it so much easier for teams to assess risk and action on exposures of a misconfigured file store.

UNIQUE DEPTH OF INFORMATION WITH SOURCE EXPLORER

Each alert comes with pertinent information such as company or brand name, source type, file type, document category, file metadata and domain information (matched against Webroot and Google SafeBrowsing). Your team can also download all the context of the alert into a single PDF file.

In addition to the context provided within the alert, you can venture further with our Source Explorer and see where the file was found, when the document was last seen, whether it’s still online and documents associated with that file— even with SMB and FTP file stores. Gone are the days of spending time tracking down the actual file online, figuring out what else was in there. Now you can instantly know where the file was detected as well as the original author and creation date from the alert.

SAVE TIME ON REMEDIATION

Access playbooks from within the exposed document alert that will help you triage the alert and forgo initial steps of analysis. In addition to expert-advice playbooks, SearchLight offers options for immediate action such as managed takedowns of the document or file at risk and actions for post-incident activity to guide teams on security best practices in the long-term.

LEARN HOW SEARCHLIGHT CAN HELP

Ultimately, these updates within SearchLight will assist your security team in gaining market-leading coverage of exposed documents, accessing rich context from these alerts, and triaging alerts efficiently and effectively in no time.

If you want to see SearchLight in action or test how SearchLight can protect your organization from leaked documents, find out more here.

Tags:
REvil: Analysis of Competing Hypotheses

REvil: Analysis of Competing Hypotheses

July 28, 2021 | 15 Min Read

BACKING UP...INTO A DITCH I am a terrible...
SearchLight Reduces Domain Triage by 75%

SearchLight Reduces Domain Triage by 75%

July 21, 2021 | 5 Min Read

BACKING UP...INTO A DITCH I am a terrible...
Q2 Ransomware Roll Up

Q2 Ransomware Roll Up

July 20, 2021 | 9 Min Read

BACKING UP...INTO A DITCH I am a terrible...
REvil Ransomware: What’s Next?

REvil Ransomware: What’s Next?

July 15, 2021 | 10 Min Read

BACKING UP...INTO A DITCH I am a terrible...