SearchLight’s Biggest Ever Update: New Ways to Discover, Contextualize, and Prioritize Digital RisksJuly 23, 2019
Since founding the company in 2011, we’ve had some memorable milestones: from the first release of SearchLight in 2014, to being named the Leader in Digital Risk Protection by Forrester in 2018. However, today’s release marks the biggest and most exciting landmark to date.
Our new functionality enables security teams to save time, frustrate their attackers, and align to known risk frameworks. What’s more, SearchLight does this instantly and continuously, giving organizations of all sizes the context they need to protect against phishing, detect data loss, and gain control of their digital footprint.
Already the leader in digital risk, SearchLight just got even better. Here’s how.
Helping to Discover Your Assets
We know that managing your digital footprint is tough – there’s a lot of sources to cover online and you can’t just rely on services that just monitor the dark web, social media, or scan your infrastructure. For example, as part of our new marked document alerts, we’ve added billions more files from public document stores. For domain impersonation alerts, we now have full support of internationalized domains. (You can find out more about our full sources here).
This is all great, but unless you know what to look for, it doesn’t really matter where you’re looking. From the folks I chat to, this is a common challenge: you can have all the data in the world, but unless it’s relevant, you’ll be wasting precious time and resources.
That’s why we’re adding in asset discovery to SearchLight. SearchLight automatically identifies domains associated with your own and populates a “proposed assets” tab. You can then opt to add these assets for monitoring. We understand it’s tricky to keep up-to-date with expanding infrastructure, so this is one way to ease the burden.
On top of this, we’ve changed our asset model to further understand what they mean to your business. Not all assets are equal – domains that hold PII or are on your critical-assets list are evidently more important to your business than others. Whether it’s a document marking, brand, company name, or domain, we enable organizations to add asset values. This helps us to understand the importance of the asset to your business, and help SearchLight to better prioritize alerts.
Rich Context For Quicker Decision-Making
For every risk alert, SearchLight provides rich context that enables you to make better decisions, faster. While this context is specific to the risk type, here’s the top five pieces of context we draw out for impersonating domains.
- Identify Risk Factors. Quickly ascertain if the domain is hosting content, has a DNS record, or has an MX record. These risk factors combine with other observables to form a risk score and help to quickly prioritize the response to the alert.
- View and Track History. Toggle through our history of website screenshots, DNS records, and WHOIS information. With this information at your fingertips, you can spend less time opening new portals, and more time responding to the alert in question. The addition of screenshot history is particularly useful; giving you a view of the content on the page, and saving you the time to visit the domain itself.
- Investigate Page Source. Occasionally websites will redirect traffic, making a screenshot difficult. That’s why we also provide the page source code – enabling you to investigate the attributes of the site and understand if it is redirecting traffic.
- Asset Match Score. Understand how similar the detecting domain is to the domain you’ve registered as an asset with SearchLight. Of course, assets are not limited to your domains: adding brand names and other identifiers help to increase the confidence.
- Domain Reputation. View the reputation score of the impersonating domain on Webroot and Google Safe Browsing, and identify if the domain has previously been identified as suspicious.
With this information at your fingertips, you can spend less time searching off-platform, and make more effective decisions.
Unsure how to respond? Don’t worry, we’ve introduced playbooks for that. SearchLight playbooks are based on the NIST “Computer security incident handling guide” (NIST Special Publication 800-61) and provides step by step advice to triage, evaluate, and mitigate risks. These playbooks are specific to, and available in, each risk type.
The third area SearchLight has changed is the introduction of risk scores, which help you to prioritize alerts. Alongside enhanced triage options, you can now more easily focus on the areas you need to.
We’ve decided to align our risk scoring method to FAIR (Factor Analysis of Information Risk), as this allows us to better map your online exposure and threat landscape with real business costs. We’ll be digging into this topic in more detail in future blogs, but the risk scores are based on a) risk likelihood, and b) risk impact.
While it’s difficult to fully understand the business impact without your knowledge of your business, our updated asset model begins to give us visibility into the value of that asset to your organization. When we combine this with the rich context we provide in the alerts, the risk score actually becomes meaningful.
Mapping your online exposure to risk provides benefits beyond prioritization. It also enables security teams to become closer to the business’ risk function. For many years, security has been a distinct function from the business. Businesses who speak the language of risk, understand the impact to the organization, but generally lack the ability to accurately convey the legitimacy and potential of those risks to decision makers.
As the industry leader, we’ve been looking to find new ways to achieve transparency between threat intelligence teams, security teams, and the decision makers. We believe that aligning our alerts to FAIR is the perfect way to begin to do this.
Learn How SearchLight Can Help
No matter what role or industry you’re in, it’s a challenge to control your digital footprint. It takes time, resources, and expertise. However, with SearchLight’s ability to discover new assets, add rich context to alerts, and prioritize based on relevant risk scores, this capability can easily be yours.
If you want to see SearchLight in action and learn more, come meet our team at Black Hat.