Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/23/2020
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Digital Shadows Launches Sensitive Document Alerts With Added Context

New capabilities within SearchLight(TM) to detect exposed sensitive but not protectively-marked technical and commercial documents, including product designs and payroll data

London and San Francisco, November 23, 2020 - Digital Shadows, the leader in digital risk protection, has today launched new capabilities to alert its customers to potential document exposure. Misconfigured file stores containing companies’ sensitive documents are highly sought after by cybercriminals, due to the high value of the material they contain. Some examples found by Digital Shadows include payroll data, company tax documents, and proprietary product designs.

Sensitive documents are typically password-protected, are encrypted, or can only be opened by the intended recipient with log-in credentials. While these controls can be effective, sensitive documents are frequently compromised in transfer or back-up processes and then are widely traded by cybercriminals.

Digital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says "private and confidential" or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.

Additionally, the new alerts contain context on the documents’ contents, providing clients with greater insight as to the severity of the alert. If a technical document is leaked, for example, the alert will note that it is a product-related document and assign it a high risk-prioritization score. Further context will also include when the document was last seen – and whether it is still online. Lastly, clients will receive domain information and file metadata, which can help to understand the original author and creation date of the misconfigured file store.

Russell Bentley at Digital Shadows explains: “Every day more product designs, security assessments, and payroll data are exposed online – and organizations have no idea. We give them new visibility into this problem and provide the best ways to mitigate the risks.”

The new capabilities discover ten document categories. Seven pertain to ‘exposed commercial documents’ and include alerts and insights for exposed financial, legal, personnel, and project information. For technical documents, there are three categories for infrastructure, products, and security. These new alert types benefit from SearchLight’s existing document discovery and analysis technology such as the ability to discover documents that sit within an archive file (such as a .zip).

ABOUT DIGITAL SHADOWS

Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more, visit www.digitalshadows.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27886
PUBLISHED: 2021-03-02
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
CVE-2016-8153
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8154
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8155
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8156
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.