What is Digital Risk Protection?Digital Risk Protection is the practice/process of protecting your organization against ever-evolving Digital threats. These Digital Threats could originate from the Surface, Deep and Dark web as a source, Including the Brand Threats and Vulnerabilities/Misconfigurations on the Internet exposed Infrastructure. Digital Risk Protection combines mapping, monitoring, mitigating, and managing the impact on critical digital assets, ensuring business operation and brand reputation is preserved. According to Gartner, “These solutions (Digital Risk Protection Services) provide visibility into the clear (surface) web, dark web, and deep web sources to identify potential threats to critical assets and provide contextual information on threat actors and the tactics and processes utilized to conduct malicious activity.”* *Emerging Technologies and Trends Impact Radar: Security, Published on 30 September 2020, Midrange Impact, Digital Risk Protection Services (DRPS), Analysis by Ruggero Contu – (Gartner subscription required)
Why Digital Risk Protection is an investment and not a cost?Digital Risk Protection is a proactive defensive strategy that should be pursued by organizations of any size and scale to counter threats, avoid unnecessary cost, improve operational efficiency and recover lost revenue that might happen due to brand reputation loss. Organizations can expect significant ROI across all the above-mentioned tenets. According to Gartner, “By 2025, the target audience for digital risk protection services (DRPS) will increase to 10%, up from 1% today.” The report further adds, “The increasing interest in DRPS has been driven by DRPS ability to support a broad range of use cases and roles. Demand for DRPS has also been driven by the accessibility of such an offering for those small and midsize enterprises that originally could not benefit from TI services due to lack of specialized skills and resources on security. This is because of the less technical and more accessible nature of the intelligence made available by many DRPS providers.”** **Gartner, Emerging Technologies: Critical Insights in Digital Risk Protection Services, Ruggero Contu, Elizabeth Kim, 2 July 2020 – (Gartner subscription required)
Why CloudSEK’s XVigil for Effective Digital Risk Protection Service?CloudSEK’s XVigil platform is an AI-powered Digital Risk Protection platform. It helps clients assess their security posture in real-time from the perspective of an attacker. XVigil scours thousands of sources (across the surface, deep and dark web), to detect cyber threats, data leaks, brand threats, identity thefts, etc. CloudSEK XVigil’s unified threat monitoring apprehends threats posed on the surface web, deep web, dark web, brand, and infrastructure. First, the platform discovers and blueprint the client's digital fingerprint, without manual effort, using 23+ techniques to unearth all their assets, including sub-domains, IP addresses, web applications, etc. These assets are the keywords that enable the XVigil platform to detect threats such as malicious mentions, source code leaks, data leaks, fake domains, rogue applications, and more. CloudSEK XVigil machine learning algorithms then analyze the detected threats, filter the noise, and prioritize them based on severity. Clients then receive near real-time alerts, which their security and operations team can leverage to prioritize remediations and strengthen their overall security posture. Trusted by more than 55 organizations across the globe including leading banks, e-commerce, and technology companies use XVigil to proactively detect leaked data and pre-empt risks targeting their brand and online/ offline assets. CloudSEK XVigil Supports wide-ranging use-cases across Cyber (Surface, Deep and Dark web), Brand, and Public Infrastructure monitoring.
UsecasesA few of the most valued use-cases are listed below:
- Cyber: Source code / Repositories leaks, Server credential leaks, VIP Users / Board member credential leaks, Business email compromise attacks, 3rd Party Data leaks, Deep and Dark Web monitoring – Marketplace, Forums, Paste Sites, Telegram and IRC Conversation Monitoring, YouTube hacking tutorials, Credit/Debit Card Leaks (For Banks only), etc.
- Brand: Fake Domains / Phishing Sites, Rogue / Fake Mobile Applications, Fake Customer Care number / Customer care number Scam, Fake Social Media Pages / Brand Pages, etc.
- Public Infrastructure/ Attack Surface: Misconfigured Web Applications, Defacement Monitor, Asset Inventory, Regular SSL Scan, Open Port Scan, etc.