RepKnight adds Dark Web monitoring to Splunk, IBM QRadar and LogRhythm

By 4th June 2018News

Dark Web monitoring company RepKnight has integrated its BreachAlert Dark Web monitoring platform with three of the world’s leading security intelligence platforms — Splunk, IBM QRadar and LogRhythm — allowing customers to receive BreachAlert notifications directly into their core Security Operations Centre platforms, and correlate Dark Web data with in-house network activity.

The news follows RepKnight’s recent launch of a REST API for the enterprise edition of its BreachAlert dark web monitoring tool to support integration with market-leading security information and event management (SIEM) and IT service management (ITSM) platforms.

Splunk, IBM QRadar and LogRhythm are the top 3 vendors in Gartner’s current Magic Quadrant for Security Information and Event Monitoring, which puts the SIEM market size at $2 billion annually.

The Gartner report also highlighted that “organisations are failing at early breach detection, with more than 80% of breaches undetected by the breached organisation.” RepKnight believes that fewer than 1% of organisations are currently monitoring for leaked data being posted outside their network.

RepKnight CEO Jeremy Hendy explains: “Large organisations invest a lot of resource to prevent data breaches from their own networks. But that doesn’t help detect breaches of corporate data that’s already outside the firewall – sitting on the networks and endpoints of thousands of their clients, suppliers, and business partners. It only takes one of those third parties to suffer a breach, and highly sensitive information can rapidly propagate onto dump sites, forums, and Dark Web marketplaces – often with disastrous consequences to your reputation.

“RepKnight’s vision is to look after your data, not just your network. Our BreachAlert SaaS platform makes it easy for organisations of any size to proactively monitor for their data being leaked online. For our larger customers, integrating BreachAlert feeds into their SIEM platform is a natural step. As well as simplifying their incident response workflow, the integration allows Dark Web activity to be correlated with what’s happening inside the network.”

In contrast with generic Threat Intelligence feeds, BreachAlert searches for targeted data that is specific to the organisation, such as corporate email credentials, client lists, IP addresses of critical infrastructure, or keywords relating to brand, product or app names. The SIEM integration allows this data to be automatically correlated with in-house network activity – for example,  to detect an insider posting sensitive data to a dump site from inside the network.

Many attacks on the company network start with compromised login credentials – often resulting from hacks to a third party website where a member of staff has signed up with their work email address and reused a password. BreachAlert can provide live feeds of compromised credentials directly into the SIEM, allowing leaks of staff or client login credentials to be addressed as quickly as possible.

BreachAlert also features an interactive historical database of more than 6 billion compromised credentials, enabling in-house incident response teams to quickly determine if credentials have been previously exposed.

BreachAlert scans the Dark Web and hundreds of other paste, dump, and bin sites used by cybercriminals to exchange, buy and sell corporate data. The platform works like a burglar alarm — alerting customers in real time as soon as their data appears on the dark web. Fully cloud-hosted, it requires no on-site installation and can be configured by customers in minutes.

RepKnight will be demonstrating the integrations at Infosecurity Europe, 5th-7thJune, Olympia (stand B240).