New capabilities within SearchLight™ to detect exposed sensitive but not protectively-marked technical and commercial documents, including product designs and payroll data
Digital Shadows, the leader in digital risk protection, has today launched new capabilities to alert its customers to potential document exposure. Misconfigured file stores containing companies’ sensitive documents are highly sought after by cybercriminals, due to the high value of the material they contain. Some examples found by Digital Shadows include payroll data, company tax documents, and proprietary product designs.
Sensitive documents are typically password-protected, are encrypted, or can only be opened by the intended recipient with log-in credentials. While these controls can be effective, sensitive documents are frequently compromised in the transfer or back-up processes and then are widely traded by cybercriminals.
Digital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says “private and confidential” or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.
Additionally, the new alerts contain context on the documents’ contents, providing clients with greater insight as to the severity of the alert. If a technical document is leaked, for example, the alert will note that it is a product-related document and assign it a high risk-prioritization score. The further context will also include when the document was last seen – and whether it is still online. Lastly, clients will receive domain information and file metadata, which can help to understand the original author and creation date of the misconfigured file store.
Russell Bentley at Digital Shadows explains: “Every day more product designs, security assessments, and payroll data are exposed online – and organizations have no idea. We give them new visibility into this problem and provide the best ways to mitigate the risks.”
The new capabilities discover ten document categories. Seven pertain to ‘exposed commercial documents’ and include alerts and insights for exposed financial, legal, personnel, and project information. For technical documents, there are three categories for infrastructure, products, and security. These new alert types benefit from SearchLight’s existing document discovery and analysis technology such as the ability to discover documents that sit within an archive file (such as a .zip).