When it comes to password breaches on public sites like Adobe, LinkedIn and Yahoo!, there are some known knowns. For instance, there’s a decent chance those credentials will end up for sale on a black market site on that mysterious part of the internet known as the “Dark Web.”
That matters for a couple of reasons. First of all, research suggests that a lot of folks use the same password across multiple sites. Chances are those credentials could be sold and recycled as a means of getting into your system too.
But what if you had a tool that let you reach into the dark corners of the web and find any credentials from your domain, or specific email addresses, like, say, your executives, who have access to the most sensitive information in your company.
That’s what the partnership between AlienVault and SpyCloud has been designed to do. The free SpyCloud plug-in monitors sites and forums on the Dark Web and lets your company know when credentials matching your domain show up. Your company could launch a workflow that forces the user to change that password. If you are a SpyCloud customer, you can click through and find additional details about the breach right inside the AlienVault dashboard.
SpyCloud claims it finds data nobody else can (pdf). “Eighty percent of the data we acquire is privately held, as it cannot be found by scanners, scrapers or web crawlers.”
AlienVault is able to offer services like this because of changes it made to its architecture to allow plug-ins called AlienApps. Typically, these have allowed customers to connect their existing security toolset to show information inside the AlienVault dashboard. This one is a bit different in that it’s providing information about stolen credentials, regardless of whether you are a SpyCloud customer or not.
Jeff Olen, product manager at AlienVault, says finding stolen passwords is something they’ve been thinking about for some time, and the new architecture made it much easier to experiment with different solutions. “The Dark Web is something we were looking at. We talked to a lot of customers and we found there wasn’t a lot of awareness. When we laid out the problem, people got it very quickly,” he said.
The SpyCloud plug-in enables companies, even when they don’t have a big staff, to track this kind of information in a security tool they were using anyway, and for AlienVault customers, that could prove very useful.