We hope to prevent data breaches. But if the worst happens, it’s way better to detect it yourself instead of finding out when your CISO gets a call from a reporter.
CapitalOne found out about the alleged Paige Thompson breach by a concerned netizen tipping them off via their Responsible Disclosure program. It’s not clear from the Complaint how long Thompson held on to the data before posting it. But in the kindest analysis, it looks like Capital One was notified soon after the data was posted to GitHub. Kudos to Capital One and the netizen for a responsible disclosure program that worked.
But could we do better? What if we could search the web and find our intellectual property, credentials, customer or employee data as soon as it is (yikes) posted?
Technology for accomplishing just that is an up and coming area of innovation. In this real training for free event, we will examine various techniques and compare their efficacy and assess the potential for added risk due to the law of unintended consequences.
Some techniques for detecting stolen data were pioneered by the entertainment industry trying to protect against pirated content.
But the security dynamics of finding confidential information is very, very different. You don’t want to expose your data in the process of trying to find it out there.
We will look at at least 3 different techniques for leaked data detection:
- Searching for wildcard strings
- Searching for the data itself
- Searching for hashes of the data
Security is never simple though. One key wrinkle is distinguishing whether customer or employee data found out there on the Dark Web or general Internet, is from your systems or some other network. We will dive into these issues and more.
Terbium Labs is our sponsor and Dee Liebenstein, who specializes in data loss detection, will help me deliver this real training for event and briefly show you how their Matchlight solution monitors for your specific data on the dark web, while maintaining full privacy of that data.
Join us for this real-training-for-free session.