In cybersecurity, there is always the demand for better visibility: better visibility of threats, of traffic, of employee activity, and of what the future could bring.
One company Infosecurity was recently introduced to that is taking steps in the area of online visibility is Cybersprint. Led by CEO Pieter Jansen and with a team including cybersecurity specialists Eward Driehuis and Richard Betts, the company launched five years ago with a platform that can take a brand name and automate the discovery and risk exposure of the involved assets.
Essentially, this is about knowing what your footprint is, the two men explained, as there are all types of misuse of brands when it comes to phishing campaigns. “We enable an organization to see its footprint from an adversary’s point of view,” Betts said.
The company formed from Jansen’s experience of working with banks and them trying to get a handle on where their brand was being used, or misused, and the product was designed to put in processes to determine the footprint and ultimately automating those that process. “Pieter knew what the problems were and knew what the solutions were, and created a solution,” Betts said.
“What makes us unique is how we look at a customer. If we look at some of our competitors, they are using huge volumes of data that scan from the internet, and then try and make sense out of all of those petabytes of data to try to make it relevant to the customer, which ultimately means loads of false positives. We’re very brand-specific, so we’re always looking from the perspective of the brand looking out, so our accuracy is high and our pedigree is from that visibility point of view.”
Driehuis added that when “you get the results and we put all the stuff in a bag on the desk, people would say ‘it’s fine that you found all this stuff, but people are becoming weary of findings, and we have two other bags of findings over here!’” Essentially he was saying: it’s one thing to do a determination of how much a brand is “spread,” but it’s another to actually be able to deal with it all. He said this needs to be about translating visibility into relevance, prioritization and automation.
“We enable an organization to see its footprint from an adversary’s point of view”
What is the company’s offering then? Driehuis said the focus is on “finding digital footprints” to determine risk online, and this can be a combination of factors, including your website, domain, server, device, social media or third party. “What we’re really good at is finding that stuff; we look at all the sources where we can collect that information and correlate it to see where stuff comes from” in order to determine a company’s footprint.
He said: “We can also look at logos with fuzzy hashing to see if a company is using your logos, and see indicators that tie other domains to you. We create that footprint, which is everything a brand has, and the only input we need is the brand name.”
He claimed this was the “brand’s magic” as companies can find it hard to determine genuine and fake websites, so using AI and “finding this stuff is such a big benefit for companies to have a base of all the access that we have” enabling them to build a program on complete visibility “which is always a wise thing.”
Driehuis explained that all these factors are run through risk monitoring which allows for better prioritization of risks, “as no one wants another bag of misery on the desk.”
He also said that the company had added automation capabilities to the product, including playbooks, advanced programming and API integrations, and operating in this way “is becoming a safety net to allow agile operations and continuously deploying new servers,” keeping a handle on areas such as Shadow IT.
“The brand was built from the adversary’s point of view, and we look from the outside in”
Betts said what interested him initially was seeing the product being used at a major European bank, “and what got me excited was a company’s digital footprint exploded during COVID-19, as cloud service use expanded and digital transformation was driven at breakneck speed, and focus was on digital risk protection.”
He also explained that Cybersprint’s focus on “solving particular problems” was what interested him about the company, after many years working for some noted vendors in the threat intelligence space. “The brand was built from the adversary’s point of view, and we look from the outside in – as an adversary group would look at an organization, and what got me excited was that this is a startup with 50 people with good traction across financial services.”
He said the product is commonly used for “policy governance and to make sure changes and mistakes that put the bank at risk don’t happen.” He added that you can and try and track down and repair servers, but the idea of this is that you can build playbooks to consolidate reports, change policy to configure and use Cybersprint to make sure these policies had taken effect, dealing with the mistakes that have happened.
Betts added that if you’re able to control your brand, “it is easier to identify the things that are not your brand” and what doesn’t follow corporate standards. “One of our customers is using us for brand compliance, so they are looking at fonts and images, and that also rolls into GDPR compliance where cookies may be loaded before acceptance, insecure forms etc.” he said.
A consolidated view is also needed to understand risk posture, and these are related to the digital footprint, and Betts said companies are just understanding this. He said as a scan is done initially of public information “we don’t sell on fear, but customers some insight as most don’t have any insight into the extent of the footprint.”
What about the visibility side of things; how much of this is about seeing what is on the web and having control of where your brand spreads? Betts repeated that “if you cannot see it, you cannot manage it” and as more domains are spun up, a company finds it harder to control them, and shut them down once they are no longer needed. Subdomain take over is an example or even old sites where certs have expired.
“This is one of the challenges of the technology, that there are so many parts trying to narrow in on the problems they have, and sometimes we see so many things to focus on that prioritization is a big part of this,” Betts said.