Premium Digital Risk Protection

PRESENTER: Organizations phase constant threats from threat actors, targeting their brand to inflict damage. Premium digital risk protection enables security teams to detect attacker infrastructure before it's operationalized, disrupt an attacker's ability to create an outbound channel, prevent harvesting and exfiltration of data, and take action to minimize risk and potential damage.

At Anomali, we searched the open deep and dark web for potential phishing URLs or similar brand domains, suspicious or expiring certificates and domains, sub domains unintentionally exposed, and domain hijacking. To help you identify improperly-shared materials, we monitor multiple sources for leaked credentials, code, documents, and emails. Finally, we monitor and report on fake Twitter accounts, rogue mobile applications, and trademark application filings or changes that may threaten your brand.

You can operationalize your compiled exposure intelligence right along with your threat intelligence. Let's take a look at the indicators of leaked code documents and emails. We see several types of indicators we can look at, including suspicious code on GitHub, employee email addresses, and an Amazon S3 bucket that has public access. Let's look at that one.

You can see here that we found an S3 bucket that has anomalies name in the URL. The description explains the challenge. Fortunately, there are no files in there right now. We get some details on the exact location and URLs for this information.

And easy access to information on how to remediate this if someone is posing as our company, and then there's a great recommendation on protecting our information. If we think something nefarious is going on here, we can start an investigation and pull in other information that might be related to identify an underlying cause or potential attack.

And finally, we can mark this as triaged to remove this from review in the future after we've addressed the issue. Let's take a look at the information from GitHub. That sounds a bit scary. Is our code out there? This tells us that Threat Stream was found on a GitHub repository that is not our own. It also tells us that the file name includes 10-K, so it might be a public document. But we want to verify.

Let's do a quick search to see where our name appears in this document. Yes, it appears we are simply listed as a competitor in this 10-K. Let's mark this as triaged so we aren't alerted to this specific indicator again in the future. There you have it, Anomalies Premium Digital Risk Protection. For more information, contact your sales representative or see our website at www.anomali.com.