Digital risk protection should be able to provide your business with information about the activities of others that threaten your security. Those threats can come from hacker teams, con artists, doxers, or disgruntled employees.
Here is our list of the five best data risk protection platforms:
- CrowdStrike Falcon Intelligence ReconThis threat intelligence service provides data in two formats: an intelligence report and a feed of actors and indicators. There is also a managed version available.
- CyberAngel An external threat assessor is a data protection platform and offers intelligence to guard against account takeover and third-party risk.
- ZeroFOX This service platform provides intelligence and runs a disruption network that shuts down attacker infrastructure.
- Proofpoint Digital Risk Protection A platform of services that scans for plots against a company by hackers who have already acquired digital identities and insider information.
- Intsights Threat Intelligence Platform A service provided by Rapid7 supplies information on potential attacks and an automated threat intelligence feed.
The digital risk protection might come in a threat intelligence feed, Dark Web research to find mentions of your digital assets or lists for sale that include identities from your business. Other digital risk protection systems implement active protection through blocks on access and activity tracking.
The definition of digital risk protection is broad because the range of threats that your business faces is extensive.
Managing digital risk
Digital risk is the likelihood of damaging consequences from connectivity. It is a vulnerability that is propagated by several internet-related data-sharing strategies. If there are channels available to disclose information, businesses have to ensure that they aren’t used for malicious purposes that will compromise their data security.
So, managing digital risk involves exploiting data-sharing channels while also controlling exactly what information can be passed over them, to whom, and for what purpose. The first step in managing any risk is identifying exactly what the threat is.
Types of digital risk
Take a look at the categories of threats that your company needs to address. These are classed as digital risks. Each type of digital risk needs a different approach to manage it and reduce the threat.
Here are the types of digital risk that you need to manage:
- Cyber security
- Insider threats
- Data leaks
- Cloud systems
- Third-party risk
- Data privacy
Cybersecurity and insider threats can be managed in tandem. These risks relate to malicious activities of individuals who get into your system or are already there. Data leaks refer to accidental disclosure either through operators being tricked or indiscrete.
Automation and cloud systems can be poorly organized so that they don’t correctly impose security. Operators don’t feel they need to scrutinize these systems because they assume that these facilities exist to remove responsibility from the need for human inspection.
Third-party risk is a failure in risk management in an associated business. For example, errors made by a supplier, such as a storage host, can impact the buyer’s security. In addition, the collective responsibility for data privacy means that a business can fail the requirements of data privacy standards due to the mistakes made by associated companies.
Compliance is necessary to win business. Failure to gain accreditation means that your business can be seen as a risk to other organizations that will not do business with you. Compliance is like a certification that tells other businesses that you are a low-risk company trusted.
Resilience expresses a company’s preparedness for a disaster. This is implemented through continuity strategies both for stored data and for the business as a whole. The resilience factor can also refer to the public relations and reputation recovery that a business needs to go through to recover its good name after a disaster, such as a catastrophic data disclosure event that attracts terrible publicity.
Addressing digital risk
Digital risk protection (DRP) systems focus on the issues surrounding the first six of the risk categories outlined above: cyber security, insider threats, data leaks, automation, cloud systems, and third-party risk. Data privacy and compliance are usually addressed by systems known as data governance services and consent management systems. Resilience is the realm of business continuity planning and is also addressed by data backup systems.
DRP systems are synonymous with threat intelligence. They can be delivered in research, which includes Dark Web scans, or they can be formatted for automatic processing in threat detection systems. Data loss prevention systems usually address data leaks, but DRP also covers this category of risk. Similarly, while automation and cloud systems can be a form of third-party risk, they can be managed by other tools, such as vulnerability scanners.
Combatting digital risk also involves tightening up operating procedures and educating employees about keeping safe on the internet. Data theft strategies can start outside of the company’s control through spamming employees on their private accounts on social media and email. Some tricksters even establish personal links with employees of a target business through dating and hobby sites.
The best digital risk protection platforms
Focusing on threat intelligence feeds, you need to decide whether you want a service that will produce threat intelligence in the form of a report or a feed that is linked to a data loss prevention (DLP) package. It is also possible to get a threat intelligence feed that can be automatically linked to a DLP system that a third party provides.
Our methodology for selecting a digital risk protection platform
We reviewed the market for DRP systems and analyzed the options based on the following criteria:
- A service that scans the Dark Web for digital assets that have been exposed
- A threat intelligence feed that can be linked into a DLP system
- Compatibilities to combine threat intelligence with following generation endpoint protection systems
- A service that will identify procedural weaknesses
- Options for employee education
- A sample report or a free trial for a cost-free assessment
- A reasonable price for a competent service
Using this set of criteria, we looked for a range of DRP systems that offer information and data feeds for automated threat management systems.
You can read more about each of these options in the following sections.
The Best Data Risk Protection Platforms
1. CrowdStrike Falcon Intelligence Recon
CrowdStrike Falcon is a suite of cyber security products. Some of those modules are offered in packages, while others are standalone products that can be added to a package or used separately. CrowdStrike Falcon Intelligence Recon is one of the standalone products.
The Falcon Intelligence Recon service provides threat intelligence reports tailored to your digital identities. The reports are compiled through automated sweeps and manual research from a range of data sources, including the Dark Web. So, for example, if someone has hacked into your email system and extracted a list of your corporate email addresses, they will be selling that list on the Dark Web. Similarly, hackers’ attack methods are sold on the Dark Web.
The research that Falcon Intelligence Recon provides pertains to those digital properties your company owns and that you have registered with the service, plus new information about possible attack vectors currently being circulated for hackers to try out.
Your IT security team can take those reports and devise strategies to block the threat, which might involve reporting specific hackers to the authorities or ordering all users to change their email passwords.
- Research sweeps of the Dark Web
- Regular security risk reports
- Information on third-party risk
- Threat intelligence feed
- Option for a managed service
The Falcon Intelligence Recon research is also formatted into a threat intelligence feed that automatically updates other CrowdStrike Falcon security products that you might be running on your site.
You can also register the names of the businesses you deal with, which would ring you information on threats to those other businesses, enabling you to assess third-party risk.
- Extensive research into newly encountered threats
- Information from sources that your company wouldn’t otherwise be able to access
- Constant updates so your threat analysis doesn’t get out of date
- The option to get intel on associated company risks
- A threat intelligence feed that automatically updates other Falcon X security systems
- No demo account or sample reports for assessment
Falcon Intelligence Recon is a managed service that deduces defense strategies from the intelligence reports for you. This would be of interest to those businesses that don’t keep cybersecurity experts on the payroll. To learn more about the capabilities of this products suite, you can register for a 15-day free trial of Falcon.
CyberAngel is a platform, which offers a range of DRP services. The main modules of this platform are:
- Asset Discovery and Monitoring
- Data Breach Prevention
- Account Takeover Protection
- Dark Web Monitoring
- Domain Protection
The Asset Discovery and Monitoring service is a vulnerability manager that operates from an external location. This automated service uses techniques derived from hackers on how to break into a system. The Data Breach Prevention service is an extension of that asset discovery process. Rather than providing constant control over data movements like a traditional data loss prevention (DLP) system, this service is an analyzer that identifies security weaknesses around data.
The Account Takeover Protection module is a research service that scans Dak Web sales sites for lists of email addresses for sale, finding those on your domain. In addition, the Dark Web Monitor looks for chatter that would indicate that your business is about to be targeted.
The Domain Protection service looks for cyber squatters who create copies of your site for use in reaping access credentials from users. Additionally, sites that have domains similar to yours can be used to spread disinformation about your business. The Domain Protection service alerts you to these, and it will also take them down.
- A modular SaaS platform
- Research in the Dark Web
- Mechanisms to shut down attacks
CyberAngel is a fast-growing service gathering customers because it combines traditional cybersecurity processes, such as vulnerability scanning, with manual Dark Web research. Unfortunately, you can’t get access to the platform with a trial. However, the service does offer a free demonstration on its site in its Data Leak Dashboard.
- CyberAngel maintains contacts within the hacker community, so you don’t have to
- This service researches in the Dark Web
- Some modules perform traditional system hardening services
- Data leak solutions rely on seeing data that has already been stolen
ZeroFOX has set up a research network and also a system called the Global Disruption Network. The research network comprises spies who pose on the Dark Web to acquire the latest lists of insider information that is available for sale. The Global Disruption Network is a combination of administrators and legal experts that can force service providers to shut down the accounts that have been identified as hacker infrastructure.
The ZeroFOX findings are produced as reports that can be viewed in the cloud-based platform of the service. The package also provides threat intelligence as a feed that you can get formatted to suit different third-party tools. Although some of those tools are free to use or have free versions, such as Splunk, most of them are paid packages.
If you already own one of the services in the ZeroFOX app library, you just need to activate the integration to get data feeds sent directly to that system. You know which system you can buy to get the ZeroFOX feed channeled in if you already have a tool on the list.
- External research into compromises
- Scans of the Dark Web
- Remediation system included
The platform offers different modules, so you don’t get a set package of services. Some services have a tariff per asset that you register, such as a domain name. Other modules, such as the remediation service, are charged by action. You can get a guided demo of the ZeroFOX services.
- A cloud-based platform that enables you to subscribe to different services rather than a rigid package
- The option to include different assets
- A global disruption network to shut down potential attacks
- No free trial
4. Proofpoint Digital Risk Protection
Proofpoint Digital Risk Protection is a package of services that covers:
- Social Media Protection
- Web Domain Fraud Monitoring
- Executive and Location Threat Monitoring
- Digital Compliance
The Social Media Protection module analyzes risks to any social media profiles that the company and its employees have. This protection extends to protection against phishing scams, account takeover, and imitators.
Web Domain Protection looks for cyber squatters who create websites with domains that sound like the company’s identity or misinformation. It also looks for exact copies of a protected site that is used to defraud customers directly. The service takes down any sites that it discovers.
Executive and Location Threat Monitoring is a service that addresses a hacker practice called whaling. This targets key personnel and then imitates them to try to trick other employees into following fake orders.
The Digital Compliance module is a service that analyzes a company’s social media presence and then recommends a reduction of that attack surface by concentrating on just a few profiles and shutting down the rest. This system provides compliance with FINRA, SEC, FCA, and IIROC.
- Focuses on social media threats
- Produces compliance with FINRA, SEC, FCA, IIROC
- Protects the corporate image
The Proofpoint service is an additional protection system that does not attempt to provide systems supplied by other tools such as data loss prevention and vulnerability management packages.
- Reduces exposure to phishing attacks
- Removes damaging copycat websites, protecting corporate integrity
- Blocks attempts at defrauding a company through impersonation
- No free trial or demo
5. Intsights Threat Intelligence Platform
Intsights Threat Intelligence Platform is a service provided by a division of Rapid7. The Threat Intelligence Platform produces feeds that provide Indicators of Compromise to cybersecurity tools, such as those offered by the Rapid7 Insight platform.
Essentially, with the Intsights system, Rapid7 extends the availability of the threat intelligence feeds needed for its products so that third-party security tools can use them. The intelligence service looks for new threats strategies, phishing attempts, Dark Web mentions, and lists of compromised accounts to provide a tailored warning service for each subscribing company.
- Researches indicators of compromise
- Dark Web intel
- Warnings over disclosed account credentials
The platform is a subscription service, and it will tailor its searches and results with the identities, such as domain names, that you register with the service. You can request a demo to assess the service.
- Identifies phishing campaigns aimed at your employees
- Produces warning reports
- Offers automated threat intelligence feeds to link through to security tools
- It doesn’t provide protection tools, only information