Interview: James Chappell, CTO and Co-Founder, Digital Shadows

Written by

The likelihood of suffering a cyber-attack is now a constant, unescapable threat for companies of all sizes. It’s pretty much accepted that if you haven’t already been hit it’s probably only a matter of time before you are.

Whether it’s a result of a sophisticated operation which finds a way through your security software or a simple social engineering breach, you’re a possible target for hackers to exploit.

So, there has never been a better time for companies to invest their efforts and resources in strengthening their security posture so that they give themselves the very best chance of avoiding attacks and, more importantly, are in a strong position to quickly detect and recover from a breach. 

Digital Shadows specializes in helping organizations defend against cyber-criminals by providing cyber situational awareness, giving enterprises a complete view of their digital footprint and the profile of the attackers who are constantly lurking on the periphery searching for a way in.

Always seeking to stay one step ahead of the game, the firm has just announced some new additions to its already impressive SearchLight data analysis platform. I recently spoke with CTO and co-founder James Chappell to find out a little more about what these advancements are, how they will work and what benefits they will bring to Digital Shadows’ customers.

“We’ve been looking at some common, emerging things and areas where we can really help our clients,” he explained. “In particular, we’ve been doing some work around credential compromise; so ‘duff’ credentials that get put on things like ‘Pastebin’. One of the really interesting challenges with those lost credentials is that you have to verify whether or not the credentials are real or not.”

The key thing a company has to be able to do when its credentials come under threat from attack is be able to validate whether the claim is real; have hackers really stolen a large amount of sensitive data or are they actually rehashing old leaked information in an attempt to make a quick easy buck or even just simply creating a news story.

“What we’ve done is built a database of all of our previous breaches and we can now profile and verify credential loss. Now we’re able to help our clients to properly evaluate the severity of breaches and cut through the noise.

“It’s the value of situational awareness; if you know what’s going on around you, you can make better, smarter decisions and that’s really what we’re getting at here,” Chappell added.

Another area Digital Shadows has looked into is improving its detection of domain squatting or malicious domains, with a focus on making this process stronger and speedier.

“Domains are interesting these days, as where you used to just have your top level domains like ‘co.uk’ or ‘.ru’ with a handful of global ones such as ‘.com’ and ‘.org’, the way domains work now is much broader. So now we’ve got things like ‘.music’ and ‘.Samsung’ as top level domains, this whole area is a lot more complex than it used to be. We’ve been working very hard to make this capability very robust and very quick – the quicker and more responsive it is the better we can serve our clients to help them fix any potential problems from these squatted domains.”

Next, Chappell explained the importance of viewing your organization from the perspective of an attacker, another security approach Digital Shadows has looked to enhance with the creation of an ‘attacker’s eye view’ infrastructure discovery capability.

Companies who put themselves in the attacker’s shoes – using the same sort of approaches the attackers use – can gain the benefit of unearthing infrastructure that they weren’t previously aware of in an automated way, he said.

“The real benefits to this are that 1) you discover what your assets are and 2) if you take on the perspective of an attacker when you’re looking at your threats you look at them from a different point of view, which can be quite helpful if you’re trying to reduce your risk.”

Lastly, the firm is now offering more detailed, company-specific topical research reports to its customers.

“Some of our clients have very, very specific threats to their business, and they want a much more comprehensive report,” Chappell explained. “So, we’ve created topical research reports as a means of giving a ‘deep dive’ into threats, delivering a much more detailed report which will be tailored to the client.”

“We’ve seen some very specific ransom-type attacks on hospitals, for example, where hostile parties exploit the fact these organizations care greatly about their patient records and the impact if they lose them, and unfortunately create quite profitable criminal businesses around those. Therefore, a hospital might want to get a much better understanding of that sort of threat outside of general threat information because it is a consistent, persistent issue for that industry.”

“Threat can be a very, very specific thing, depending on what sort of organization you are, your physical geography and what sort of people you are trying to protect,” he concluded.

What’s hot on Infosecurity Magazine?