Data Exposure Alerting identifies customer and company data, source code, or vulnerable systems within open-source datasets and public-facing infrastructure in order to prevent actors from leveraging exposed data for illicit activity. Through the Flashpoint Alerting capability, users are able to construct targeted queries to ensure swift notification of leaked assets as it relates to their organization and intelligence requirements.
The average number of accidental |
83% of enterprise workloads are anticipated to move to the cloud in 2020 |
The average cost of a data breach is $3.92 million |
Misconfiguration of cloud servers |
Available Data Sources
Code Repositories:
Access to public repositories which may contain leaked IP addresses and other sensitive assets, such as source code or cloud application domain names, that could be used against an organization’s internal systems.
Internet Infrastructure:
Provides insight into enterprise devices or systems connected to the internet. Teams can monitor and keep track of their digital footprint by identifying newly observed exposed systems, the services they run, and their potential vulnerabilities.
Cloud Infrastructure: Delivers the ability to monitor and identify publicly exposed AWS S3 buckets which could be inadvertently leaking PII, customer data or other sensitive information due to misconfiguration, lack of monitoring or stolen bucket credentials.
Key Benefits
Flashpoint’s automated process provides real-time alerts when exposed
assets have been identified, saving both time and analyst resources by
helping users highlight relevant information and ensure information is not missed
These automated alerts are also accessible within the Flashpoint Intelligence Platform, providing a consolidated view of critical notifications
View necessary context regarding the leaked data, such as the original
poster, timestamp, file name, keywords utilized, as well as a direct link to
the original source, allowing for quick investigation of the alert
Directly manage and edit queries in the Flashpoint Intelligence Platform
to address rapidly developing challenges or changes within your
intelligence requirements
Conduct additional research within Flashpoint Finished Intelligence, and
our expansive collection sources to identify further context, or possible
tactic techniques and procedures (TTPs), on the alerting data
Use Cases
PREVENT THIRD-PARTY RISK
Enterprises commonly contract outside vendors to design code on an organization’s behalf. As third-party developers create proprietary data, there is the risk of the code mistakenly being uploaded to a public repository that should not be utilized given the possibly sensitive nature of the information. Flashpoint prevents third-party risk based on our ability to monitor cloned repositories, code snippets, as well as specific client assets which are uploaded into Flashpoint’s Keyword Management system, therefore alerting users in real-time when assets have been exposed.
IDENTIFY INTENTIONAL AND UNINTENTIONAL INSIDER THREATS
Employees and internal developers utilize repository sources to upload scripts that contain IPs addresses, sensitive information, or authentication for internal systems. Although at times uploads may be unintentional, there is the risk of internal stakeholders intentionally releasing information with malicious intent. Data Exposure Alerting provides the ability to monitor on behalf of the client including cloud application domain names, IP addresses, enterprise email address names, and patterns, in order to swiftly identify possible insider threats to the organization.
SUPPORT TO CYBER THREAT INTELLIGENCE (CTI) TEAMS
As threat actors continue to publicly upload phishing toolkits, which offer the ability to clone an organization’s entire website, CTI teams must stay ahead of the threat and be equipped with the necessary intelligence in order to prevent large-scale incidents. Flashpoint provides the capability to set up parameters to monitor and alert for specific malware toolkits mentioning technical data, such as indicators of compromise (IOCs), as it relates to internal resources.
DISCOVER AND MONITOR CLOUD STORAGE BUCKETS
Most organizations today rely heavily on cloud infrastructure to easily and securely store their data, which can include sensitive information like PII, customer data or other internal documents. Unfortunately due to its rise in popularity, cloud storage has also become a popular target for threat actors and even Amazon Web Services’ S3, the market leader, has been frequently breached. Flashpoint’s access to Cloud Infrastructure data delivers the ability to identify and monitor individual buckets or an organization’s entire S3 instance to uncover unintentional public buckets, which ultimately prevents expensive and embarrassing data leaks.
