AlienVault Scours the Dark Web for Compromised Credentials

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Cybersecurity firm AlienVault today took the wraps off a new AlienApp for its USM (Unified Security Management) Anywhere platform that alerts organizations to the presence of stolen credentials on the dark web.

The company’s appropriately-named AlienApp for Dark Web Monitoring solution seeks out all the email addresses associated to a given domain. Additionally, users can specify 10 email addresses for top executives and other high-profile targets whose username and passwords wield a lot power on their corporate networks.

Leaked passwords aren’t just a big headache for corporate IT security teams, they can also imperil many other parts of an enterprise organization.

“According to the 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords,” reminded AlienVault product manager Jeff Olen. “In other words, if an organization is going to get breached, it’s likely to be due to compromised user credentials. Once an attacker gets access to the network using these credentials, they can take any number of actions,” including stealing intellectual property, financial information and other sensitive corporate data.

And that’s just the start. Stolen credentials can lead to the installation and spread of malware on a network and enables an attacker to move laterally across a network. To add insult to injury, attackers commonly use a compromised credentials to stage “spear phishing attacks on other employees or externally,” said Olen.

Once leaked passwords start making the rounds, the danger extends well beyond their home networks and accounts, thanks to the widespread reuse of username and password pairs across other online and cloud services. Earlier this year, a Gemalto survey revealed that 90 percent of IT professionals worry about password reuse.

Powered by SpyCloud, the solution queries the security intelligence breach-discovery company’s database every 24 hours. Austin, Texas-based SpyCLoud emerged from stealth and launched its eponymous exposed records detection platform in June.

“With the AlienApp for Dark Web Monitoring, USM Anywhere customers are alerted immediately when corporate credentials are being actively trafficked in the dark web so that they can take immediate protective action with those accounts,” said Olen.

If credentials are discovered in the dark corners of the online underground, AlienApp for Dark Web Monitoring notifies security teams, alerting them to the email addresses of exposed credentials. The solution can also inform users and if credentials have been detected in prior breaches or if exposed passwords were hashed or stored as cleartext, among other circumstances.

The AlienApp for Dark Web Monitoring is available now at no extra cost to existing USM Anywhere customers.

Pedro Hernandez Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required