UpGuard is all about ensuring that its customers’ IT assets remain online and available at all times. The product of some innovations by a couple of Australian practitioners, UpGuard is now US-based and gaining good traction for its cyber resilience platform.

The ethos behind UpGuard is to ensure that customers can identify issues as quickly as possible, no matter where they emerge from: locally, from external vendors or via the internet. That is a compelling proposition and has resulted in UpGuard securing hundreds of millions of publicly exposed records at a trajectory that continues to grow. This is one example where it’s better to have the smart people in your camp and organizations such as NASA, the New York Stock Exchange and ADP rely on UpGuard to make sure they’re safe.

That footprint looks likely to expand with the unveiling today of BreachSight, a platform that is aimed at discovering breaches where and when they occur. BreachSight is a direct response to what UpGuard’s own cyber risk team discovered: that data breaches are occurring at an epidemic scale and no solution exists that can swiftly identify these exposures. To demonstrate this fact, UpGuard tells me that in the last year alone, this research unit has secured over 335 million publicly exposed records from entities such as the Republican National Convention, Verizon, INSCOM, Booz Allen Hamilton and many more. As a commercial application, BreachSight automates the techniques developed by the Cyber Risk Team to identify publicly exposed data sets in real time, allowing the team to secure even more records than previously possible.

Rather than reactively monitoring the dark web for information that has already been exploited, BreachSight proactively discovers exposed datasets and aids in the analysis of these exposures. This breach discovery engine will perform custom searches designed off keyword lists provided by the customer. BreachSight targets the digital surfaces where the Cyber Risk Team typically finds sensitive data sets publicly exposed, identifying a variety of data points including exposed credentials, exposed data, apps that may be exposed to squatting, top-level domains that may be exposed to squatting and more. This custom search not only provides results that will alert customers to the digital assets that they control but any information that may have been leaked by a third party or partner.

BreachSight extends the capabilities of UpGuard’s existing vendor risk management product, learning new keywords from CyberRisk in order to optimize the breach search. While CyberRisk discovers machine configurations that make data breaches more likely and signal poor information security practices, UpGuard BreachSight will look directly at data that is already exposed to the internet. Together, these products provide the fullest picture of an organization’s susceptibility to breach using only non-invasive methods. Says Mike Baukes, co-founder, and co-CEO of UpGuard about the launch:

Our team is uncovering data breaches every day because of one simple fact: Organizations don’t know what data they have, who has it, and where it exists. BreachSight will allow customers to regain control of their private data by providing total visibility over their digital footprint.

MyPOV

Getting information as early as possible is a key requirement for reducing cyber risk. BreachSight would seem to be a more proactive approach towards identifying breaches and is hence a useful addition to the industry.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

Leave a Reply