Cyber Threat Intelligence 2.0 — Scattered Secrets BreachCheck

Cyber Threat Intelligence (‘CTI’) is often defined as the process of collecting, analysing, and interpreting information about cyber threats. It transforms raw data into concrete information and actionable insights, enabling organisations to better protect their IT landscape.

One of the key areas in protecting systems and applications is safeguarding against account takeovers (‘ATO’). Account takeover attacks have now become the main cause of hacks and data breaches, as reported by many renowned organisations.

However, the use of CTI to prevent unauthorised account takeovers remains highly inefficient. CTI sources typically contain large amounts of raw data, of which only a very small percentage is useful. Much of it consists of repackaged or outdated data, or data that never posed any real threat. The process is therefore inefficient, if effective at all. In addition, the work often provides little satisfaction for those involved. These issues have several inherent causes:

• Converting data into actionable information requires significant time and expertise, and therefore also significant costs.
• The expertise typically comes from highly educated specialists who are forced to perform simple, repetitive tasks. The results then offer little gratification due to the large number of false positives and negatives.
• Despite all this effort incidents and hacks still occur, as we see in practice. Cyber-criminals are masters at identifying the small fraction of truly relevant information. Account takeover remains the most significant threat and is often the starting point for a wide range of attacks, such as new data breaches and ransomware incidents.

Scattered Secrets’ BreachCheck is the solution to these problems. With our unique approach, we can also help organisations achieve a higher level of maturity in the area of compliance — a useful advantage, especially in light of rules and regulations (EU CRA/NIS2 etc.). The aspects that set us apart are simple yet highly effective:

• Matching results is fully automated and produces zero false positives. This is the only effective approach when working with billions of leaked account and password combinations. The outcome: rapid checks, direct positive verification against source systems, and integration options with SOC and other IT tools to enable immediate action.
• Even accounts that are not (frequently) used can be tested against leaked credentials. So not just checks during account creation and other account activity: the process is not dependent on user logins. The impact of a new data breach can therefore be determined centrally, directly, and comprehensively. These unique features can also be leveraged within IT operations for compliance purposes: demonstrably in control.
• The system is compatible with virtually all Identity & Access Management (‘IAM’) solutions. Protection can be implemented without changing the source code of target applications.
• BreachCheck does not require access to unencrypted or hashed passwords. Account details, passwords, and password hashes never leave the organisation.
• Threat data collection, processing and analysis are handled by us. No more time-consuming processing by internal or external experts is required. This saves both time and money. High-end protection without the high-end price tag.
• We are a 100% Dutch company (EU).

The result? Hours of analyst work saved, significantly reduced risk of data breaches and ransomware, and more peace and quiet in the SOC. Scattered Secrets BreachCheck — no noise, more certainty.

Interested in the best protection for internal or customer accounts? Or do you have questions? Let us know in the comments or send us a message.