I'm excited to announce general availability of SolarWinds Identity Monitor, an easy-to-use cloud-based service that specializes in preventing account takeover. Identity Monitor is enabled through a partnership with SpyCloud, experts in recovering data breach information. Since this is the introductory post about Identity Monitor, I wanted to talk about the main problem it solves and then give you a quick overview of the product.
What is account takeover?
Account takeover is exactly what it sounds like - when a bad guy obtains your credentials associated with one site, and then tries to use them to take over your accounts on other sites.
As someone in IT, you probably use unique, strong passwords with multi-factor authentication for every site or service you use (right?), and at work, you probably enforce secure policies for the servers and applications you control, but... are your users as careful as you? Do they ever reuse passwords, mixing them across work with non-work services? They do, and this is why account takeover works - because once the bad guys get one set of credentials, they quickly try them on hundreds of other sites using credential stuffing tools to find out what else they can access... and then the bad stuff starts to happen.
How do you prevent account takeover?
You can take all the preventative steps in the world, but there will continue to be data breaches where your credentials and information are taken, and once your credentials are comprised, the only way you protect yourself is to change your credentials. Seems simple - but first you have to know that you have been compromised in order take action.
Identity Monitor has billions of records from previous data breaches and can tell you if you or your company are comprised right now. Identity Monitor will present this data in a timeline and summarize it into asset types, allowing you drill down on specific breaches in the past and see what credentials were exposed. Data can include usernames, email addresses, passwords (both encrypted and unencrypted), addresses, birthdays, phone numbers, etc - almost anything you've ever entered into a website.
Also, Identity Monitor continuously scours the internet for new data breaches, and as this new information is ingested, it will analyze the data and alert you that you have new compromises. Speed is really the key here, you need to know about new compromises of your users as fast as possible.
If the hair on the back of your neck is standing up and you're ready to see how deep the rabbit hole goes, go sign up for a free Identity Monitor account. Otherwise, lets take a closer look at how Identity Monitor works, evaluate how compromised your company is right now, and what kind of information you might see.
Am I compromised right now?
As IT professionals, part of our job is to protect our companies physical and digital assets. Lets login and take a look at timeline and drill into some detail. Here I've got 1 domain registered (example.org) and I can see the timeline of breaches on top, the most recent breaches on the right, and the types of information that are compromised.
Lets take a closer look at the breached asset types.
You can see how email addresses are comprised, how many passwords are known, and the amount of Personal Identifiable information is available. Let drill down on the Emails and see what's exposed. I'll pick the first one since it was just a few days ago and is marked critical... and I'll click to expose the password (which turns out to be "secret").
I am also interested to see what personal information is available, so I click View Raw Data.
Here you can see the extensive amount of personally identifiable information... just plain scary.
Once you get a feel for the scope and type of exposure your company and employees have, you can act to address the current situation, and then decide how to improve your processes going forward. Note that each breach has advice on remediation too.
Lets says we've addressed all the problems that Identity Monitor found, but sadly we know that another security breach is just around the corner (just look at the history on the timeline). How does Identity monitor protect us going forward? By continuously scouring the internet for new breaches and digesting that data as quickly as possible and alerting you. In the Email Assets example above, you can see there were only a few days between the breach date and the date it published in Identity Monitor, and we also get this handy email alert telling us there was a breach and link us to the details:
And you aren't limited to just your domain, you can extend you protection to any email address as long as that email owner gives permission. This is great for watching personal emails of critical employees (like your executive team), DL used for signing up for external services, or any other email used for company business.
Sign up now for free! Pricing is by number of employees and starts at $1795 USD for 100 employees.
These are the primary use cases that Identity Monitor covers, but there is more - be watching for more blog posts.