I'm excited to announce general availability of SolarWinds Identity Monitor, an easy-to-use cloud-based service specialized in preventing account takeover. Identity Monitor is enabled through a partnership with SpyCloud, experts in recovering data breach information. Since this is the introductory post about Identity Monitor, I wanted to talk about the main problem it solves and then give you a quick overview of the product.
What Is Account Takeover?
Account takeover is exactly what it sounds like--when a bad guy obtains your credentials associated with one site, and then tries to use them to take over your accounts on other sites.
As someone in IT, you probably use unique, strong passwords with multi-factor authentication for every site or service you use (right?), and at work, you probably enforce secure policies for the servers and applications you control, but... are your users as careful as you? Do they ever reuse passwords, mixing them across work with non-work services? They do, and this is why account takeover works--because once the bad guys get one set of credentials, they try them on hundreds of other sites using credential stuffing tools to find out what else they can access... and then the bad stuff starts to happen.
How Do You Prevent Account Takeover?
You can take all the preventative steps in the world, but there will continue to be data breaches where your credentials and information are taken, and once your credentials are compromised, the only way you protect yourself is to change your credentials. Seems simple--but first you have to know you've have been compromised to take action.
Identity Monitor has billions of records from previous data breaches and can tell you if you or your company are compromised right now. Identity Monitor presents this data in a timeline and summarize it into asset types, allowing you drill down on specific breaches in the past and see what credentials were exposed. Data can include usernames, email addresses, passwords (both encrypted and unencrypted), addresses, birthdays, phone numbers--almost anything you've ever entered into a website.
Identity Monitor continuously scours the internet for new data breaches, and as this new information is ingested, it will analyze the data and alert you to new compromises. Speed is the key here--you need to know about new compromises of your users as fast as possible.
If the hair on the back of your neck is standing up and you're ready to see how deep the rabbit hole goes, go sign up for a free Identity Monitor account. Otherwise, let's look at how Identity Monitor works, evaluate how compromised your company is right now, and find out what kind of information you might see.
Am I Compromised Right Now?
As IT professionals, part of our job is to protect our companies physical and digital assets. Let's log in, look at timelines, and drill into some detail. Here I have one domain registered (example.org) and I can see the timeline of breaches on top, the most recent breaches on the right, and the types of compromised information.
Let's take a closer look at the breached asset types.
You can see how email addresses are compromised, how many passwords are known, and the amount of Personal Identifiable information available. Let drill down on the emails and see what's exposed. I'll pick the first one since it was just a few days ago and is marked critical... and I'll click to expose the password (which turns out to be "secret").
I am also interested to see what personal information is available, so I click View Raw Data.
Here you can see the extensive amount of personally identifiable information... and it's scary.
Once you get a feel for the scope and type of exposure your company and employees have, you can address the current situation, and then decide how to improve your processes going forward. Each breach has advice on remediation too.
Let's says we've addressed all the problems Identity Monitor found, but sadly we know another security breach is around the corner (just look at the history on the timeline). How does Identity Monitor protect us going forward? By continuously scouring the internet for new breaches, digesting the data as quickly as possible, and alerting you. In the Email Assets example above, you can see there were only a few days between the breach date and the date it published in Identity Monitor. We also get this handy email alert telling us there was a breach and link us to the details:
And you aren't limited to just your domain. You can extend your protection to any email address as long as the email owner gives permission. This is great for watching personal emails of critical employees (like your executive team), DL used for signing up for external services, or any other email used for company business.
Sign up now for free! Pricing is by number of employees and starts at $1795 USD for 100 employees.
These are the primary use cases Identity Monitor covers, but there's more--be watching for more blog posts.