Digital risk protection (DRP) is – in common with many other forms of security – the proactive defense of business assets against the threats they face. What sets DRP apart is its relevance to the growing digital maturity of organizations across all sectors. The further that organizations progress to embracing the benefits and opportunities of digital technologies, the more new risks consequently arise and must be identified and mitigated.
This post explores the evolution of DRP, the factors driving it, and the pivotal role of threat intelligence in providing actionable insights to reduce digital risk.
How the DRP market has emerged and developed
The promise of “securing digital transformation” has been embedded in the cybersecurity industry’s well-worn playbooks for some years now – helping promote everything from endpoint security to spam filtering and identity management. But DRP is more narrowly defined into tracking and tracing what Forrester describes as ‘external digital risk environments’ – places outside the control of the internal environment where risks and their trajectories need to be understood.
Forrester’s principal analyst, Josh Zelonis, has this say about how DRP services are being applied today:
“Digital risk protection services substantially improve an organization’s ability to mitigate risk by providing the organization with actionable and relevant intelligence. By simulating an outsider’s perspective of an organization’s digital presence, security professionals … can better determine which of their assets are most at risk and develop solutions to better protect those assets. Additionally, DRP services can be utilized to protect a company’s reputation by scouring the web for instances of data fraud, breaches, phishing attempts, and more.”
The precise scale of today’s fast growing DRP market remains unclear but, with all organizations steadily increasing their digital exposure and aiming to make investments that ensure the avoidance of costs associated with data breaches and brand damage, the demand for DRP is unquestionable. And while early adopters have tended to be large organizations, the signs are that DRP is within the grasp of smaller businesses too – particularly with the increasing involvement of MSSPs in the market, and the availability of modular threat intelligence capabilities.
The factors driving increased digital risks
The digital transformation journey of each organization is different in every case, and so there is no one-size-fits-all solution to the digital risks that accompany each. However, understanding how the most commonly-found principles develop is critical to formulating a tailored response.
- Bigger attack surfaces: Digital initiatives that rely on the greater use of mobile devices, IoT endpoints and cloud services are increasing the size of the exploitable attack surface. The recent trend toward homeworking in response to the Covid-19 pandemic has exacerbated this issue further.
- Unchecked digital sprawl: Employees adopting non-approved digital resources and applications for data processing, storage and other uses is inevitable because they are simply trying to be productive. This heightens the risk that credentials will be exposed or data leak out.
- Digital ecosystem complexity: Digital footprints are growing exponentially via increased use of new technologies and interconnectedness with third-party developers and supply chains. Complexity and rapid evolution makes it practically impossible to keep track of, and attackers lie in wait to exploit the weakest links.
- Hypercommunication and social identities: Brand exposure has become a double-edged sword as organizations take every opportunity to leverage social channels and interactive apps to communicate better with their communities. The result is a potential loss of control over how their brands are used, with the risk of fake domains, spoof social accounts and even impersonations of key executives.
- Misplaced digital trust: Digital tools that are so intuitive and easy to use within the organization have the effect of increasing dependency. This is compounded by the mandated use of such tools to carry out business processes and communicate with colleagues, suppliers and customers. Together, these factors raise the spectre of complacency and misplaced trust – making it easier for attackers to succeed with phishing and related attacks.
What role does threat intelligence play in digital risk protection?
Digital risk protection centers on identifying the risks your organization faces in real time. This is achieved by understanding ‘what’s out there’ in terms of potential data loss, brand misuse, emerging attack patterns and other threats exploiting the organization’s attack surface. Only then can the correct action be taken to directly mitigate risks in a timely manner, and maintain governance and compliance. Essential to all parts of this process is the availability of meaningful intelligence rapidly amassed and prioritized to address the unique risk profile of the given organization. This is threat intelligence in action.
A typical DRP program encompasses the following key areas, all of which rely upon fresh threat intelligence, such as provided by Blueliv from the largest and most comprehensive possible set of sources.
- Protection against novel phishing attacks – by uncovering fake domains, social accounts and mobile apps before attackers use them to launch targeted phishing campaigns and cybersquatting.
- Brand protection throughout the web – by monitoring your situational awareness on the dark web and identifying potential threats targeting your brand and the business performance of your products, services, and sales channels.
- Preventing credentials being compromised – by detecting in real-time where they have been exploited by malware and botnets, and through data leaks. This applies to credentials belonging to customers and third-party suppliers, not just employees.
- Closing down leaks of confidential data – by scouring the web to discover it in cloud repositories, public folders, peer-to-peer networks and many other sources, even if outsourced consultants, auditors or other trusted third parties were responsible.
- Gaining control of your digital assets – by tracking search engines, social media platforms and more for unauthorized affiliations and use of brand assets, intellectual property, etc.
- Reacting to targeted threats – by collecting and analysing continuously updated and intuitive information around threat actors, campaigns, malware indicators, attack patterns, tools, signatures and CVEs.
It is important to recognize the distinction between intelligence and information in relation to each of the areas above. Merely mining information produces vast quantities of data, each piece of which may appear incomplete or contradictory on its own, and in any case would likely overrun a security team’s working capacity by its sheer volume. Converting this into intelligence removes this burden and confusion, and – in Blueliv’s case – is the product of a highly optimized process combining machine automation and human analysis. It is ‘intelligence’ when it is sufficiently directed and relevant to be acted upon, and has been produced fast enough to be worthwhile acting upon.
Digital risk protection is an essential requirement for organizations wishing to enjoy the upsides of digital transformation without being consumed by the associated risks. DRP is gaining traction because of its relevance to business imperatives like communicating with customers, gaining efficiencies, sustaining rapid innovation and maintaining agility. It is a positive way for business and technology stakeholders to engage on how best to serve the organization’s needs; understanding, mapping and proactively managing the complexity of digital risk.
But DRP is lost and blind without a constant stream of threat intelligence. Only with threat intelligence – rather than threat data alone – can the bespoke digital risk of an organization be understood and contextualized against the constantly changing landscape of threats, data loss and attack surface.