Cybersecurity is no longer limited to just combatting internal network penetration. Due to an expanded digital presence of organizations, a widening threat surface, and constantly evolving cyberattack techniques, malicious actors can now target any of the multifarious digital assets organizations have on the web. Internal penetration remains dangerous, but so do attacks on websites, brands, employees, social media, and third-party partners.
Users can now leverage the digital risk management capabilities of Digital Shadows SearchLight with the security orchestration and automation features of Demisto Enterprise for more robust threat monitoring, response, and digital risk mitigation.
- Ingest Digital Shadows breach data into Demisto, create incidents, and trigger playbooks tied to those incidents.
- Automate enrichment of breaches as playbook tasks: records, usernames, IOCs, ports, and so on.
- Perform textual searches on Digital Shadows records from within Demisto.
- Pull up specific Digital Shadows breach snapshots/summaries by their IDs from within Demisto.
- Leverage 160+ Demisto product integrations to enrich Digital Shadows alerts and coordinate response across security functions.
- Run 100s of commands (including for Digital Shadows) interactively via a ChatOps interface while collaborating with other analysts and Demisto’s chatbot.
Fig. 1: A list of Digital Shadows commands available on Demisto
USE CASE #1
Automated breach notification and enrichment
If SOCs use different solutions for digital risk management and incident response, it can be tough to track the lifecycle of an incident due to flitting between screens, fragmented information, and lack of single-window documentation. This also leads to ‘dead time’ and an increased rate of error as breach volumes grow.
If SOCs use Digital Shadows SearchLight for digital risk management and Demisto Enterprise for security orchestration and automation respectively, they can automate incident creation and trigger playbooks in Demisto for specific breach types in Digital Shadows. This playbook will orchestrate investigation actions across the entire stack of products that a SOC uses in a single screen and seamless workflow.
For example, analysts can leverage Active Directory to get user details and ticketing platforms to generate tickets as automatable playbook tasks within Demisto after a breach from Digital Shadows is ingested.
Fig. 2: A Digital Shadows focused playbook and task results
Demisto playbooks coupled with Digital Shadows’ digital monitoring can speed up notification and enrichment of breaches. Analysts get a comprehensive view of the incident’s lifecycle, access documentation from a single source, and forego the need to switch between screens while performing enrichment and ticketing actions.
USE CASE #2
Automated brand protection and response
While internal network/endpoint attacks trip the alarms of security products, attack techniques such as brand imitation phishing domains can be harder to detect and consequently resolve. Even when these domains are detected, enrichment and response are laborious processes involving swivel-chair investigations across multiple products and console screens.
SOCs can integrate Digital Shadows’ brand imitation detection capabilities with Demisto’s security orchestration to weave an end-to-end operating procedure for these nebulous attacks. Detection of the specific breach types by SearchLight can trigger an incident and playbook in Demisto.
The playbook can lookup additional context from threat intelligence tools, check SIEM and mail logs for information, and run response actions such as creating tickets, blocking the domain on firewalls and mail servers, and initiating takedown requests.
Demisto acts as a bridge between SearchLight and other security products that a SOC may use to both quicken incident resolution and orchestrate any allied tasks that fall outside the direct purview of incident response. This ensures standardized response and updates, reduced effort and time through automation, and archived documentation for future learning.
To explore Demisto's features (including the integration with Digital Shadows) in greater detail, download the Free Community Edition below.