Free Trial
Get Full Access

MSSP Secure Coders Upgrades Threat Exposure Monitoring for Multinational Pharmaceutical Company

Picture of Flare
Flare
  • Reading time: 4 min

“Even in the initial proof of concept for our pharmaceutical customer, we increased visibility of scale with several escalated alerts and gained knowledge of systems that showed significant risk.”

-Secure Coders

The Challenges

A multinational pharmaceutical company had an information security program that lacked a comprehensive view of their exposure on the clear & dark web.  Their goal was to get a better understanding of how an exposure monitoring solution can provide value and security to enforce the organization’s control objectives, as well as how clear & dark web monitoring can provide ongoing visibility into the organizations’ data security objectives. They reached out to Secure Coders who partnered with Flare for the engagement.  

To help manage their goal and better understand the unique needs of the organization, the Secure Coders team utilized Flare to conduct an exposure monitoring Proof of Value. This Proof of Value included a feature demonstration and a high level assessment of the organization’s external exposure. When the Secure Coders team uncovered results indicative of risk using the Flare platform, they used that data to improve monitoring for similar types of risk on a continuous basis. 

With interesting results in hand, the Secure Coders team put on their red-teaming hats to analyze findings as an adversary would to illustrate potential impact and recommendations to resolve or mitigate the risk.

The Implementation

The Secure Coders team conducted the following efforts.

Table with columns for phase, duration, and description of the work Secure Coders did for their pharmaceutical client in understanding their threat exposure.

The table below outlines the process employed by Secure Coders to identify, enrich, prioritize, and remediate threats.

The table has the columns for Exposure Monitoring Process and Description for the four steps Secure Coders took to identify, enrich, prioritize, and remediate threats.

Using its expertise and the Flare platform, the Secure Coders team made the following capabilities available.

  • Criminal underground monitoring
    • Access Brokers –  Provide actionable intelligence that saves time spent to detect and remediate attacks or compromised systems for sale on dark web marketplaces.
    • Forum Chatter –  Classify and report on conversations occurring on dark web communication channels relating to brand, product, and operations.
  • Intellectual property monitoring
    • Publicly Posted Source Code – Review publicly available source code posted by both internal and external entities to the organization.  Source code is analyzed and reported on by experienced software developers.
    • Public Dumps –  Review content posted on channels such as PasteBin that pertains to the organization’s  brand.
    • Public Forum Disclosures – Monitor public forums for discussions which disclose sensitive internal information. 
  • Monitor external attack surface
    • Monitor Github for Source Code and Secrets leakage – Monitor online code repositories for accidentally leaked information. Run custom regexes and queries that cross public code repositories such as GitHub, BitBucket, and GitLabGit-environments. 
    • Detect Technical Data Leakage – Detect mistakes and secrets being committed about the organization’s environment and send alerts to the security team on accidental commits. 
    • Identify Misconfigured Servers – Enable real time notification of S3 storage, Shodan, and other cloud data that could put the organization at risk.
    • Monitor Anonymous Sharing websites – Monitor password dumps, sensitive technical data, and PII that is posted on Pastebin and other anonymous sharing sites (bin sites).
  • Preventing Account Takeover
    • Real-time Credential Monitoring –  Collection of leaked credentials from the dark, deep and clear web, ensuring they can’t be abused the minute they are discovered
    • Automated Workforce Account Monitoring – Integrated credential dump feeds with the organization’s existing processes. 
  • Brand Protection
    • Drug Marketplace Monitoring – Continuously monitor product and service postings on dark web marketplaces relating to product sales and counterfeiting. 
    • Dump Monitoring – Monitor dumps advertised pertaining to the organization’s business.
  • Detecting Phishing Attacks
    • Subdomain Monitoring – Identify phishing domain names and SSL certificates and detect the registration of new domain names similar to the organization’s domains.
  • Preventing Financial Fraud
    • Workforce Protection – Search directory of financial fraud victims, based on leaks on the dark, deep and clear web, as well as on identities for sale on illicit markets. Enable the organization to check if their workforce have been victims of fraud, while ensuring information privacy protection.

The Impact and Benefits

Through the proof of value, we were able to demonstrate the benefits and value of implementing an exposure monitoring solution. Secure Coders using Flare successfully increased visibility of the organization’s external exposure on the clear & dark web. The following were delivered through the course of the proof of value:

  • 1590 Flare identifiers were created
  • Monitor External Attack Surface report with 1 escalated alert
  • Intellectual Property report with 9 escalated alerts
  • Leaked Credential report with 1 escalated alert
  • Monitor External Attack Surface report with 6 escalated alerts
  • Preventing Financial Fraud report with 5 escalated alerts

Several of the escalated alerts resulted in the organization gaining knowledge of a system that presented significant risk.  The organization requested a follow-on engagement for an Advanced Persistent Threat (APT) style pentest targeting the system, which was performed by Secure Coders utilizing their team of experts, heavily leveraging the Flare system.

Learn more about Flare’s Threat Exposure Management solution with a free trial

Exposure Monitoring for PharmaDownload
Share This Article
View posts

Flare

Related Content

H.E.R.O.S. Inc Manages External Risks After Ransomware Attack, Saving Up to 500 Hours Per Year

Read More
,

Initial Access Broker Landscape in NATO Member States on Exploit Forum

Read More
, ,

Dark Web Drama: LockBit and the AN Security Breach Saga

,
Read More
4.9

“What used to take about 1500 hours to complete can now be done in 1 week. Flare allows me to empower junior analysts to do dark web investigations that were previously impossible, hence liberating bandwidth.

Senior Security Specialist at a MSSP

4.9

“Other solutions would present us with thousands of potential leaks which were impossible to work with for our small team, Flare was the only one that could successfully filter and prioritize data leaks with their 5-point scoring system.”

CTI Director at a Major North American Bank

4.9

“Flare enables us to react quickly when threats are publicized. It helps us protect our brand and financial resources from data breaches.”

CISO in a Major North American Bank

4.9

“We audited dozens of different solutions and Flare was the only one making CTI easy and understandable for all, with the right data.”

Senior Advisor at an IT Services Industry

Start your free trial today

Experience Flare for yourself and see why Flare is used by organization’s including federal law enforcement, Fortune 50, financial institutions, and software startups.

START FREE TRIAL
Flare logo
Get a Demo
Free Trial
Linkedin Twitter Facebook Youtube
Copyright 2024 Flare Systems, Inc.
1751 Rue Richardson, Unit 3.108, Montreal, Quebec, H3K 1G6

Flare HQ

soc 2 cybersecurity company
Flare logo
Free Trial
Get Full Access
Log in