Recaptured Data in Preventing Cyber Crime Explained
What if we told you the biggest risk to your enterprise is in the places you’re not
looking – places you don’t have access to?
looking – places you don’t have access to?
The criminal underground is packed with stolen credentials, PII, and browser fingerprints that let criminals impersonate your employees and customers, evading detection from traditional fraud controls.
Underground data exists for nearly everyone – employees, vendors, and customers – who may have dozens or more online personas. When their credentials and PII are leaked in a breach or siphoned from a malware-infected device, your team can’t effectively protect them. You’re never quite sure if any of that data connects back to your enterprise or customers, or if you’re truly secure from attacks that leverage stolen data like account takeover and ransomware.
Without that knowledge, your entire enterprise is at risk.
This risk represents a missed opportunity for information security and fraud prevention teams. For the longest time, data from the criminal underground wasn’t accessible. Now it’s an untapped source of powerful insights. We call it Recaptured Data.
Recaptured Data is information that SpyCloud’s human intelligence researchers have recovered from tens of thousands of security breaches, millions of malware-infected devices, and other covert sources – transformed into actionable insights.
The SpyCloud Recaptured Database contains over 200B assets which power our Account Takeover Prevention and Online Fraud Prevention solutions. It is comprised of more than 200 distinct field types collected directly from breach records and logs from malware-infected devices:
We make this data machine-readable and available to help enterprises make informed decisions about how to protect themselves, their employees, vendors, and customers.
A lot of companies claim to offer the best “breach data.” Recaptured Data is not just data from breaches. That data, in the form most providers offer, is unstructured data that is not actionable.
What makes Recaptured Data unique – in short – is its variety, actionability, and insights.
With stolen cookies and credentials, criminals can do extreme damage to companies and individuals. But in the hands of enterprise security and fraud prevention teams, this same data can be used to negate at-risk web sessions and protect vulnerable accounts.
SpyCloud has invested heavily in “de-hashing” collected passwords, allowing customers to determine whether exposed credentials exactly match the in-use credentials for their employees and customers. More than 90% of the 25B passwords in our database are in plaintext, making our data the most actionable in the industry.
No false alerts here, only evidence of compromise.
In short, companies use Recaptured Data to help avoid the risk of breaches caused by the use of stolen authentication data, or fraud that otherwise goes undetected earlier in the attack timeline. The key is recapturing data early after a breach or malware infection occurs, so it’s in your hands before it’s used to cause harm to your business and your customers.
By the time other companies alert you to exposures, criminals have already had stolen data in their hands for months (and sometimes years).
No enterprise can gather their users’ compromised data with the speed and scale necessary to thwart attacks.
This is SpyCloud’s focus, and why hundreds of enterprises rely on us.
Since cyber criminals don’t discriminate, companies of all sizes in varied industries use Recaptured Data. Any company can use it, and so far, hundreds of companies around the world – including half of the Fortune 10 – rely on it.
SpyCloud customers include:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
We use analytics data to make site improvements that positively affect our customer's online experience.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.