Corporate network breaches are happening all the time, but finding out about them can be difficult for anyone outside of the company. This lack of transparency poses a significant problem for many interested parties, but it’s particularly challenging for the compliance industry.
To address this deficiency, the cyber intelligence company Prevailion is now offering a special program for compliance and auditing professionals.
The new program, called “Apex Compliance,” provides discounted access to Prevailion’s hacker intelligence platform, known as Apex, which contains privileged information on over 19,000 (and counting) compromised companies around the world – many of which have never been publicly disclosed.
This discounted program is available to PCI QSAs, HIPAA compliance officers, SOX and GDPR auditors, and others in the compliance field.
“Data breach victims don’t always disclose these incidents, either due to the fact that they aren’t able to detect them or because they deem the events materially insignificant for SEC reporting purposes,” said Karim Hijazi, CEO of Prevailion.
“Either way, there is very little transparency when it comes to malicious cyber activity targeting the world’s largest corporations, and only a fraction of these incidents are ever publicly reported. This lack of visibility poses a significant challenge for many interested parties, but for the compliance industry in particular.”
Prevailion has developed a unique intelligence capability that allows it to detect active breaches inside corporate networks that do not require any access or confirmation by the affected corporation. To do this, Prevailion’s intelligence team targets criminal networks, in order to intercept communications between the “command-and-control” servers set up by hackers and the malware these servers control.
This ability to eavesdrop on criminal activity gives Prevailion unprecedented insights into real-time hacking operations taking place all over the world. It also allows them to see these attacks from the point-of-view of the hackers.
Consequently, Prevailion’s Apex platform is a reliable source of information on thousands of unreported corporate breaches, and provides around-the-clock intelligence on new compromises, escalating breach activity and corporate remediation efforts.
According to the Apex platform, 20% of Fortune 50s are showing active or recent compromise activity by criminal or state-affiliated hackers. These include major financial, energy, telecommunications, technology, insurance, healthcare and aerospace companies.
For compliance professionals, the Apex platform can serve as a useful tool for (a) discovering undisclosed/undetected corporate breaches, (b) identifying the type of malware used and the criminal organization behind it (key to understanding the overall risk posed by the breach) and (c) the company’s effectiveness at detecting and remediating these breaches.
Apex can also be used to map out a company’s third-party risk environment, by identifying any breaches in vendors, suppliers, service providers or partners that the company relies upon.