Baltimore-based Terbium Labs, a cybersecurity start-up founded two years ago by former researchers from Johns Hopkins University’s applied-physics laboratory, say they’ve come up with a new way to spot corporate data leaks.
The company announced last month that it is testing a product known as Matchlight, which monitors the covert chat rooms where cybercriminals usually sell the information stolen during data breaches. The company says that in a single day it identified 30,000 stolen credit-card numbers and 6,000 compromised e-mail addresses.
Terbium declined to disclose the full list of companies testing the product but said it is working with numerous Fortune 1,000 companies. One of the firms piloting Terbium’s product is Sonatype, a technology company based in Fulton, Md.
“The information security world needs to shift from this IT-focused defensive posture to more of a risk-management mind-set,” said Danny Rogers, Terbium’s chief executive.
A 2014 cybersecurity study by Verizon found that half of cyberattacks take months or longer to spot, and leaks are usually found by an unaffilliated third party such as law enforcement or a journalist.
Terbium said it came up with its technology by replicating the methods used by the people who spot data leaks by scanning dark-Web chat rooms manually.
These people may eyeball the identification numbers attached to credit card data being passed around online, for example, looking for clues to where the data may have been stolen.
Terbium says its software does this automatically. When a company signs on with Terbium, its sensitive internal data gets a numeric “fingerprint,” a jumbled assignment of letters and numbers that can’t be reverse-engineered. This way, nobody at Terbium sees the company’s data, just the fingerprint. A Swiss bank, for example, could use Terbium’s product without telling the company whose money it is storing.
Then the software uses a complex “Web crawler” to skim through dark-Web chat rooms and spot anything that has the same fingerprint, shooting the company a notification when the matching data changes hands online. That way, a company that has been breached will learn where its data has landed, company officials say.
Garrett Bekker, a senior analyst specializing in IT issues at 451 Research, an independent research firm that wrote a third-party research brief about Matchlight, says Terbium is plugging into a new cybersecurity reality. After the scope and frequency of high-profile corporate data breaches last year, companies are realizing they need to do more than protect their systems from hackers, he said.
“There’s been a realization in the information security community that you will be breached at some point, and you’re not going to prevent 100 percent of your data from leaving,” Bekker said.