Saturday, October 14, 2017

RiskWatch and Suspicious Activity Reporting

In the last 30 days we've sent approximately automated 25,000 suspicious activity reports from a new application that we call RiskWatch.  While our 'open' numbers appear strong, we're still building trust in the recipients of those. You see, we compete in victim notifications with bad guys who've been sending "You're infected" emails to users for years in attempts to sell fake AV.

So today I'm going to do a bit more socializing.

What is it we're doing? The process is simple --and patent pending ;)

For a while now, we've been sending polite victim notifications to those where we identify (ahem) suspicious activity. Of course, this suspicious activity is rarely just suspicious. We send notifications in which we break out malicious (high probability compromise) and suspicious activity (maybe a compromise but needs a look). And why do I say polite? We're complimented by many as not using scare tactics to sell subscriptions and services. Polite means that we normally handle victim notifications like I'd like it handled if someone were calling me… I call them, and send them a report. Many times, I didn't charge —only to be put under NDA, or blown off, or simply, not answered —and then we watch as the victims continue to be victimized, and those connecting to them do as well. The numbers of victims have grown exponentially in the last two years.

For months, we've been sending suspicious activity reports to the maritime community, and last week I hired a person who'll begin authoring victim reports for the banking and finance industry. This person will be doing nothing but mining our collections for information suggesting bankers, financiers, or insurance companies are notified when we see activities.


What do these things look like? Here's one for the .gov space —of course, this isn't a full report and it isn't in our template or letterhead yet, but I'm sure you get the picture. This shows a small sample of state governments but one from a survey site at ed.gov. Government folks aren't allowed in the Red Sky portal, but they can pull subscriptions from us. This snippet is, of course, sanitized, but I'll be posting the report in its entirety in our online storefront.

Sorry folks. I realize this isn't my typical sassy Saturday morning blog, but this stuff is important, and those who can't afford a good security shop —which includes many of the states we live in, still need to have the information presented to them. This isn't a 60 page in-depth study. It's down and dirty, short, and in a completely actionable format. This report, when finalized post-QA will be available on via our online storefront at https://wapacklabs-watchlist.dpdcart.com.

Moving forward, we're making the automation available for supply chain management. Please feel free to reach out for more information.

Until next time,
Have a great weekend.
Jeff