Saturday, October 1, 2016

Cyberwatch update

To all who've been using Cyberwatch(R) and provided feedback, thank you!  It's very much appreciated. As a result of some of these feedback,  Cyberwatch API version 1.1 was released last night, and its packed with improvements that you've requested:
  1. 25-35% faster with database clustering improvements
  2. For our automated alerting mechanism, we've built in dynamic notification API keys, which don’t require authenticating! Click through, see everything we know from that 
  3. API key removal from the url on the front end wrapper
  4. Security Updates & bug improvements 
To all who've not yet heard of Cyberwatch, last week we went public with a new application program interface (API), that allows users to run queries against our backend raw intelligence collections.  We knew two things... 

First, many (all?) companies need intelligence --not just information received when they buy that million dollar security tool, but a real understanding of what's going on outside of their border router that will likely affect them. 

Second, many of those companies would prefer to slog through the myriad of google groups, open source lists, and take on the dark web themselves and waste an enormous amount of time chasing things that just don't mean much to the questions they should be asking themselves. 

For example... a RISK focused security pro will always want to know if there's a RISK of something breaching. And if they do, what's the likelihood of loss?

An INTELLIGENCE focused security pro will want to look over the horizon for risks that'll might mean something soon, or they'll want to know that tactical information --what IP blocks should we be monitoring now? Blocking now? Remediating?

At the same time,  our customer base is largely 100,000 computers or bigger... which while good for us, represents a small number of companies who need help... and who may be partnered with or in the supply chain to these larger companies. 

I've talked with dozens of smaller companies. They simply can not, and like will never, spend the money on an intelligence shop.

So what if Wapack Labs could help them? What if we could allow users to query our backend data for say, 30 queries per day (for free), so that these smaller companies could see exactly what they're exposure looks like --and what if Wapack Labs could refer them to a security professional (under NDA of course) to help that smaller company get well? 

Well, that's exactly what we did.
  • Wapack Labs passively collects key logger 'dump' locations at about 1300 locations around the world; 
  • We collect on very specific sinkholes;
  • We collect some specific open source --but not all... we don't want circular reporting;
  • And we collect about a dozen other specific items that can help tell a company when they might have problems. 
And we make that all searchable to anyone who wants to search against it. 

As well, we started (this week) performing automated victim notifications. Our first batch, roughly 5000 of them, went out on Wednesday, with a no-cost, one time link to our databases to show the companies what we found, and why we think they may have been victimized. That email contains a link to our new Partner Exchange Program, and allows the victim to request a referral to one of our trusted, NDA'd,  partners who can assist in the cleanup if needed. 

The Cyberwatch API is available at

Need more? We've built an ugly demo front end (we'll make it look nicer soon, I promise) on the API... Use it to monitor a portfolio of companies. If you're watching your supply chain, or a group of investment companies, you can set up five companies in our Cyberwatch front end, or you can use the API to bring the data into your own environment. Either way... you should be able to pull our data into a usable front end of your choosing or use ours.

So, to those who've provided feedback? We're listening.
To those who've not yet tried it? Try it! 

We're heading into Christmas shopping season. And although much of the work we'd done in the past is APT and Espionage related, we've taken on a second flavor in our analysis --money. So if you're a retailer, financial institution, or a supplier to one of these, as we head into the Christmas shopping season you should be watching our API at least daily, knocking down the threats we identify. 

Give it a try. There's absolutely no reason you shouldn't... it's free and we might know something about you that you don't already know.

Until next time,
Have a great weekend!

(CyberWatch(R) is a registered Trademark of Wapack Labs Corporation.)