Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Find cyber threats that have evaded your defenses.
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Brands of the world trust ReliaQuest to achieve their security goals.
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
The latest threat research report from ReliaQuest Threat Research research team.
The latest white papers focused on security operations strategy, technology & insight.
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Alastair Paterson, CEO of Digital Shadows (now ReliaQuest), recently sat down with Ryan Floyd, cofounding Managing Director of Storm Ventures, to discuss the challenges Digital Shadows (now ReliaQuest) is solving.
Check out the recording here or read below for Alastair’s insights:
Ryan Floyd: Against the current background of digitalization and the rapid uptake of SaaS, the opportunity for hackers has continued to grow. That’s why today, I’d like to address the top cybersecurity threats outside the network perimeter. Can you tell us about your founding story, Alastair?
Alastair Paterson: That’s exactly why we set up Digital Shadows (now ReliaQuest). We were worried about companies’ expanding digital footprints outside the perimeter, particularly as they’re adopting the cloud, mobile and social media as part of their digital transformation. We monitor their digital footprints and identify risks to their business. Are they leaking data online? Are fraudsters impersonating their brand online? Do they face threats on the dark web, criminal marketplaces, or discussion forums?
Ryan Floyd: How much of the current risk is down to the individual employee or the company?
Alastair Paterson. I think the employees are part of the attack surface in many ways now.However, we’re looking at these threats from a corporate perspective.That does includeVIPs across the business, but employee-led risk constitutes just one part of their overall exposure.
On the question of how to prevent data leakage, it’s important to remember that much of it is accidental. Sometimes employees post things online that shouldn’t be there, for example engineers sometimes hard-code passwords into their commits into coding sites like Github, leaving them accessible to attackers. VIPs are targeted and employees are having their credentials breached and leaked online. We closely monitor all of these risks.
Ryan Floyd: After the pandemic, we’re all working remotely, and the attack vector is more serious than it was before. I have lots of individuals at home on my own network, and I worry about the exposure this creates. What trends have you noticed recently?
Alastair Paterson: I think the pandemic has accelerated forces that were in play already. Yes, there is more remote working. Today, everybody is outside of the perimeter. They have been for the last couple of years. There has been a clear trend of VIP exposure. People accustomed to working from corporate networks, with robust IT security around them, were suddenly stuck at home figuring out how to make VPNs work.
More than ever, companies need to understand their attack surface. We’ve seen a definite increase in phishing attacks against VIPs, as well as accidental exposure to businesses.
Ryan Floyd: Not long ago, you could simply walk down the hallway to assign tasks to a colleague or employee face-to-face. Now, everything is happening online or by email. The potential has grown tremendously for bad things to happen.
Alastair Paterson: Yes, and I think that’s particularly true for legacy companies that were forced to adopt the cloud very quickly, sometimes overnight. They don’t have cloud IT expertise on hand when they need it now, just at a time when security issues for cloud computing and the mobile digital platform are more critical than ever.
It’s a different world, with a different set of risks. The current ransomware epidemic has brought the dark web to public attention, but I would urge people to avoid scary hype and keep that threat in proportion. The most active criminal sites are still on the open Internet.
Ryan Floyd: People forget that security impacts sales and engineering, too. It’s an issue that hits every part of the organization.
Alastair Paterson: Yes, and that’s partly why, if you’re attempting to sell to the biggest companies in the world today, you’re sure to be faced with security assurance questionnaire. An answer like, “I don’t have one of those” simply won’t cut it! The big guys are worried about third-party risk. You’re part of their supply chain, and they’re sharing sensitive information with you. How do they know you can be trusted with their data?
To make the sale today, you need some kind of security program in place. The better it is, and the more accreditation you have around it, the quicker you can move through the sales cycle.
Ryan Floyd: Most people think of phishing attacks as largely unsophisticated and easily identifiable. But today, they are very cleverly directed at VIPs and other high-value targets. We know the consequences of phishing attacks can be very severe. How should companies tackle that threat?
Alastair Paterson: With phishing, the level of sophistication has increased significantly. But you’d be surprised at the effectiveness of even the more unsophisticated phishing attacks when they’re carried out at scale. The digital footprints left by companies online can be used against them.
We know there have been a lot of data breaches. In fact, we have a store of 25 billion credentials. Criminals with access to the right information can build that into automated tools and scripts that are readily available online, launching attacks against their target using the credentials released in other data breaches.
VIPs are often targeted with a so-called spearfishing or whaling attack. For example, if criminals know the CEO is on vacation, they could email one of her employees pretending to be the CEO and ask them to transfer some money. If the CEO has intermittent access to their inbox or cell phone outside of the office and is hard to reach, employees may be unable to double-check with them before complying. Attackers re good at making it seem urgent and will research them in advance to make the comms more plausible, even find their favorite sports team or other pastimes to reference in their emails. There are many different ways to build a more convincing case by exploiting the information freely given online.
We’ve seen some interesting examples. An Italian football club was persuaded to send the transfer fee for a new player to cybercriminals rather than the receiving club. The attacker knew the established format for transfer documents, so they sent a copy with their own bank details.
In another attack on a construction company, criminals approached some low-level accounting people for a list of overdue invoices. The attackers then wrote to all of those creditors, impersonating the debtor but forwarding their own account details, warning them that they were overdue. The targets were rushed and didn’t check. In this way, the bad guys made a ton of money without having to cross the bar of getting the CFO to sign off on a big transaction directly.
Ryan Floyd: I understand that finance is your number one vertical, with tech second. Why is the tech sector so attractive to attackers?
Alastair Paterson: Anybody holding sensitive data is a target. Above all, you need an incident response program in place and to understand your attack surface, your assets, and your infrastructure. You must plan ahead for all eventualities and know what you will do when a breach occurs.