UpGuard BreachSight

BreachSight extends the capabilities of CyberRisk to search for your publicly exposed data including PII, credentials, and source code.

UpGuard BreachSight

Problems

Data
Data Leaks

The ways in which data can leak are ever-evolving and require dedicated tools and personnel.

Digital
Digital Reputation

Publicly exposed source code, credentials, and data provide fuel for attackers.

Multiparty
Multiparty Breaches

Exposed data often implicates multiple parties, complicating the notification process.

Our Solution

Keyword
Keyword Crawling

IP attribution doesn’t find exposed data. Our proven keyword methodology does.

Leak
Leak Notification

Combining automated and manual techniques, BreachSight alerts you to exposures first.

Disclosure
Disclosure Facilitation

Invite affected entities into your BreachSight instance to track the remediation process.

download data sheet

Features

Automated
Automated Daily Crawling

The BreachSight engine continuously searches for sources of exposed data.

50+
50+ Custom Sources

BreachSight examines common leak vectors like S3, GCS, Rsync, and more.

Unlimited
Unlimited Keyword Support

Search for leaked data related to any part of your business that you want.

Data
Data Identification

Detection algorithms locate credentials, source code, certificates, PII, and more.

Dedicated
Dedicated CyberRisk Analyst

Potential findings are vetted by an analyst to confirm data provenance and risk.

Direct
Direct Support Number

Contact us via phone, email, or chat to answer any questions.

Leak
Leak Attribution

Risk analysts help determine the party or parties responsible for exposing your data.

Multi
Multi Party Disclosure Support

UpGuard facilitates communication to affected parties to close the exposure lifecycle.

CyberRisk
CyberRisk Data Refinement

BreachSight builds on your CyberRisk account to intelligently search for your exposed data.

Monthly
Monthly Reports

In addition to timely notification for critical findings, your analyst provides monthly updates.

FAQ

What constitutes a keyword?

A keyword for your organization could be a product name, your company name, your holding company’s name, a project name or even a company image. You do not need to provide generic keywords like “password.” These are built into the BreachSight engine.

What types of things do you look for?

We look for a variety of different types of data: passwords, API keys, email addresses, certificates, general PII, and source code just to name a few.

Do you track the dark web?

No we don't; all of the discoveries we've made are available on the public internet, and are typically found through our processes without using hackers or aggressive penetration testing techniques. Our goal is to stop data exposures before they lead to breaches and information trading on the dark web.

Do you disclose to the media any of the breaches you've found through BreachSight?

No, we do not. It's our customers responsibility to disclose disclosures to relevant authorities.

Can I subscribe to the product If I am in a U.S. sanctioned country?

No.

Can I subscribe to BreachSight if I don't have a CyberRisk account ?

No, the data used in CyberRisk enhances BreachSight by providing a baseline of keywords that increase accuracy.

Can I contest a finding?

Of course. Attribution is often one of the main challenges that our cyber risk analysts face when working with discovered data sets. Working with companies who are BreachSight customers provides an effective and confidential method for analysts to work directly with the people who can confirm or guide data attribution.

Will anyone else see this data?

No, We do not share BreachSight data within our platform with other companies or customers. Our multiparty disclosure methods are built specifically to allow for multiple parties to be aware of their implication in a breach without compromising other affected entities.

Will breachsight findings affect our CSTAR score?

Yes, findings for which you were directly responsible could affect your score. If your data was leaked by a third party, however, it will instead reflect on their score.

Do you integrate with other GRC or Risk suites?

Yes, we have an open API that can enhance third party datasets. Please contact us to discuss how you would like to integrate.