Open Source Threat Awareness Comes Out Of The Shadows

Even for the largest organizations, threat awareness is a serious challenge. How can you tell whether sensitive corporate documents have been leaked online, or if someone is impersonating and undermining your brand online, without committing significant numbers of people to finding out?

Digital Shadows aims to make this process much easier. Its flagship product, SearchLight, automates as much of this time-consuming process as it can. For the tasks which can’t be automated, it has a skilled team of researchers and analysts.

Based jointly in San Francisco and London, and with a recently opened third office in Dallas, Texas, Digital Shadows is enjoying a prolonged period of growth. Earlier this year, it concluded a Series B round of funding, during which it at attracted $14 million led by Trinity Ventures. This follows an earlier Series A round in 2015, led by Storm Ventures, where $8 million was pulled in.

According to the company, it is in a process of scaling upwards. It expects to reach 100 employees by the end of the year.

There’s certainly a market for a cyber situational awareness product like SearchLight. According to VP of security strategy Rick Holland, Digital Shadows has already signed more than 60 contracts for it. Financial services were the natural vertical to initially target, but the company has since signed a number of contracts in a diverse mix of organizations including insurance companies, financial institutions, agricultural firms – even a candy manufacturer.


Searchlight works by taking details from a client – email addresses, executive information, document markings, building plans – and then trawling through the dark and light web for traces them. It’s fully automated, and uses open source intelligence. It doesn’t pay for credentials

Once its findings have been aggregated and verified, Searchlight will then generate a report. Most customers receive this via email, but it’s also possible to get it through the SearchLight web portal, or the API. Digital Shadows provides a HTTP REST based API for vendor and client integrations.

When SearchLight identifies a piece of leaked corporate data, it will allow the user to send a takedown request through the app.

Tying this together is a web portal. This is a bit like iGoogle, or NetVibes, and features content aggregation about threats facing a particular corporation, vertical, or industry. This features information on threat actors, news, as well as potentially relevant calendar events.

In addition, Digital Shadows provides every client with eight hours of Request for Information (RFI) time per month, where an analyst will look into specific security threats.  A client could provide SearchLight with an email address or Twitter handle, and Digital Shadows will provide all the information it could find on that particular item. Clients can also use the RFI time for more strategic intelligence products including forecasting of threats against specific verticals.

SearchLight is in a seemingly endless spate of growth and improvement, with some of the biggest changes to the platform to come in Q3.

Digital Shadows expects to release an update to SearchLight, which will allow customers to get an even better understanding of their digital footprint. SearchLight will soon include Passive Infrastructure Monitoring to reveal details on hosts, services, vulnerabilities and expired certificates.

It also intends to launch a new domain fuzzing integration. This will attempt to find sites that use domain and typo squatting, and will identify phishing sites which target the customer’s brand.

Digital Shadows targets small and large enterprises alike. Typical buyers include CSOs, CTOs, CIOs, directors of security, security operations teams, as well as physical security, brand protection and data leakage teams.

Breaking The Fourth Wall

Perhaps the biggest strength of SearchLight is that it does the job of multiple products, but with the cost and management burden of just one. For overstretched IT departments, this is going to be a significant attraction.

It may be the case that vendors which focus on single tasks are best in breed. For example, MarkMonitor may provide better brand protection services. But SearchLight’s biggest strength is that it can offer a broader range of capabilities which will only enhance over time. With Digital Shadows having pulled off not one, but two successful funding rounds, and expanding its workforce to over 100 employees by end of year, this process may accelerate.

However, the threat intelligence space is a crowded one, and Digital Shadows are coming up against some entrenched incumbents, like iSight/FireEye, RecordedFuture, BitSight, Cyveillance/Looking Glass. For it to thrive, it will need to continually innovate and differentiate itself.

With Digital Shadows increasingly targeting the Global 1000 down to SMBs, it could benefit from segmenting its product, in order to be affordable to IT departments with lower budgets. This airline-style pricing model typically performs well for SaaS providers.