ID Agent CEO Kevin Lancaster says the world is a different place in the aftermath of security breaches at the U.S. Office of Personnel Management (OPM) and other high-profile targets. Today, nearly everyone’s personal information, including date of birth, social security number, mother’s maiden name and home address, is already widely available for a price on the dark web.
(If you don’t believe me, then read what cybersecurity experts Brian Krebs has to say on the number of individuals that have been breached.)
Since there's no way to reclaim compromised data, the best any business professional or private individual can do to protect themselves is invest in technology that proactively monitors their compromised personal or customer data.
Enter ID Agent. The company, which is based in Bowie, Maryland, provides markets a variety of solutions for monitoring data and more. Its SpotLight ID technology, for example, helps MSPs, resellers and channel partners deliver personal identity protection to customers. The company bills itself as “the channel’s leading provider of dark web monitoring and identity theft protection solutions.” It competes with a variety of companies including Recorded Future, AlienVault, Spy Cloud and others.
If you’re not familiar, ID Agent’s flagship product, Dark Web ID, delivers dark-web intelligence to identify, analyze and monitor for compromised or stolen employee and customer data. The company’s aforementioned SpotLight ID, meanwhile, provides personal identity protection and restoration for employees and customers “while enhancing their overall cybersecurity awareness as well as further safeguarding corporate systems.”
Together, they offer a powerful one-two punch that more channel companies are turning to. Here’s some background on the company.
ID Agent’s roots date back to 2009 when company founders began developing technologies and techniques to respond to breaches. Since then, the company has sold its technology to various intelligence and defense departments within the federal government, including the DoD. The company was also tapped by the OPM to help sort things out after it was breached in 2015. (ID Agent provided credit monitoring to those OPM employees who were impacted.)
In the aftermath, Lancaster spent the better part of a year on Capitol Hill trying to educate legislators and staffers on the wave of issues that would result from deep, widespread data breaches, be they carried out by cybercriminals or nation-states. When Lancaster explained to both government and Fortune 500 chief information security officers (CISCOs) that hackers already had all of the personal ID data of almost everyone they employed, he was met with hostility.
“The CISOs felt attacked, like we were accusing them of doing something wrong,” says Lancaster. “Our stance was to help them understand that their employees were using their credentials on Dropbox, LinkedIn and more to do things like enroll their kid into a soccer program, etc. All of this activity, we knew, would eventually lead to some compromise. And that’s the message that we took to the market.”
At first, Lancaster says, the work felt beating one’s head into a wall. But then ID Agent attracted some early adopters. Banks, leading law firms and other forward-leaning organizations starting listening. Then a year ago the company made a strategic decision to sell through MSPs and other channel companies exclusively. At the time, a colleague of mine wrote an article in MSPmentor entitled, “Firm Offers 'Affordable' Dark Web Monitoring for MSPs.” When the article published, ID Agent worked with just two MSPs. Since then, it has recruited more than 800.
After developing its platform, ID Agent found its home in the channel.
“We like to think of ourselves as a nine-year, overnight success,” says Lancaster. “We’ve able to show MSPs how, with our technology, they can position themselves as the canaries in the coal mine.”
One of the things MSPs have liked about the company’s technology is its ability to use the company’s platform as a prospecting tool. With it, they can mask customers passwords, run a report and then visit their customers’ locations and show them vulnerabilities well beyond their Exchange servers.
Looking forward, the company expects regulatory initiatives including Europe’s GDPR and California’s Consumer Privacy Act to strengthen its hand.
“To this point, most MSPs have not had to understand the breach of privacy laws. But GDPR is a shot across the bow,” says Lancaster. “It’s transformative, not just another regulation. Since its passage, self-reporting under GDPR has quadrupled.”
Blame OPM, Experian and Target, or, moreover, the criminals that breached their systems. Regardless, the reality is protecting business customers today is as much about securing the credentials and activities of their individual employees as it is monitoring the vulnerabilities and lax practices of organizations. That why new security solutions that go well beyond firewalls and BRDR to new areas such as breach protection and dark web monitoring are becoming ever more important.
Employers in regulated industries are waking up to the new reality; small business will likely be next.