Digital Risk Protection

Sapphire’s Digital Risk Protection: Illuminating the Expansive Attack Surface Beyond Technical Infrastructure

Digital risk is no longer defined purely by owned technical infrastructure. Risk spreads onto third-party platforms as organisations engage on social media, have accounts leaked onto dumpsites, near-to domains appear, and other public domain assets provide visible risk points. Having visibility of this essentially ungovernable attack surface is difficult.

Sapphire delivers industry-leading Digital Risk Protection solutions that provide organisations with visibility of this vast attack surface. By essentially automating many of the reconnaissance techniques carried out by an attacker, it allows organisations to understand how threat actors gather the intelligence to formulate attacks.

why Sapphire

Vigilant: Collect public domain threat intelligence about your organisation as an attacker does, but at scale, with access to advanced search functionality covering many digital platforms.

Dynamic: Receive alerts in real time as new threats appear to enable swift takedowns, mitigate data leakage, remove information from social media, and more.

Holistic: Understand more than just technological threats; also risks to brand and reputation, senior executives, employees, and domains.

Frequently Asked Questions

Digital Risk Protection (DRP) scans an organisation’s publicly visible attack surface, including social media and deep and dark web, to mimic the reconnaissance phase of an attack. It helps organisations to understand what an attacker sees externally.

To effectively protect an organisation against external threats, three components need to be incorporated into the Digital Risk Protection process, and they include:

i. Collection

Collecting this information in bulk and frequently is a full-time job for a specialist team. Unfortunately, this needs to be done regularly to stay ahead of attackers, which requires automation.

ii. Curation

Curation of the aggregate data set is crucial to isolating relevant threats and determining what risk they pose. Where Digital Risk Protection (DRP) uses machine processing and algorithms, these solutions can often score to improve relevance, reduce noise, and prioritise issues.

iii. Mitigation

Digital Risk Protection (DRP) is nothing without an effective mitigation process. Whether this is issuing take-downs to ‘near to’ domains or changing leaked email addresses and credentials, security teams must use the information effectively.

Digital risk capabilities have many use cases:

Domain Monitoring

The reliance on websites to sell products and grow brand awareness is significant. Unfortunately, websites and their associated domain names provide a vast and lucrative surface for attacks. This can result in cyber criminals acquiring ‘look-alike’ domains to target specific organisations. There are several ways in which an attacker can target organisations; these include:

Copycatting: a website that mirrors your existing domain; visitors are tricked into believing they are interacting with a legitimate website.

Piggybacking: Spoofed or look-alike domains of well-known brands, generally used to generate revenue from adverts.

Typosquatting and Homoglyphs: Typosquatting is a method that targets users who visit a website and do not notice that the URL contains misspellings. For example, rather than A homoglyph is another variant of domain spoofing; however, a character in the URL is replaced with a Unicode character that looks similar to a character from the Latin alphabet.

Executive Protection

Cyber attacks are often tailored to target a specific individual within an organisation. Executives, VIPs and other high-value targets are highly targeted with attacks through social media impersonations, account take-overs and business email compromise.

Social Media Visibility

Social Media is increasingly used to communicate with customers and employees and as a platform for organisations to grow their brand. As a result, the adoption of social media has increased organisations’ attack surface. Brand protection is paramount for any organisation, and traditional security tools do not necessarily offer visibility into public platforms.

Account Takeover Prevention

Attackers will look to bypass corporate controls and, as such, target social media administrator accounts. The impact of this type of breach can be significant. Safeguarding corporate and executive/VIP accounts is vital.

Data Leak Detection

Cyber criminals will use the deep and dark web to sell or leak stolen data. The ability to have visibility of the deep and dark web to monitor any mention of brand, executives or high-value targets is essential:

  • Identify credential theft
  • Identify data breaches
  • Protect customer data

Targeted Phishing

Phishing attacks are becoming increasingly sophisticated. Tactics such as Business Email Compromise (BEC) and fake giveaways are rife, and many users are susceptible or ‘click prone’. Deploying solutions that can identify phishing links, coupled with effective phishing testing, training, and awareness solutions, can protect against digital threats.


Spoofed domains, impersonated email accounts and fraudulent profiles on social media form an organisation’s digital attack surface. Attackers use the platforms to launch sophisticated campaigns, including:

  • Phishing attacks
  • Fraudulent activities targeting clients
  • Social engineering attacks
  • Sell or share data