What is our primary use case?
Our main use cases for Digital Shadows are mainly using it for threat intel. For instance, we have our domain listed on Digital Shadows. Whenever we see any sort of impersonation domain registration, the usage, changes in their DNS entry, IP address, that is one thing. We use it for senior management threat intel. If we find any sort of impersonation name registration or LinkedIn profile or any kind of feeds someone is posting for our CEO or CTO, we monitor that.
We have the use case around product related detection. If someone is trying to defame our antivirus product or our firewalls, claiming they can bypass our product by putting that information on the Dark Web, we monitor that.
What is most valuable?
I find most of the features in Digital Shadows to be really good because impersonation domain alerts are useful. If someone is trying to do impersonation or they are taking our dangling DNS into their custody, that would cost us in dollars as well as cause reputation damage. Impersonation is always a priority. At the same time, if someone is claiming they have tactics which can bypass our antivirus, that is something our team needs to validate unless their claim is correct. We also need to pivot how someone is claiming, who is claiming, is it a legitimate source. If it is a legitimate source, then it should come to our VRN project. If someone is trying to defame us or if a competitor wants to defame our reputation, they just post it on the Dark Web claiming that a company's product is not good and that there is a bypass. There are many use cases that we feel are really required from a monitoring or security perspective.
Digital Shadows helps our organization identify and mitigate cyber threats through their crawling of the internet. Most of the things are available on the internet, but it is impressive that they have built a product to crawl all this information and put everything in one glass. Digital Shadows is using a number of tools, some of which are free and some paid, to gather information, pivot it, and then send those alerts to us which we monitor from our SIEM tool.
What needs improvement?
I do not rate Digital Shadows a nine or ten because there are many things that need improvement. The information we get is kind of generic. For instance, for impersonation, we don't have much detail on their history, when it was used or how it was misused. Those further details would be really helpful, but the information we receive is basic, such as when it was last registered and when it was updated, without more insight about the malicious factors.
For basic support from Digital Shadows, my impression is that it is six to seven because many times we see duplications or bugs, and the quality of the alerts is not up to the mark. We have escalated many times, but we do not receive solid responses from them in terms of fixes.
Digital Shadows should focus on the engineering side rather than the support aspect because support is there to help us get updates, but in terms of quick fixes, it is not as responsive. The need for improvement lies more with the engineering part in fixing issues, which is linked to support.
For how long have I used the solution?
I have been working with Digital Shadows for around six years.
What do I think about the stability of the solution?
I do not think we have faced any issues with stability; we have not encountered any stability problems.
What do I think about the scalability of the solution?
Regarding scalability, I would not say that Digital Shadows is the most scalable option because the scope of their services is limited given the current landscape of threat intel. It is a bit higher compared to what we receive from Digital Shadows, so they definitely need to expand the number of use cases covered and provide more insights about alerts. It is not highly scalable, but there is potential to increase the scope from Digital Shadows side.
How are customer service and support?
We do not often consult the technical support of Digital Shadows. We configure the system ourselves and only ask for basic support in terms of documentation.
How would you rate customer service and support?
How was the initial setup?
Setting up Digital Shadows is not that time-consuming or complex; it is easy to set up.
What about the implementation team?
We did not use an integrator, reseller, or consultant for deployment; we did it ourselves.
What was our ROI?
The main benefit that my company gets from Digital Shadows is about reputation and cost savings. It definitely saves us a few bucks. For instance, if we were not using Digital Shadows and we received an alert from a security researcher saying that one of our domains is being impersonated or has an old DNS entry tied to another owner, we would need to pay a bug bounty to the researcher. If those cases increased, it would drive our costs up, and if there was a security breach, it would cause production downtime and reputation damage. There are multiple aspects to consider without using threat intel.
What's my experience with pricing, setup cost, and licensing?
Regarding the cost of Digital Shadows, I think prices are a bit higher. The information provided is already available; some of it is paid information. However, considering all the information they provide, the price for the service is on the higher side. If someone wants to build the same sort of detection or use case, they likely do not need to pay as much as what Digital Shadows is asking for the service.
Which other solutions did I evaluate?
I have evaluated other, cheaper options for threat intelligence solutions before working with Digital Shadows. We also do our research for impersonation domains, threat activity, and crawling information about products, which is something we accomplished through our automation use case. Therefore, we do not need to rely solely on Digital Shadows, as we can gather all that information ourselves.
What other advice do I have?
I have used SearchLight for vulnerability detection in this product. That is something we use when we find any sort of incident where we want to do further investigation. We use SearchLight to get more information from the Dark Web.
In assessing the effectiveness of Digital Shadows in terms of monitoring for data leaks and protecting intellectual property, I would say from one to ten, it is about an eight. Most of the things are available on the internet and even though we can build our own detection product, it's still effective.
We use Threat Actor activity analysis from our SIEM tool because it is integrated with Digital Shadows. Wherever we have an alert, we check the logs that we pull from Digital Shadows. If the detailed logs are not there, we reach out to Digital Shadows support for more information. Sometimes, they do not have the information readily available, and they need to dig further to provide it.
I would recommend to those planning to use Digital Shadows that if someone wants to do the initial use case detection, they can go with Digital Shadows. However, if a company is looking to expand and is already doing more with threat intel, they may find that Digital Shadows is more basic than what they need. For beginner companies, I think it is acceptable.
I would say the total rating for Digital Shadows would be an eight or nine for beginners or SMBs. However, for someone who has been doing threat intel for the past five years or more, I would rate it around five to six.
Overall, I rate Digital Shadows an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
