Social channels are an oft-overlooked area when it comes to information security. Social channels are left in the hands of marketing departments for customer engagement purposes.
However, the adoption of social digital tools for the purposes of conducting business is widespread and largely unregulated, creating a major area of risk for organisations.
If we look at the social frontier, it encompasses mobile, desktop, and cloud. Due to the consumer focus many of these have, it is easy to deploy tools with no oversight.
Because of these risks, we see social media breaches on the rise. Social Safeguard seeks to address this risk blind-spot.
Charlottesville, Virginia-based Social Safeguard was founded in 2014 by CEO Jim Zuffoletti and CTO Otavio Freire. The company has about 30 staff, claims over 40 fortune 100 customers, and raised a $3.9m venture round since 2015.
Most recently, in April 2018, the company announced former FireEye, McAfee, and Documentum CEO, Dave DeWalt as Vice Chair and investor.
Social Safeguard is delivered as a cloud-based platform from where it can connect to over 50 digital channels such as WhatsApp, Twitter, Skype, Slack, Instagram, Jabber and others.
The product seeks out all corporate social assets across various channels, it then pulls in data to conduct risk assessments, secure the known assets, and finally provides assurance through a series of tests.
It is designed to be transparent to the end user and marketing departments, rather the SOC, or security analyst would be the primary user, responding to alerts – all of which can be exported to existing tools such as a SIEM.
The product offers a variety of features designed to bring enterprise-grade capabilities to consumer products. For example, it can synchronise with active directory, so when a user leaves and is removed from AD, their credentials are automatically removed from any corporate social media account they had access to.
Similarly, a company can create a ‘gold image’ as to what its corporate accounts should represent. In the event of a suspected account takeover, where the profile picture and description of a Twitter account is changed, the platform automatically takes action to change the profile back to the approved version.
Timing is key when it comes to security. As security controls increase, they push attackers out to other areas. Remote working and BYOD have several security offerings to choose from. Cloud security has also greatly increased as CASB and broader security providers have increased capabilities and enjoyed healthy M&A activity.
However, the social media space remains relatively under-served. Uniquely positioning Social Safeguard to address this area of growing concern for many companies.
Opportunities exist for Social Safeguard to increase partnerships with security vendors such as SIEM’s or DLP products. Additionally, its presence could compliment the security capabilities and offering of managed security service providers, or managed detection and response.
It wouldn’t be surprising to see a large security vendor, or even a social media company look to acquire Social Safeguard for its ability to bring enterprise-grade security to this sector.