Digital risk protection (DRP) refers to practices and technologies that protect digital assets from risk. But isn’t everything we do in security about protecting digital assets from risk? Yes. But DRP covers new modes of threat and attack, focused on monitoring and identifying external threats that may be difficult to spot without cyber threat intelligence (CTI) and related processes.
DRP extends beyond the boundaries of the enterprise to anticipate threats before they reach the internal network. In that way, DRP stands in contrast to date security posture technologies such as threat hunting, threat monitoring, data threat analytics, data monitoring, and user intelligence technologies—all of which support a proactive, internal program designed to protect against data extortion and exfiltration.
This article explores DRP, why it matters, and how it works. It looks at external risks such as data breaches resulting from stolen credentials on the dark web or from spear phishing attacks. DRP is also about discovering and tracking external indicators of compromise (IOCs) that may be impossible to discover without advanced detection algorithms.
The Importance of DRP Solutions
DRP solutions handle the challenge of discovering risks by monitoring the entire digital estate as well as numerous external sources of data. They create a map of digital assets comprising the attack surface. Monitoring spans the public “clear web,” the normally impenetrable “deep web,” and the hidden, encrypted “dark web.” As the DRP solution discovers risks, it executes processes to mitigate them. This may be done in concert with existing security systems such as those that handle security orchestration automation and response (SOAR).
Why are digital risk protection services and digital risk protection software necessary? The answer is that the threat environment has grown significantly more serious and sophisticated in recent years. In parallel, digital transformation has created new vulnerabilities. For example, a company that has migrated its core systems to the cloud, while simultaneously shifting to a hybrid work strategy and outsourcing, may find itself exposed to risks it has not encountered before, e.g., attackers using malware to compromise new vendors, who then attack cloud assets by posing as that vendor’s employees.
Alternatively, attackers could buy stolen login credentials on the dark web and then use them to access the target company’s email accounts. They use this access to perpetrate a spear phishing attack. Armed with knowledge of the target company’s employees, the attacker can impersonate the chief financial officer (CFO). The fake CFO, claiming to be “working from home,” can request urgent wire transfers from an unexpecting underling. This is what happened to a Hong Kong finance firm, which was defrauded of $25 million in early 2024 using this technique in conjunction with deepfake technology. CTI, key to success with DRP, takes on the challenge of proactively identifying the threat and countering it. In this case, that might mean discovering the existence of stolen credentials on the dark web. It could also mean engaging in phishing detection and flagging suspicious activity before the attacker succeeds in impersonating the CFO.
Core Components of Digital Risk Protection
DRP’s core components range from monitoring the dark web to understanding the attack surface. Each component depends on several underlying principles, of which automation is arguably the most important. Automated processes are the essence of DRP. Every element of DRP depends on continuous, never-ending cycles of automated monitoring, data ingestion, analytics, and response. People are involved, of course, but DRP can only function effectively with extensive automation.
Making Progress Toward Reducing Digital Risk
As digital transformation expands the attack surface, organizations face new risks from threat actors operating outside traditional defenses. Digital risk protection (DRP) helps security teams detect and mitigate external threats like phishing campaigns, brand impersonation, and data leaks before they reach internal systems.
To effectively reduce digital risk, companies should:
Map and monitor the full attack surface across SaaS, mobile, and third-party assets
Use web monitoring to detect spoofed domains and brand impersonation
Scan the deep and dark web for leaked credentials, stolen customer data, and threat chatter
Integrate threat intelligence for early warning of threat activity
DRP Solutions for Businesses
DRP solutions for business vary in terms of functionality, but their overall purpose is the same. Whether they work independently, or as part of an integrated whole with solutions for data protection, SaaS data security, AWS security, Azure protection, and the like, their purpose is to discover threats that exist beyond the reach and visibility of standard security tools like intrusion detection systems (IDS) and endpoint detection and response (EDR).
For example Rubrik can help reduce data risk for Azure Stack HCI and for Azure VMs stored on Rubrik Cloud Vault. The solution offers Sensitive Data Monitoring & Management, which discovers sensitive data and flags it for protection. It can also help determine the scope of a cyberattack through its Anomaly Detection feature, which identifies deletions, modifications, and unexplained data encryption.
In general, DRP solutions for business also have the objective of protecting cloud data. Operationalizing this goal means doing things like fraud protection, malicious app identification, and leaked credentials monitoring–all of which could expose cloud data to malicious actors. The DRP solution may help mitigate supply chain risk, perhaps working in conjunction with other application security (AppSec) tools, such as code scanning solutions.
The Role of Security Teams in DRP
DRP is a team sport that typically involves multiple groups in the security organization as well as IT. These include application security (AppSec), data security, and network security. Other departments, like legal and compliance, should also be involved in realizing the goals of DRP. Each group has a role to play, so cross-team collaboration is important.
Addressing Supply Chain Risks
DRP solution can help spot indicators of supply chain risk, such as malware-laden open-source code that’s discoverable “in the wild,” e.g., in open-source community code repositories. The DRP solution can feed what it discovers into code scanning and other AppSec tools to help DevOps teams identify and remediate compromised code before it can trigger a supply chain attack. For this to work, teams working across security and DevOps must cooperate.
Protecting Against Data Breaches
One of the greatest challenges in dealing with data breaches is the fact that the breach often goes unnoticed for a long period of time. Months can go by without anyone knowing that an attacker has exfiltrated sensitive data. A DRP solution can solve this problem by searching for leaked data on the dark web.
Managing Digital Risks with DRP
The various teams tasked with DRP need to come together to devise a comprehensive risk management strategy that includes the use of DRP software. Done right, this process will drive improvements in security posture and reduce the impact of threats.
Making Progress Toward Reducing Digital Risk
The evolving, increasingly hidden and external nature of today’s cyber threat landscape makes it imperative that organizations pursue some form of Digital Risk Protection. The need is particularly urgent given the broad push for increased digitization of business. DRP solutions offer a way to mitigate threats like spear phishing, malicious apps, and more. As digital strategies become of paramount importance, DRP emerges as an essentially non-negotiable capability to possess.
Making DRP a reality requires a multi-phased process. It starts with a review of existing security controls and countermeasures and an assessment of how well they mitigate risks from the full spectrum of digital risk. From there, it’s about determining the highest priority areas of the attack surface to defend. It is only at this point that one can make informed decisions about selecting and implementing a DRP solution. After deploying the solution, it is possible to expand its scope of digital risk protection.