Key Capabilities / Features

Compass helps organizations proactively prevent ransomware by identifying definitive evidence of malware-infected devices, along with exposed users and applications that cybercriminals use to walk right into networks. As a result, organizations fill the gaps in their malware protection framework to detect and respond to high-priority threats.

In addition, Compass identifies infected devices and applications connected to an organization by monitoring malware records for the target domains and third-party subdomains an organization chooses. Once it identifies what has been exfiltrated by the infection, such as credentials and session cookies for critical business applications, security teams can understand the scope of the threat at-a-glance.

From there, Compass provides detailed information on each exposure to shortcut the investigation steps and enables teams to quickly implement Post-Infection Remediation (PIR). With insights such as malware type, user details, time, application and more, organizations can streamline the recovery process with PIR.

Other capabilities include:
Exposed Application View: view all third-party applications that were exposed by each infostealer, including shadow IT apps accessed with either personal or corporate email address
Managed Devices and BYOD: pinpoint the exact malware-infected managed or unmanaged device that was used to access corporate applications
High Fidelity Alerts: get definitive evidence that stolen data tied to your enterprise is in criminal hands, with alerts of new exposures
Interactive Graphs: visualize the scope of a potential threat, including infected devices, users, and applications with actionable details
Intuitive Portal: see thorough details of each infection, along with powerful visualizations that illuminate your remediation action plan
Stolen Cookies: view the count and name of stolen cookies associated with your monitored subdomain for the affected applications

How we are different

Industry Leading Research: In 2023, SpyCloud published its annual Ransomware Defense Report, analyzing trends related to ransomware and how businesses are responding to this threat. The report provided insight into common entry points for attacks, the most-used countermeasures, gaps in prevention and the financial impact of ransomware attacks. A key finding from the report indicated that 75% of security leaders are confident in their ransomware defenses, but 81% were affected by ransomware at least once in the past year, demonstrating the need for new approaches like PIR to help address the existing security gaps enabling these attacks.

Unmatched Intelligence: SpyCloud is known for curating, analyzing and operationalizing the industry’s largest repository of recaptured darknet data that fortifies ransomware prevention solutions. Powered by its unmatched repository of 560+ billion recaptured assets from the criminal underground, SpyCloud turns darknet data into actionable insights that quickly identify exact-match exposures, compromised passwords, stolen cookies and other identity data. SpyCloud’s scale of high-quality data is curated and enriched with a flexible and scalable API that enables action on evidence of compromise, further strengthening their unique approach to ransomware prevention.

Redefining Remediation: SpyCloud has pioneered a new remediation strategy, Post-Infection Remediation (PIR) to help organizations gain deep visibility into malware-exposed workforce applications, determine the identity of threat actors, and provide actionable steps to prevent future attacks like ransomware. This new approach better enables security teams to invalidate active sessions, reset credentials, and review users’ activity and access within each application.