Crossword Cybersecurity has completed a project to expand the scope of its services with CCN-CERT, the Information Security Incident Response Team (CERT) of the National Cryptologic Centre in Spain (CCN), which is accountable to the Spanish National Intelligence Centre. CCN-CERT has expanded its use of Crossword’s cloud-based breached account mining platform, Trillion, to protect its entire public administration, including its education sector. Trillion is Crossword’s breached account mining platform, which continuously tracks, correlates and analyses billions of stolen usernames and passwords.
Back in 2020, during the height of the Covid-19 outbreak, CCN-CERT needed to act immediately to further enhance the security position of its national health infrastructure. The head of the cybersecurity department at CCN contacted the Trillion operations team after its global offer of support to help protect digital identities within health services. In a matter of hours, the team at CCN was given access to Trillion, every health organisation across Spain was configured in the platform and breached credentials data was being fed back into the CERT.
Protecting a whole public administration
After a period of successful operation across the health sector, CCN-CERT decided that a wider scope for Trillion would provide even greater visibility of digital identities, such as account usernames and passwords, that may have been leaked from third parties and shared for exploitation by criminals.
Crossword collaborated with the CERT to implement new features which would enable it to extend the use of Trillion to local Government departments and organisations, while still maintaining a central, national view within the CERT. At this scale, it was critical that Trillion was able to deliver the data both locally and nationally when it mattered.
Trillion, with the new features, was rolled out over the following weeks. CCN-CERT invited hundreds of local authorities, municipalities, town halls and central government departments to come on board using simple automated signups, which took a matter of minutes to complete.
Trillion is now monitoring hundreds of organisations, thousands of domains and reporting leaked data on hundreds of thousands of public workers across Spain.
Jon Inns, Product Director for Arc and Trillion, comments: “Protecting large, distributed organisations, such as the public sector, where many individual entities exist is one of the more challenging aspects of cyber security at scale. Working with CCN-CERT, we have used Trillion to create a strong layer of multi-tenanted visibility to help defend against credential misuse, while ensuring that it’s easy for organisations to participate and benefit, from universities to hospitals. Trillion gives a central view of threats and lowers the risk of public services being exploited through credentials based attacks.
“Crossword considers CCN-CERT a true business partner, and we learn as much from their feedback on our products as they do from our data. By listening closely to clients’ needs we are continuously enhancing Trillion to support the cybersecurity needs of organisations operating at the top of their game.”
Continuous protection against leaked credentials
Trillion is designed to support organisations of every size, from small businesses to large enterprises, Managed Service Providers and National CERTs, with continuous tracking, correlation and analysis of billions of stolen usernames and passwords.
It is proven to operate at scale for any organisation concerned about the potential impact of stolen credentials from third party data breaches, and provides the following benefits:
• Massive scale: Monitoring for credentials belonging to dozens or hundreds of domains can be initialised in minutes
• Multi-tenancy: Trillion’s architecture enables provisioning at a local level with parent or supervisor-like drilldowns for CERT teams
• APIs: Trillion has rich APIs enabling CERT teams to integrate with existing systems to reduce analyst time
• Privacy: Trillion enables your teams to work with the data in a safe environment without compromising the trust of your users and peers.
• Clarity: Trillion enriches data with assessments of accuracy and impact, saving valuable analysis cycles
• Instant on: Automated user enrolment and in-application configuration means you can start protecting even the largest environments, fast!