ISACA Briefing
Presented by: John Schuller
jschuller@bdbrandprotect.com
©©BDProtect
2007
BDProtect Inc.
Inc. 2007
CONFIDENTIAL
CONFIDENTIAL
The Internet Paradox
With vast
Opportunity
comes significant
Risk
© BDProtect Inc. 2007
CONFIDENTIAL
Emerging Threats
 Impacting U.S. businesses today
 Area of risk which in a couple of years
will fall into traditional audit and control
criteria
 Standard controls for audit procedures
for Internet monitoring and attack
mitigation have not yet been developed
© BDProtect Inc. 2007
CONFIDENTIAL
Reputation Management
A holistic view of online threats
© BDProtect Inc. 2007
CONFIDENTIAL
GROWTH EVERY SECOND
2 New Blogs Created
7 People Logon For
the First Time
2 Million
e-mails Sent
7 PCs Sold
1,157 Videos
Viewed on YouTube
© BDProtect Inc. 2007
CONFIDENTIAL
11,000 Songs
Shared
Educate!
 Gartner predicts that by the end of 2010,
criminals will routinely use the Internet
to extort funds from organizations,
threatening to damage their corporate
reputation by ensuring that routine online
search requests will return negative or even
libelous results.
© BDProtect Inc. 2007
CONFIDENTIAL
Online Reputation Management
 Few companies understand the brand
implications of web based activities
 Even fewer have a real grasp on how to
deal with it
 This is not just a Google search exercise
© BDProtect Inc. 2007
CONFIDENTIAL
What issues do companies need to
address?

Identity Theft

Sales & Marketing effectiveness

Corporate Integrity/Image

Intellectual Property abuses
 Phishing & Malware
 Traffic Diversion
 Unauthorized Sales
 Channel Compliance issues
 Defamatory discussions
 Unauthorized Association
 Leaked documents
 Domains, Trademarks & Images
© BDProtect Inc. 2007
CONFIDENTIAL
Gartner
“Finding data and content is one obstacle,
but being able to quickly analyze and
prioritize its threat potential is critical,
given the large mounds of information
likely to be returned in a search for
offensive content”
Evaluating Brand Monitoring and Anti-Phishing Services: 10 September 2007: Aviva Litan and Arabella Hallawell
© BDProtect Inc. 2007
CONFIDENTIAL
The Internet “Wild West”: Impunity reigns…












Identity theft
Domain Names & Trademarks being “Hijacked”
Online sale of counterfeit products
Unauthorized agents posing as resellers
False endorsement claims
Traffic diversion schemes
Offensive association of brands with questionable activities
Reseller/agent/broker compliance issues
Corporate reputation attacks
Unauthorized logo use and defacement
Disgruntled employee commentary on blogs, message boards, etc
Document “leakage”
© BDProtect Inc. 2007
CONFIDENTIAL
State Department
 Recently commissioned five universities
to write operating controls for
managing and mitigating online threats
© BDProtect Inc. 2007
CONFIDENTIAL
Why companies need “Protection”
 Rights:
 Protect against Intellectual Property ownership dilution
 Revenue and Profits:
 Protect SEO, online traffic, channel effectiveness
 Reputation:
 “Erosion” due to impact on customer experience
AND…
 Allowing issues to go unchecked can lead to
irreversible damage, a reputation “Tipping Point”
© BDProtect Inc. 2007
CONFIDENTIAL
The “Tipping Point”
"If your business depends on a positive
Internet reputation, then you have little choice
than to explicitly manage that reputation
online. The Internet is like a bad-news Petri
dish; negative information multiplies and
spreads with frightening speed and becomes
virtually impossible to erase.“
Jay Heiser, Research VP
© BDProtect Inc. 2007
CONFIDENTIAL
Stella’s Story
 Stella Artois is one of the best Beer Brands in the World
 Until Recently it was the most popular Beers in England
© BDProtect Inc. 2007
CONFIDENTIAL
“Erosion”


Until some blogger
thought it would be
fun to associate the
Beer with a scene in
the movie:
“A street Car Named
Desire. “
Associating the brand
with someone who
beat his wife.
© BDProtect Inc. 2007
CONFIDENTIAL
The Tipping Point
© BDProtect Inc. 2007
CONFIDENTIAL
Disaster: Blogstorm!
© BDProtect Inc. 2007
CONFIDENTIAL
Brand Impact
 $400 million in lost revenue
 Overall damage to brand estimated at
$1 billion
 Storm went undetected for six months
 No controls or processes in place to
monitor Internet chatter, brand logos,
names, links, etc.
© BDProtect Inc. 2007
CONFIDENTIAL
Traffic Diversion
This website
http://www.investm
ent-fraudinfo.com/merrilllynch-fraud.html
hosts links that have
the Merrill Lynch
name in them but do
not resolve to the
Merrill Lynch page.
This infraction is
worse because they
are talking about
fraud on the
website.
© BDProtect Inc. 2007
CONFIDENTIAL
Unauthorized
Association
The website
http://www.shadowyf
ish.com/portfolio.htm
l is claiming to have
designed the Merrill
Lynch login page. If
this information is
not correct then they
are using your good
name and reputation
to sell their service
© BDProtect Inc. 2007
CONFIDENTIAL
Reputation Damage:
The website
http://www.dealbreaker.
com/2007/01/merrill_ly
nch_super_model_sex.
php is discussing a sex
scandal that took
place between a
Merrill Lynch employee
and a super model. It
is important to
monitor this discussion
to make sure it does
not get out of control
© BDProtect Inc. 2007
CONFIDENTIAL
Reputation Damage:
The website
http://jeffmatthewsisnot
makingthisup.blogspot.
com/2007/10/chippingand-putting-whilemerrill.html is
discussing an
executive playing golf
while the company
was in trouble. This
can be damaging to
the reputation of the
company and the
person.
© BDProtect Inc. 2007
CONFIDENTIAL
Protection benefits span the organization
 Marketing/Sales/Public Relations/HR
 Identify and address negative issues in a timely fashion
 SEO and Web Traffic immediate ROI!
 Channel partner compliance
 Legal
 Track compliance, trademark, confidentiality & counterfeit issues
 IT and Physical Security
 React immediately to threats against customers & facilities
 Investor Relations/Public Affairs
 Financial information disclosure
 Leadership/Risk Management
 Risk visibility across entire organization
© BDProtect Inc. 2007
CONFIDENTIAL
Case Studies
 www.bdbrandprotect.com
 Teck Cominco
 KitchenAid
© BDProtect Inc. 2007
CONFIDENTIAL
Who are we?
 Founded in 2001 (Pioneers this space)
 Privately held with Operations in US, Canada, Asia & UK
 A “Company to watch”





Winner Deloitte Technology FAST 50
Winner of Always On
Winner of Microsoft Technology Award
One of only 5 brand monitoring firms identified by Gartner
Only Member of F.I.R.S.T. in our industry
 Relationships with more than 2,000 global Internet Service
Providers that account for more than 85% of the traffic flowing
across the Internet
 Uniquely Positioned to Identify AND Eliminate Threats.
 Uniquely positioned to deal with both the Threat and the
Opportunity inherent with the Internet
© BDProtect Inc. 2007
CONFIDENTIAL
IERM (Enterprise Internet Risk Mitigation)
BRANDIMENSIONS
Social Media, Customer
Centric Organization
Consulting
BRANDPROTECT
BRANDINTEL
Online Reputation Magmt.
And Threat Protection
Early and Predictive
Business Intelligence
© BDProtect Inc. 2007
CONFIDENTIAL
Outsourcing versus in-house monitoring
Beyond purely reputation management,
any new initiative must demonstrate a
clear ROI with respect to:
 Higher quality of intelligence provided
 Cost effectiveness
 Ease of threat tracking & documentation
© BDProtect Inc. 2007
CONFIDENTIAL
Search complexity example
91,680 sites all linking to www.bmo.com (just one site)
 458 sites analyzed each day
 57 sites per hour
 3.82 FTEs (@$40K/FTE w/o benefits)
Cost Implications (if done in-house): $153,000
Assumes 200 days per year; 8 hour days; 15 sites /hour
 only review each site once per year!
© BDProtect Inc. 2007
CONFIDENTIAL
Analysis and prioritization
What about:
 Comprehensiveness
 Broad, Global search requires >> Google
 Continuous monitoring
 New sites come on all the time and infractions “pop up”
 Threat expertise
 What is potential impact of infractions?
 Filtering capabilities
 > 99% of returns end up as “False positives”
 Taking action
 Can Legal handle the volume (Can you handle the legal costs?)
 Do you have relationships with ISPs, authorities necessary?
 Forensics
 How do you capture data necessary for evidence, management and
even audit trail purposes?
© BDProtect Inc. 2007
CONFIDENTIAL
Building online knowledge since 2001
Own one of the world’s largest maps
of the Internet which consists of:





Over 300 million domains
Over 12 billion web pages or URLs
Over 90 billion links
Millions of images, logos, and documents
Over 300 million fetched/processed pages per
month
© BDProtect Inc. 2007
CONFIDENTIAL

© BDProtect Inc. 2007
BD-BrandProtect monitors a wide
variety of Internet sources and
captures raw data:

Custom feeds

RSS feeds

Search processor

Auction spider

BoardWalker™

ImageWalker™

LinkWalker™
CONFIDENTIAL

© BDProtect Inc. 2007
Algorithms then eliminate
irrelevant data and provide initial
categorization, scoring and
ranking of infractions.
CONFIDENTIAL

© BDProtect Inc. 2007
The streamlined data is then
closely examined by our analysts
and scored to produce
categorization records.
CONFIDENTIAL

© BDProtect Inc. 2007
Finally, the analysts use the data
to provide insight and deliver
actionable recommendations.
CONFIDENTIAL
Engagement Options

Executive Dashboard with
 Visibility over online “Footprint” and trending of online issues over time

Continuous Reputation Management Program
 Monitoring, Management, Measurement and Mitigation of issues
 “Readiness” program available to assess value over 90 day period

Threat Analysis
 Point in time study to assess likelihood and probability of being impacted
by online issues
© BDProtect Inc. 2007
CONFIDENTIAL
BD-BrandProtect advantage
 $40 million investment in technology, strategy and
operational efficiencies
 Utilizes a proprietary “learning” system that maps sites
of particular interest for future reference and allows for
unique value added services:
 Sub-domains, which are most often used in illicit activity
 Image, Logo, Document & other file tracking
 Discussion Monitoring
Your non-core process is our core competency!
© BDProtect Inc. 2007
CONFIDENTIAL
Contact Information
John Schuller
Regional Sales Manager
jschuller@bdbrandprotect.com
Office: (216) 267-6794
Cell:
(216) 526-7961
© BDProtect Inc. 2007
CONFIDENTIAL