Tracer Records

Spikes™ are tracer records planted in data. They ping home when used by bad actors.

Spikes can detect data breaches other intrusion detection systems miss.

10 mins and $10 a month = a new layer of security.

Benefits     How To     Use Cases     Pricing

Privacy Spikes: Intrusion Detection

What are Security Spikes™?

Tracer RecordSecurity Spikes are a new form of intrusion detection. Firewalls try to keep intruders out. Other countermeasures look for signatures or anomalies. Some analyze digital footprints after the fact.

Spikes work like the dye packs that stain bank robbers when they open the money bag. But Spikes use invisible tracers instead of dye. If someone steals from you and uses a Spiked record, alerts go out. Spikes allow you to know about some breaches earlier. They even catch breaches that would have gone undetected.

What Can Security Spikes™ Do For Me?

Detect Unknown Breaches

Your business is being breached and you don’t know about it.

It could be a hacker in your data, an employee siphoning leads, or a vendor abusing your customers.

Security Spikes can detect data breaches your other security layers miss.

Spikes are a cost-effective layer of protection for business small and large. Patent pending.

Identify Bad Actors

Security Spikes can help in the identification and prosecution of bad actors.

Several of the unique identifiers we generate allow backward tracing of a perpetrator.

We also document the unique profile of each Spike, to the blockchain in our premium plans, so you have independent third-party corroboration you can use in court.

Privacy Policy Compliance

Third-party attacks or incidents caused 21% of confirmed security breaches in 2018 – Forrester

That’s not the only risk. Data processors can act and do act in violation of your privacy policy or TOS. You still get the blame, especially post-GDPR.

Using Security Spikes adds a layer of security to your systems and theirs as well.

Test your vendors with Security Spikes.

Get a Bronze Spike Pack when you buy a Breach Survival Kit.  Kit Pricing

How Do Security Spikes™ Work?

A Unique Security Spike is Generated

A Spike is generated for you. The primary element is a monitored email address we call a tracer. All of the elements of the Spike together form an artificial identity.

Future releases will provide additional artificial identity elements and premium options like tracers for physical addresses, unique passwords and more.

The Spike is Recorded

We document the generated Spike plus any placement info you provide. This can be used later as independent third-party verification that a breach took place

Premium Spikes record documentation to a blockchain record. This record is public, but all identifying fields are obscured. All relevant Spike documentation is available via the Spike dashboard.

You Insert the Spike

You insert the Spike(s) into your data. Add the Spikes to your Customer database, your Employee database, your newsletter email lists, etc.

You can add records to databases by merely pretending to be a new lead or a new customer. You can insert them however you want – the Spike does not care how it gets into your data.

You can also get very technical with your Spike insertions. You can put Spikes into your database at the table level. If your database is segmented, putting one in each segment. If your database has access levels, insert records at each user access level. If you have data that goes to specific vendors, add Spikes to particular shipments.

Do remember when protecting your valuable data, the fewer people in the loop, the better.

Data Security Spike Flow

Download a PDF of the
Security Spikes™ Flow Chart

We Monitor, Alert, & Report

We send you alerts based on incoming traffic to tracers on your Spikes (current) and remote scans of tracers (coming soon for some Spike plans).

If you are inserting records into an active (hot) database, you may get alerts that you will need to disposition. Emails coming from outside your organization/domain(s) will register as a threat but could be innocent.

If you are inserting your Spike into an inactive (cold) database – one where no active marketing is happing – any activity may indicate a breach or a misuse of data.

Security Spikes™ are patent pending & only available here.
Act now and get them for a great price.

Security Spikes in Action: 3 Use Cases

Sales Impact

Your sales conversion rate has lower the last several months and you don’t know why. Maybe someone has there thumb on the scale:

Joe Spike Example
  • A Spike with the tracer joe@ourdiscretedomain.com is generated.
  • You insert the record in your sales database.
  • Someone steals your customer data and sends product offers to Joe. The offers are from one of your competitors.
  • We alert you that an entity hit your Spike, marketing services similar to yours.

Without a Spike in place, it’s possible you would never know your data was stolen. Your customers may not figure it out unless many experience fraud. Once taken, who knows where your data will end up? But you have Data Security Spikes in place and now you have better business intelligence.

  • You investigate and find that an employee was selling some of your leads to a competitor.
  • With the information from your investigation and the documentation of the Spikes, you settled the dispute and your competitor paid you off rather than go to court.

Data protection can affect your business in many ways. It’s not just about consumer privacy rights.

Hack We Never Knew

Sometimes you’ve been breached, and you just don’t know it. Hackers can be in your files for months or even years undetected.

That’s scary. Because if you don’t realize your systems have been penetrated, you can’t fix them, and you will continue to bleed.

Mary Spike Example
  • A Spike with the tracer mary@ourdiscretedomain.com is generated.
  • You insert the record in your marketing database.
  • Someone has hacked your systems and is taking your data, but since your financial data and passwords are encrypted they haven’t been able to do much with it yet.
  • They do have 30k customer records with email addresses and sell them off to a spammer.
  • We alert you that an unknown entity hit your Spike and spammed the Mary Spike with an offer for sunglasses.

Up to this point, you didn’t realize you had a breach. The hacker has been careful. Your security software is good, he/she got around it. You customers haven’t realized anything is up. As far as you know, no critical information has been compromised, but now you really need to investigate, because:

  • Since no one in the world knows about the Mary email address, you know beyond a doubt you have a breach.

The Vendor

Data processors require a lot of trust. We give them all of our data.

Mary Spike Example
  • A Spike with the email tracer ceo@ourdiscretedomain.com the phone tracer 614-999-1234 is generated.
  • You insert the record in your database.
  • You send this data to your processor to augment as part of a routine batch upload.
  • The next week we receive email and phone hits to the CEO Spike.
  • We alert you that someone is marketing to CEO Spike.

Since your Privacy Policy guarantees your clients that you will not sell their contact information, you have a problem. With the evidence, we present to you are able to prove that your processor is stealing your data. You cancel your contract and file a lawsuit, ultimately settling for a large payout. Knowledge is power.

Spike Lingo

Spikes are spiked records that we generate and you insert into your data. A record is considered ‘spiked’ if it:

  • contains tracers that allow monitoring and scanning
  • contains artificial identity info designed to obscure the tracers

Tracers are unique fields within a spiked record that allow us to monitor for activity. Generally, these are contact fields like email address, phone number, physical address, etc.

Artificial Identities are generated data points that flesh out a Spike so that it appears to be a normal record for a normal person.

Artificial Identities are used to hide tracers so that the Spike becomes effectively invisible. This is necessary because:

  • real data cannot be used
  • if the Spike doesn’t appear real, it might be disabled in by a person or a process

Alerts are email or SMS messages sent to you when a tracer has been used by an unknown entity. Alerts may indicate:

  • a breach
  • a privacy violation
  • a legitimate marketing contact

 

I really appreciate the ability to defend student data privacy.

My goal is to teach well. To do that I have to know these kids and the school has to collect data about them. That information has to be kept safe.

It seems to me that Security Spikes ought to be in every database.

Dan BrownElementary School Teacher

Sample Spike 5-Pack

 Spike 1  Spike 2  Spike 3  Spike 4  Spike 5
 Email Tracer  ASearcy@__.net  usmcbro@__.us  cor.marc@__.com  DerkBarb1994@__.co  MWhiteM2009@_.com
 Phone Tracer  206-528-5487  832-452-0643  315-273-5586 209-606-4738  914-379-5100
 First Name  Ariana  Bryson  Corrine  Derek  Emma
 Last Name  Searcy  Johnson  Marcellus  Barbosa  White
 Company  Ulbrich  Trak Auto  Flipside Records  Hamady Bros. Markets  Bresler
 Street  326 Beechwood Avenue  1132 Elliot Avenue  1601 Buckhannan Avenue  3986 Grasselli Street  1332 Pallet Street
 City  Piscataway  Seattle  Carthage  Dover  White Plains
 State  New Jersey  Washington  New York  New Hampshire  New York
 ZIP  08854  98115  13619  03820  10601
 Other  Taekwondo  SSN 125-26-9843  Married, with children  WU MTCN: 7399116037  Capricorn