We are reprinting here the blog from Beyond Search - News and information from ArnoldIT.com about search and content processing - by Stephen Arnold, the author of the book the Dark Web Notebook.
“Sixgill” refers to the breathing apparatus of a shark. Deep. Silent. Stealthy. CYBERSIXGILL offers software and services which function like “your eyes in the Dark Web.”
Based in Netanya, just north of Tel Aviv, Cybersixgill offers services for its cyber intelligence platform for the Dark Web. What sets the firm apart is its understanding of social networks and their mechanisms for operation.*
Cybersixgill's Dark-i System
The company’s primary product is called “Dark-i.” The firm’s Cybersixgill Website states that the firm’s system can:
- Track and discover communication nodes across darknets with the capability to trace malicious activity back to their original sources
- Track criminal activity throughout the cyber crime lifecycle
- Operate in a covert manner including the ability to pinpoint and track illegal hideouts
- Support clients with automated and intelligence methods.
The Dark-i system is impressive. In a walk through of the firm’s capabilities, I noted these specific features of the Dark-i system:
- Easy-to-understand reports, including summaries of alleged bad actors behaviors with time stamp data
- Automated “profiles” of Dark Web malicious actors
- The social networks of the alleged bad actors
- The behavior patterns in accessing the Dark Web and the Dark Web sites the individuals visit.
- Access to the information on Dark Web forums.
Details about the innovations the company uses are very difficult to obtain. Based on open source information, a typical interface for Cybersixgill looks like this:
Based on my reading of the information in the screenshot, it appears that this Cybersixgill display provides the following information:
- The results of a query
- Items in the result set on a time line
- One-click filtering based on categories taken from the the sources and from tags generated by the system, threat actors, and Dark Web sources
- A list of forum posts with the “creator” identified along with the source site and the date of the post.
Sixgill Cyber Threat Intelligence system vs. other CTI vendors
Compared with reports about Dark Web activity from other vendors providing Dark Web analytic, monitoring, and search services, the Dark Web Notebook team pegs Cybersixgill in the top tier of services.
Despite the sparse information available from open sources about the company, I can hazard the following hypotheses:
- Unlike some firms which talk about in-depth intelligence expertise, the s Cybersixgill interface makes it clear that the approach is designed for operators and real-world intelligence professionals
- The detail available in the sample screenshot indicates that the s Cybersixgill system is in tune with investigators and intelligence analysts need for time-centric functions. s Cybersixgill appears to match, if not exceed, the Google- and In-Q-Tel funded Recorded Future service
- Useful features such as linking reports to cases and high-value one=click alert creation go well beyond the less robust systems from such companies as Digital Shadows and firms using Dark Web data to inform perimeter security service vendors like YBS or AlienApp from Alien Vault. These competitive services do provide useful functions, but s Cybersixgill has packaged functionality in a service which is useful with little or no training.
For more information about Cybersixgill, the Dark Web Notebook team suggests you contact executives at the company via LinkedIn or by visiting this page on the company’s Web site.
* Note: There is a company in Santa Monica which offers Internet of Things products and services. When you look for the Israeli company, be sure to search for “Cyber Cybersixgill.”
Stephen E Arnold, December 14, 2017