Skip to content

Use Case Blog: Threat Monitoring & Hunting

This is the first installment of a monthly use case blog focused on  what we do at Cybersixgill: threat hunting and monitoring on the clear, deep, and dark web.

Essentially, we have created a deep, searchable, data lake with unique access to the most secret and hidden places on the dark web. We have gained this access by infiltrating limited-access and invite-only messaging groups and forums, code repositories, and clear web platforms, where threat actors correspond about their latest conquests and upcoming exploits.

This allows us to collect and expose the earliest possible indicators of risk aimed at your organization, which puts your cybersecurity team in a proactive, defensive role because the team already knows what’s coming.

People like their platforms and programs, and sometimes it’s intimidating to entertain new solutions. Let’s take a look at how we onboard our new clients.

Map it out. Gather it up…

The first step is to gather an organization’s critical assets:

  • Domain names
  • IP addresses
  • Executives
  • Applications
  • Services
  • Third parties

The key is understanding the different applications and the vulnerabilities to which they are prone.. Once the CTI or IT department has mapped out all the critical assets, then that becomes the information we use to provide an organization with threat monitoring. The critical assets are uploaded into our portal and that’s the first step toward finding out if anything pertaining to your organization is already floating around on the dark web.

Find out what you don’t know and accelerate response time

Cybersixgill’s collection mechanisms are autonomous, and they work 24-7 capturing emerging threats, Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) as soon as they pop up. Oh by the way, they collect and keep all historical data too for risk analysis.

Alerts come in real-time allowing threat intelligence teams to level up and become more proactive by using our technology. Threats are immediately detected and communicated as soon as they surface.

We understand that it can be an intimidating process. Some potential clients worry that we find previously undetected, active IOCs or other signs that a system has already been breached – indicating that perhaps security isn’t as strong as was thought. It’s never easy to tell someone that they have active vulnerabilities, but we repeatedly find that the cybersecurity teams and analysts really want to see this. It gives them a huge advantage when it comes to cybersecurity.

Industry-wide threat indicators – Always up to date

When we do product demonstrations for potential clients in a broad spectrum of vertical industries, including retail, insurance, health care, financial services  – we can easily use our portal to pull up and show all the similar industry victims from the past two months.

Our purpose is to teach an organization that it can learn from other cybercrime victims how to better defend its own data against these same threats.

Threat actors may not be targeting your organization just yet. Still, through the Cybersixgill portal will be able to see what they are doing to similar organizations so you can be better prepared for what’s coming, while also monitoring for threats to your organization

Because our threat visibility runs deep, covertly scraping data from limited-access underground sources in any format, language, and platform, we are able to give you threat intelligence that is timely, accurate, and relevant.  If, for instance, tomorrow we signed on an automotive client, we’d be able to , in real time, plug them into the portal and show them everything we have already collected. We don’t need to change anything in our collection methodology, it’s already there. Additionally, our portal has a new community chat function where users can interact and share tips, ideas, and observations that may help other users in the same industry.

Ongoing training

The portal does not require a lot of training. We do a kickoff session that goes over everything in the portal, and then we address any specific areas and features an organization may need to really get rolling. Our DarkFeed is compatible with many of the standard cybersecurity systems out there, so it easily integrates into existing systems.

Let us know if you want more information about how Cybersixgill can help you stay ahead of cybercrime. If you would like a demo, give us a shout.

Comments

Latest