How do you proceed with DarkWeb monitoring? Do you monitor it yourself or have you commissioned a service provider?

Security Strategy & Roadmap Security Security & GRC+1 more

760 views8 Comments

Sort By:

Oldest

CISO in Insurance (except health)3 months ago

Even if you monitor the dark web yourself with your security resources; I still recommend a service provider because when monitoring all channels and dark web for nefarious activity or planned activity against your company it is impossible to monitoring everything yourself. If you have never managed dark web monitoring platforms before it would be a good idea to wrap a managed service around dark web monitoring as well. Finally, when thinking about dark web monitoring the biggest question is how to operationalize true positive findings.
1. type squatting take downs
2. employee passwords found - how do you verify they are actual passwords and what is the process to change the password if needed.
A good platform with service provider will have the ability to perform take downs for you and use hashes to compare passwords on the dark web to your IAM platform with workflows to initiate chagne if needed.

Head of Protective Services in Banking3 months ago

To add to Glen’s comment, a service provider could also monitor for phishing websites, stolen credentials, impersonation of C-suites, brand protection, etc and they normally comes with take down services.

CISO in Software3 months ago

We do both. We subscribe to a service, receive a feed and monitor through the service.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

CISO3 months ago

A couple of things to consider. It’s likely Dark Web Monitoring is prohibited by corporate policy and it’s probably best to get a 3rd party firm to do this for you – as if you don’t know what you’re doing it’s likely you will end up in a dangerous place in the Dark Web – which we really no longer call the dark web as it’s refered to as “hidden services”. There is no real search engine for hidden services so you really do need to know where to look for relevant information so you can develop an intelligence product. Ingesting the various criminal forums found in hidden services and then key word searching it requires an investment in tools (custom scrapers), storage and processing and manual analysis. It’s like looking for a needle with your name on it in a factory which produces needles. Many of the most active cyber-criminal forums require evidence of cyber-criminal activities before access will be granted. Access requires cybercriminal credentials usually from someone with “rep” in the cybercriminal world and of course several BTC wallets for purchases from the underground forums which can’t be traced back to a law enforcement or a corporate entity. If you have no training in online covert operations, it’s likely your success in gaining access to the hidden services forums will be minimal. You could be subject to retaliation as well – doxed and targeted by cyber-criminal enforcers.

Unfortunately, Initial access brokers and other cyber-criminal crews have moved away from the dark web/hidden services and are operating on Telegram channels which have all the safeguards above in place including a need to be invited by an admin into the channel. Many CTI firms have established a presence in these channels and forums (as well as law enforcement) to look for information relevant to their customers. Using a 3rd party for dark web monitoring is likely the safest and most economical way of gaining access to this information.

Director of Information Security in Energy and Utilities2 months ago

I often see folks buying Dark Web monitoring services because it sounds like a good thing to do. But having done it for a few years now, I should have defined clear goals and objectives upfront to drive the types of services and resources I need to acquire. You want to monitor your critical assets or your 3rd party vendors, or your domain and websites? Why? Improving your response time? Etc.

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRC Network Threat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results

1.7k views1 Upvote

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile Devices Security+2 more

VP of IT in Retail3 days ago

My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more

82 views1 Comment

Any recommendations for a comprehensive GenAI learning platform?

Engineering Data & Analytics Security Strategy & Roadmap+4 more

IT Manager in Constructiona month ago

Hello,
the topic is so broad, what are you focused on?

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability Management Security Strategy & Roadmap Team & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results

3.1k views

Does anyone have information about Japan's ESPA (Economic Security Promotion Act) regulation and its applicability, and does anyone have any information on the consultants/assessors who can walk us through the process of complying?

Peer Insights Security Strategy & Roadmap

78 views