How do you proceed with DarkWeb monitoring? Do you monitor it yourself or have you commissioned a service provider?
Sort By:
Oldest
Head of Protective Services in Banking3 months ago
To add to Glen’s comment, a service provider could also monitor for phishing websites, stolen credentials, impersonation of C-suites, brand protection, etc and they normally comes with take down services.CISO in Software3 months ago
We do both. We subscribe to a service, receive a feed and monitor through the service.CISO3 months ago
A couple of things to consider. It’s likely Dark Web Monitoring is prohibited by corporate policy and it’s probably best to get a 3rd party firm to do this for you – as if you don’t know what you’re doing it’s likely you will end up in a dangerous place in the Dark Web – which we really no longer call the dark web as it’s refered to as “hidden services”. There is no real search engine for hidden services so you really do need to know where to look for relevant information so you can develop an intelligence product. Ingesting the various criminal forums found in hidden services and then key word searching it requires an investment in tools (custom scrapers), storage and processing and manual analysis. It’s like looking for a needle with your name on it in a factory which produces needles. Many of the most active cyber-criminal forums require evidence of cyber-criminal activities before access will be granted. Access requires cybercriminal credentials usually from someone with “rep” in the cybercriminal world and of course several BTC wallets for purchases from the underground forums which can’t be traced back to a law enforcement or a corporate entity. If you have no training in online covert operations, it’s likely your success in gaining access to the hidden services forums will be minimal. You could be subject to retaliation as well – doxed and targeted by cyber-criminal enforcers.Unfortunately, Initial access brokers and other cyber-criminal crews have moved away from the dark web/hidden services and are operating on Telegram channels which have all the safeguards above in place including a need to be invited by an admin into the channel. Many CTI firms have established a presence in these channels and forums (as well as law enforcement) to look for information relevant to their customers. Using a 3rd party for dark web monitoring is likely the safest and most economical way of gaining access to this information.
Director of Information Security in Energy and Utilities2 months ago
I often see folks buying Dark Web monitoring services because it sounds like a good thing to do. But having done it for a few years now, I should have defined clear goals and objectives upfront to drive the types of services and resources I need to acquire. You want to monitor your critical assets or your 3rd party vendors, or your domain and websites? Why? Improving your response time? Etc.
1. type squatting take downs
2. employee passwords found - how do you verify they are actual passwords and what is the process to change the password if needed.
A good platform with service provider will have the ability to perform take downs for you and use hashes to compare passwords on the dark web to your IAM platform with workflows to initiate chagne if needed.