As a global managed security service provider (MSSP) offering a variety of cybersecurity services to major enterprises, CyberProof understands what a valuable and comprehensive source of threat intelligence the deep and dark web is. The collection and analysis of intel from these dark sources is a key service offered by the company to gain threat actor insight for businesses who have fallen victim to a cyberattack.
Their approach to gathering threat intelligence from the deep and dark web was cumbersome and time-consuming. Threat analysts often had to spend significant amounts of time seeking access to dark sources, using tools such as VPNs to avoid arousing suspicion. Even after CyberProof’s analysts gained access to channels on the deep and dark web, it was difficult to tell whether their use of the dark web was sufficiently comprehensive. The vastness of the deep and dark web, combined with CyberProof’s individual process of gathering and analyzing threat intel, meant that they could never fully rule out the possibility that one of their investigations had missed a relevant post on an underground forum.
To empower its cyber threat analysts to conduct investigations rapidly and comprehensively, CyberProof deployed Cybersixgill’s Investigative Portal. This solution gave CyberProof’s analysts convenient access to Cybersixgill’s collection of threat intelligence gathered automatically from the deep and dark web – the largest such collection of any solution on the market.
During an investigation, CyberProof’s analysts now easily search the Investigative Portal for relevant posts from dark sources. They also have the option of setting automatic alerts based on specific parameters, so they will be informed of any new intelligence as it becomes available. With the threat intelligence stored locally on Cybersixgill’s own servers, their searches would never inadvertently tip off the threat actors under investigation.
By using the Cybersixgill Investigative Portal instead of searching the deep and dark web directly for threat intelligence, CyberProof has dramatically accelerated its investigations of possible cyber threats and vulnerabilities. “Before we started working with Cybersixgill, in a typical investigation it would take approximately two working days for me to gather my initial findings… Today, to get my initial findings through Cybersixgill’s platform takes me about one hour.” Comments Orel Pery Head of Cyber Threat Intelligence, CyberProof.
New employees used to require about one to two weeks onboarding in order to start working productively, now new team members can start conducting investigations after only two or three days on the job.
Working with Cybersixgill empowers CyberProof’s threat analysts to conduct more thorough and reliable investigations. Not only do they have access to Cybersixgill’s full collection of threat intel, but they can access it all through the Investigative Portal’s intuitive interface. CyberProof’s team members often disclose their relationship with Cybersixgill to clients, due to the benefits delivered by our technology.