The Challenge

A multibillion-dollar global managed security services provider with over 100 cybersecurity professionals were struggling with increased demand for underground criminal forum access. Only one member of the team had the skills and ability to access deep and dark web forums without getting exposed, resulting in the need for dark web analysis exceeding their capacity.

The Solution

The company sought a solution to provide their cybersecurity analysts with easy access to underground criminal forums on the dark web for analysis. They required data feeds and a portal with search functionality, alerts and threat scoring capabilities, but most importantly, the threat data had to be expansive, in real-time and give their team complete anonymity to protect them against retaliation while investigating threats for their clients.

Following discussions with Cybersixgill’s experts, the team introduced the Investigative Portal. “We looked at different vendors, but Cybersixgill was the best match. One vendor had a better price but they only supply data. Others supply analysis services and have a much higher price point. Cybersixgill gives us data fast, from key forums and facilitates our doing analysis quickly, the way that we want it done,” said the firm’s Cybersecurity Practice Manager. “Phase one of using Cybersixgill was to spread the deep web and dark web threat intelligence work from just me to ten of us. We are now in a scale-up phase, adding Cybersixgill findings to broader cybersecurity reports and creating additional offerings.”

The Result

Cybersixgill now provides the client with the depth and breadth of dark web intelligence they needed, enabling them to search, rank and analyze data – turning the cybersecurity team into threat intelligence analysts. “I can take a cybersecurity analyst and they can hit the ground running. They don’t have to spend five years setting up accounts. Cybersixgill gives you everything you need to do the analysis. In short, you are going from a firehose effort to a targeted, workable amount.” comments their Cybersecurity Practice Manager.

Using the portal, the team no longer has to spend time identifying new dark web sites, gaining and maintaining access, or extrapolating and consolidating data. “Its major benefit is that we don’t need analysts that have access, machines, accounts and everything on the dark web. Now they can use all their cybersecurity skills without having to worry about getting the data. A small cybersecurity team, historically spending 40 hours per week collecting, analyzing, and understanding dark web data, can use Cybersixgill automation to reduce that to just a few hours per week. They would be able to set up all the alerts that are pertinent to them and then be alerted when everything changes. [Cybersixgill] does the brute-force work and gives them a handful of emails that may lead to some further analysis and action.

We’ll set up monitoring for a client with an active breach. We can notify them when their data is posted. This frequently will be their source for identifying what was taken. We will help them determine PII (personally identifiable information) and IP (intellectual property) exposures. They will know what to report and they will be able to prepare for the legal implications, brand threat and media attention to come.”

The organization is also using it to assist mergers and acquisitions in the planning phase. “We’re looking for information on a company before it’s acquired and saying: ‘Hey, this is all the information we found about that company. They had a breach at this point in time,’ or ‘Their data is out there so they definitely were breached, although it’s never been reported.’ Findings have led to changes in valuations.”