A small sized cyber security consultancy with a team of 12 analysts were manually collating open source intelligence to undertake threat risk assessments for their organization, identify stolen credentials and at risk accounts. Needing to upgrade their threat intelligence provider, the team visited the RSA conference in San Fransisco and discovered the Cybersixgill Investigative Portal.
A key requirement of the solution was to gain access to the deep and dark web as well as closed underground sources. Now fully embedded in the team’s environment, the Investigative Portal is utilized extensively for investigations, automating many of their investigative functions and delivering advanced analysis to support security operations.
Upon reviewing the solution, the client says “We can easily conduct searches on leaked credentials. It gives us the ability to look at a timeline and build profiles against companies that we are trying to protect, then track changes to credentials or leaking bucket/cloud services associated with those companies. That is the benefit for us. A lot of it is stuff that we can do manually, but it is more about the time it takes as well as the number of analysts you need to do it compared to getting it provided as a quick service.
The key value-add is the breadth of sources for the data. It is all about cutting down on the time required to conduct detailed research. While all this information can be found if you invest heavily in people and building profiles on dark websites and in forums, the reality is it takes a lot of time, effort and is not very scalable. For a smaller company, like us, where we don't want to hire dozens of analysts to look at one client, this solution means that we can effectively scale.
We have seen ROI. It reduces the cost in terms of the number of people that you need to train and have a desk to find the data. It reduced our analysts by half; where we currently have six analysts, we previously needed 12. It probably reduces our investigation times by an estimated 15 percent.”