A multi-billion dollar corporation had a well-established cyber defense team but was reactionary and unstructured with their approach towards dark web threat intelligence. Dark web threat data was not incorporated into their threat intelligence program and their limited research was restricted to task-focused activities, responding to requests from the wider cybersecurity team. All processes were manual and limited to the skill level of the analysts, placing the organization at risk.
“Our TI efforts were very reactionary, task-focused, based upon research requests. Our efforts were manual in nature, so we didn’t have automatic processes where we had set up assets, keywords, domains, etc. It was time consuming, taking up over a third of the time of our cybersecurity team. We were relying on what connections the team had from a personal perspective — what forums [they had] access to and what trusted circles they were in.” Comments their Global Threat Intelligence Lead.
The Cybersixgill team performed a proof of concept (POC), quickly setting up profiles for the client to use. Purposefully, the client did not want extensive training on the solutions, to test how intuitive and easy they were to work with. Following the successful POC, the client integrated the Cybersixgill Investigative Portal with Darkfeed and DVE Intelligence.
After deployment, the client has seen significant labor productivities and improvements in employee satisfaction. The Darkfeed module within the Portal is seen as a force multiplier for the team and they have been able to repurpose 33% of their analysts labor to other value-added activities. Translations within the Portal have enabled the client to expand their threat intelligence reach globally and they have also reported a significant change in their security maturity.
“I don’t think that it would be economically or technically possible to provide the access and value that Cybersixgill brings. It would take many more people and years to cultivate. Its tool and capabilities provide a great value. Using a crew metaphor, the combination of our intel platform, Darkfeed, and the Cybersixgill Portal has us now rowing in unison, moving quickly in the right direction.” Comments the client’s Global Threat Intelligence Lead.
“The DVE Score is a huge time saver. Not only can you drill in to identify the sources and content of real issues, but you don’t put time into things that aren’t issues or likely to become issues. Research that used to take a few hours now takes ten to fifteen minutes, if any research is done at all. Cybersixgill’s ease of use allowed us to shift to a global posture. It was easy for our [worldwide] analysts to use Cybersixgill with their existing skills. The advantages include the ability to spread workload and to provide more short-term focus when needed.”