In recent posts, we discussed the importance of third-party threat intelligence in shining the light on a significant blind spot for security teams: the ability to identify risks coming from the supply chain. The intelligence itself is tremendously valuable, not just because of what it reveals about an organization's third-party risks, but because of the way the information is sourced.
The importance of how and where intelligence is sourced is not only relevant to cybersecurity. Throughout history, intelligence gathered during international conflicts has been crucial as well.
For example, earlier this month, world leaders commemorated the 80th anniversary of D-Day, the massive assault at Normandy that led to the defeat of Nazi Germany and eventually the end of World War II. While the Allied Forces possessed many advantages over their enemy, one of the keys to that battle and the ultimate victory over the Axis powers was simply this: They knew their enemies’ secrets.
Thanks to breaking the codes that the Germans (and the Japanese) used to communicate internally, the Allies could take the initiative. Without those insights, they would have been in the dark, forced to guess about pending attacks and react once they were launched.
The same principle applies to cybersecurity. If you understand cybercriminals’ plans—their motivations, tactics, targets, and timing—you are better able to protect your organization from a damaging attack. The best way to gain this understanding is through comprehensive, contextual cyber threat intelligence (CTI) collected from the deep and dark web, the virtual gathering spots for cybercriminals to exchange tools, share information, buy and sell data, and offer services.
Breaking the code: infiltrating the cyber underground
Many underground websites are hidden from the public, but our threat analysts have methods to penetrate them and collect the broadest pool of dark web intelligence available. Using advanced machine learning (ML), we covertly extract threat actor data from clear, deep, and dark web sources including limited-access forums and markets, invite-only messaging groups, code repositories, and paste sites. This threat data is then processed, correlated, and enriched with AI and ML and filtered for business and attack surface context, so security teams understand which threats and vulnerabilities pose the greatest risk to their organization.
Through our vast pool of dark web data sources, Cybersixgill’s CTI helps organizations address a multitude of use cases, some of which include:
Vulnerability Management – Know which vulnerabilities will be targeted and get insights around emerging threats, trends, and context on actors and their intent.
Ransomware Protection – Get real-time alerts and essential context to combat ransomware, malicious malware, and vulnerability exploits.
Compromised Credentials – Stay ahead with automatic notifications in the event of leaked employee credentials, system passwords, and brand assets.
Incident Response – Analyze and detect threats earlier. Perform investigations on the dark web to optimize the incident response lifecycle.
Threat Hunting – Seek the highest-priority potential cyber threats to your organization and take remediating action to protect your environment before they attack.
Third-party Risks – Identify threats from the supply chain and expand your threat exposure management efforts.
Addressing threats posed through third parties: a game-changer
Beyond knowing how cybercriminals are targeting your organization directly, you also need to know how they’re targeting the vulnerabilities of your third-party suppliers and partners, which gives them the means to breach your network. Going back to our international conflict metaphor, it was crucial for the United States to gather intelligence about the enemy’s plans - not only to attack their own forces but their close allies as well.
To apply our rich dark web threat intelligence to an organization’s third parties and supply chain providers, we recently introduced our new Third-Party Intelligence module. The new module combines vendor-specific CTI with cybersecurity posture data from suppliers’ tech environments and enables SOC teams to preempt threats originating from third-party suppliers. Additionally, our Third-Party Intelligence identifies potential supply chain risks and delivers impact assessment with recommendations for remediation before an attack launches. Thus, Cybersixgill addresses the various use cases listed above for your organization’s assets and those of your third-party suppliers, providing you with comprehensive, hermetic CTI coverage of your suppliers and vendors.
The new solution is truly a game-changer and takes an organization’s cyber defense efforts to new levels. Combined with our Attack Surface Management solution, our third-party intelligence module delivers data about each third-party provider with detailed descriptions of gaps in their network, IT environments, and applications (including DNS records, mail server misconfigurations, and technology with vulnerabilities known to have been exploited).
After all, if your supplier is hit by a ransomware attack or a breach, the route to your organization’s data and/or environment becomes that much shorter. If you turn a blind eye to your allies, you might find your own homeland attacked as well, and taking action will likely be too late.
To learn more about our Third-Party Intelligence module contact us for a demo or for more information. You can also visit our Dark Web Education Hub to discover more about activities on the deep and dark web.