Dark Web Annual Monitoring and OSINT Assessment

What is it?

Our Dark Web & Intelligence Services proactively protect your IT stack and users by monitoring intelligence. We can help you build a list of queries and give you access to our intelligence sharing platform. It searches open and closed datasets, such as filesharing sites, credential leak forums, ransomware Telegram groups and others to identify any mentions relevant to you.

This is then enriched and sent to you and your team as actionable intelligence which could be the difference between being compromised and stopping the attack.

What does it involve?

The overall aim of the project is to work with you to understand your estate and design search queries that would proactively inform you if there was any mention of a targeted attack on your infrastructure or users.

There are a number of scenarios where this service provides great value:

Ransomware

This covers intercepted chat on dark web forums mentioning IP ranges and numbers of credentials and email addresses that can be used to gain access. This intelligence allows you to focus your security and bolster the defences for a small subset of your estate, ensuring you are effective in your defence.

Senior leadership team impersonation

Monitoring a list of SLT emails and social media tags, can help you identify spear phishing and AI-enabled campaigns that are difficult to detect with conventional means.

Credential leaks

We provide a unified platform that monitors overt and covert data leak sites, allowing you to protect your assets from compromise using exposed credentials.

Database sales or access broker activity

Our platform allows us to fine-tune searches to produce actionable information about the sale of data exfiltrated from your estate.

Our approach

Advanced tools & expert analysis

Our approach combines advanced monitoring tools with expert analysis to provide a comprehensive view of the threat landscape. This enables you to stay ahead of emerging threats and make informed decisions to protect digital assets. We are committed to delivering a tailored monitoring service that aligns with your specific needs and requirements.

Client focused 

This service is both proactive and client-focused, ensuring that you receive timely and relevant information about potential threats. It is designed to send regular email reports at a frequency suited to you, whether that be daily or weekly. These reports summarise the findings from our continuous monitoring efforts, highlighting any significant threats, breaches, or relevant discussions that pertain to your interests.

Realtime alerts

In addition to scheduled reports, we will also send proactive alert emails in real-time whenever critical threats or breaches are identified. These alerts ensure that you are immediately informed of urgent issues that may require swift action, allowing for a rapid response to mitigate any potential damage.

No delays and deep insights 

To provide a comprehensive service, we include pre-authorised hours for investigation time. This allows our experts to conduct further analysis whenever an alert indicates a potential threat. These pre-authorised hours ensure that our team can delve deeper into any suspicious activities without delay, providing you with detailed insights and recommendations promptly.

However, in the event of a confirmed breach or if our team needs to be actively deployed on your servers or systems for remediation, this will require additional time beyond the included investigation hours. Such activities will be drawn from the retainer days and managed as a separate engagement. This ensures that you receive dedicated support for critical incidents, leveraging our full range of expertise and resources to effectively address and resolve any security breaches