Dark Web Monitoring
The Dark Web has become the place where cybercriminals trade stolen data records such as user credentials, personal information, credit/debit cards, and more. These data records are often listed in various hidden resources and hacker groups or forums that are generally not easily available to the general Internet public.
Pentest People have released an innovative Dark Web Monitoring Service as a way to offer customers peace of mind that any mention of their brand, domain name, or specific data assets have not been compromised in a data breach and are not available on the Dark Web.
The Dark Web Monitoring Service leverages proprietary scanning tools that have been custom written by the experienced team of security researchers at Pentest People. These tools harness various manual search mechanisms and APIs that have been created from doing numerous Open Source Intelligence (OSINT) assignments. The service can be delivered purely as an alerting engine, alerting you when references to your data assets or found, or more as a managed service where an experienced member of the team manually verifies every finding and produces a risk report with a full remediating action plan.
If you are not proactively scanning the Dark Web for references to your brand and data assets then you are leaving yourself open to the ramifications of a serious data breach without your knowledge.
Listen to one of our Dark Web Monitoring experts breakdown of this Pentest People Service
What are the Risks?
Most Data Breaches are performed for financial gain. The cybercriminals exploit a vulnerability that results in a data breach and then extract the data. This data then has to be sold and the Dark Web, with its various underground forums and user groups is the place where the majority of this data is advertised.
It is quite common that the first a company knows about a data breach is when its data is identified for sale via the Dark Web. The attacker may have infiltrated the network and extracted the data without the company knowing and it is only when this data is listed for sale that the breach is identified, posthumously.
It is therefore imperative that you proactively scan the regular and Dark Web to add this scanning into your defence in depth strategy for risk management.
How Can Our Dark Web Monitoring Service Help?
Pentest People’s Dark Web Monitoring Service was designed to identify when a customers data is breached and posted to locations on the regular or dark web.
Unless you are performing this level of pro-active monitoring you are unaware of what data assets have been compromised and are publicly available on various dark web data sources.
By using the service you can identify if any issues arise and then take action to remediate against the issues identified.
The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.
The Dark Web Monitoring Service allows
access to SecurePortal
Receive detailed security metrics and trends about all your hosts and risks through the SecurePortal.
Receive useful trend information such as the top vulnerable hosts, and the most common vulnerabilities within your infrastructure.
Dark Web Data
SecurePortal allows you to access all your vulnerability data in a secure single platform.
The data findings from the Dark Web Monitoring are all viewable on an interactive dashboard allowing you to mark any false positives to improve the results.
Receive a digital report of your potential exposure on the Dark Web and see your data in a single dashboard.
Either be alerted to any potential breach or further enhance this with a fully managed service led by a Pentest People security engineer.
Dark Web Monitoring Overview Transcript
Pentest People Dark Web Monitoring Service is offered via one of our sister companies, Dark Invader. Dark Invader have a team of dedicated researchers that are on hidden forums, and other interesting areas of the dark web and clear net, as well as places like discord, telegram and signal attempting to gain information that could be pertinent when trying to defend your business. On top of that, we have a 40 billion record Elastic Search Database, which you can query for emails that belong to your domain. And it also gives information on the passwords and other pieces of information that are associated with that. A Dark Web crawler has 300,000 websites that are regularly being crawled for data on that same team of researchers that is pulling data into those databases also sits on various hidden communities. Speaking to gaining the trust of threat actors that may pose a threat to your business, helping you prevent the attack before it’s even started.
Pro actively monitor the regular and Dark Web for the identification of your brand or data assets that may form a data breach.
- Feel safe in the knowledge that the Dark Web is being proactively scanned for any mentions of your brand, domain, or data assets
- Identify any potential data breach issues so you can take immediate action to reduce the risk posed by them to your security posture
- Be notified as soon anything that could be identified as a data breach from your organisation is picked up by our scanning technology
- Leverage proprietary scanning tools otherwise unavailable for general searching on the Dark Web to uncover any potential data breach issues
- Reduce the risk of a data breach damaging your organisation both financially through fines and to your reputation through the negative press associated with a breach