Searchlight Cyber improves DarkIQ Dark Web Traffic Monitoring capabilities
Searchlight Cyber has released enhancements to its Dark Web Traffic Monitoring capabilities, a key feature of its dark web monitoring solution, DarkIQ.
These enhancements arm cybersecurity professionals with deeper insight into dark web traffic to and from their network, alerting their organization to potentially malicious activity and the possibility of an attack in preparation or in progress.
Searchlight’s Dark Web Traffic Monitoring feature in DarkIQ is unique in its ability to deliver data on the connections between an organization’s infrastructure and the dark web network, The Onion Router (Tor).
Live traffic data can provide organizations with early warning to a potential cyberattack, while historic traffic data stored in the platform can be used by threat intelligence and incident response teams to investigate an incident.
For example, dark web traffic from Tor to the company network can indicate:
- Threat actors probing the company network for vulnerabilities.
- Malware installation, especially if it is a large data packet.
While dark web traffic to Tor from the company network can indicate:
- Employees browsing the dark web, putting their organization’s infrastructure at risk.
- That a command and control beacon has been established by hackers that have already compromised the network.
- Data exfiltration, especially if there is a large amount of data leaving the corporate network.
“Dark web traffic between Tor and the corporate network is a very reliable datapoint for identifying malicious activity, and we have seen first hand how organizations have used it to identify cyberattacks and take preventative action before any damage was done,” said Dr Gareth Owenson, CTO of Searchlight Cyber.
“However, this relies on them firstly having visibility into the traffic, and secondly having the data points they need to identify where to start their investigation. The enhancements we have made to our Dark Web Traffic Monitoring feature provide our customers with even more context, to help them assess exactly what malicious activity is taking place, and the best mitigative actions they can take,” added Owenson.
The latest enhancements offer Searchlight Cyber customers the following advantages:
- Enhanced granularity: Even more data on dark web traffic, including detailed information on package sizes and the number of connections from the dark web, empowering security professionals to identify anomalies.
- New visualizations: Making it easier for cybersecurity experts to dissect and analyze data from multiple angles, enhancing their ability to identify and respond to threats effectively.
- Traffic splitting capability: The ability to segment data by incoming and outgoing traffic, simplifying the identification of potential threats and unusual patterns.
Dark Web Traffic Monitoring is available to all DarkIQ customers.