Andy Scutt

The Value of Dark Web Intelligence for MSSPs

We know from our MSSP partners that their customers – across all sizes, sectors, and geographies – are increasingly asking them for insight into the dark web.

Demand for the dark web

This awareness and interest is, in part, driven by the news cycle. Organizations have seen their peers’ fall foul of bad press, the ire of regulators, or been targeted by cybercriminals, because their data has been leaked on marketplaces, forums, and pastebins. They want to know if their data is out there too.

However, many companies do not feel equipped to safely navigate the deep and dark web. Moreover, even those who are collecting dark web data often find themselves without the in-house expertise and resources to use it to improve their security posture. 

This is where there is an opportunity for MSSPs.

By integrating dark web intelligence into their existing offerings, MSSPs can increase the efficiency and value of their own services, while addressing their customers’ understandable anxieties around cybercriminal activity on the dark web.

using dark web intelligence in one-off engagements

Dark web intelligence can be used by MSSPs to inform their one-off customer engagements – such as pentests and security audits – by providing an insight into the attacker’s view of their business.

To perform a security audit it is vital to understand what an attacker knows, or could learn, about each customer. There are many sources of information across the clear, deep, and dark web that attackers use to do their due diligence and undertake reconnaissance against an organization. The ability to easily access and search all of these sources gives MSSPs’ forensic examiners and pentesters the ability to present a company with the exact perspective an attacker has on their business.

Moreover, this data is more useful than generic threat intelligence (on different criminal groups, how they operate, their tactics, their latest exploits, etc.) in that it is far more specific to the customer. By searching deep and dark web marketplaces and forums for the company name being mentioned, executives being targeted, leaked credentials, IP addresses, open ports, and dark web traffic to the network – MSSPs can find threats that are truly urgent indicators of a possible cyberattack. 

By identifying these imminent threats from the dark web, MSSPs can demonstrate the value of their one-off engagements and also position themselves as the best and most informed partner to provide the organization with the guidance, services, and solutions it needs to protect itself from the threats that have been identified – thus, unlocking more commercial opportunities.

Using dark web intelligence for managed securty

One-off engagements give organizations a snapshot of their dark web exposure at a single point in time. However, often the customer’s next question is: “How often should we monitor the dark web to see if we are being targeted by a cyber attack?” 

The truthful answer is: continuously. 

The turbulent nature of criminal activity means that the dark web shifts and changes at an even faster rate than the clear web. Marketplaces, forums, and criminal groups appear out of nowhere, rise to prominence, jostle with other criminals and law enforcement, and disappear just as quickly as they came. Dark web threat prevention is, therefore, not something that can be done on a six monthly or yearly basis. If organizations want to truly understand their threat risk on the dark web they need continuous monitoring.

This is a huge opportunity for MSSPs, who can wrap dark web monitoring into their Managed Security and SOC services to provide customers with an ongoing view of their dark web risk over time, and alert them as soon as a serious situation emerges. MSSPs are then able to pre-empt attacks against their customers, which makes it far more likely that they can actually stop the threat actor from being successful by striking earlier in the Cyber Kill Chain

It also means that MSSPs don’t have to wait for their clients to be breached before they can prove their worth – they can often find threats from day one that could impact the organization, that the company previously had no visibility or knowledge of. With our DarkIQ solution, for example, MSSPs can provide an instant health report within minutes of starting each engagement, which gives customers an immediate overview of where they are exposed in the dark web.

The value add opportunity

Companies of all sizes are increasingly conscious of dark web threats and the opportunity dark web intelligence holds for helping them identify the early warning signs of attack. This has created an opportunity for MSSPs to use dark web intelligence as a basis to deliver the analysis, expertise, services, and solutions that help their customers take action on the dark web risk they have heard so much about.

For MSSPs to succeed, they need the right dark web monitoring solution. One that has the depth and breadth of data that means that they can provide comprehensive coverage for their customers. One that provides context and reporting so that they can deliver meaningful insights to security professionals and executives. One that fits into their business model, with different pricing for managed security or one of engagements.

That is where we come in.

Book a demo to find out more about our tailored model for MSSPs that are looking to deliver the very best dark web intelligence to their customers.