We’re introducing a new way to get actionable, contextual threat intelligence from the dark web through your TIP, SIEM, SOAR, and VM platforms, including Sixgill’s automated threat intelligence solution.
It’s called Darkfeed, and it’s designed to accelerate automated security responses by delivering malicious indicators of compromise (IOCs) to any security platform – in real-time.
Here’s what that means: Other feeds wait until an attack is detected to trigger a response. But Sixgill continuously scans the dark web for IOCs – compromised domains, malware hashes, suspect IP addresses, mentions of stolen credit card numbers, and hacked websites offered for sale, allowing security teams to take action before an attack.
Imagine, for example, that a cybercriminal is selling stolen access credentials for a website. That information could be used to take over command and control servers or deploy phishing attacks. When the stolen credentials are mentioned in underground criminal marketplaces, Darkfeed automatically delivers that information to security platforms so security teams can block emails from that website or take other defensive actions. All of this can happen before those stolen credentials are weaponized.
The indicators of compromise Darkfeed delivers include:
- Malicious hashes derived from dark web malware posts
- Malicious hashes derived from dark web posts that include Virustotal links, including malware items that are not identified as malicious by Virustotal engines
- Malicious hashes derived from malware available for download on the deep and dark web
- Compromised domains, to which access is sold on the deep and dark web
- Suspicious domains that are sold on the deep and dark web
- Malicious IP addresses mentioned on the deep and dark web
- Command & Control IP addresses mentioned on the deep and dark web
- Command and Control domains that mentioned on the deep and dark web
They are delivered in a STIX format for automated parsing, with additional data – such as the name of the threat actor – that allows for automated contextual analysis.
Threat analysts can harness the cumulative powers of Sixgill’s platform and Darkfeed to expand the use cases of integrated threat intelligence and maximize performance. Darkfeed can also integrate with existing security systems (TIPs, SIEMs, or SOARs) so that analysts can get a visual depiction of threat trends.
In all, the Darkfeed is the most flexible and predictive threat intelligence solution available, and it is poised to make dark web intelligence more accessible.
It sees indicators of compromise before any other intelligence platform, and it makes them more accessible to organizations of any size. It’s threat intelligence at its highest level in terms of accuracy and precision. It is another example of how comprehensive, actionable, and automated threat intelligence gives security teams an edge over their adversaries.