February 19, 2021
A lot of IT services providers, such as MSPs (Managed Services Provider) and MSSPs (Managed Security Services Provider) are offering “Dark Web Monitoring” nowadays. We offer it as well. It is a great tool when used correctly and can be a great source of frustration when it is not.
The Dark Web is a moniker that describes that part of the internet that is not accessible by regular browsers and uses .onion extension for its website Uniform Resource Locator (URL). The information that is on there is sourced from a great number of databases, some that was leaked intentionally, some by accident, and some through a malicious breach. What is important to bear in mind is that this information has various levels of validity.
A typical Dark Web monitoring service scans these sites for data dumps and alerts you when your email address appears on there. In the vast majority of cases, the alert will be for a breach that happened some time ago, usually months, if not years back. The information that has been gathered will typically consist of some or all of the following: your email address, full name, home or business address, phone number, date of birth, Social Security Number, and a password. Keep in mind that a lot of this information can be gathered using regular internet and social media sites.
So why use this service? It will allow you to keep a pulse on which employee passwords are compromised, which employees use either weak passwords or use clearly discernable patterns when changing their passwords. It will also show which employees use their company emails for personal items, something that is often expressly prohibited by company policies. It is an excellent tool to monitor your exposure to social engineering attacks and can be used for security awareness training exercises/tests.
Do not, however, use this as a single source of truth regarding your security posture. Just because someone’s information is not available now, does not mean it has not been compromised. If you see on the report that there is a large number of personal information that suddenly appears in a report, get ready for your systems to be attacked using vectors gleamed from this information. In the same vein, just because your company and employee information is out there it does not mean you need to panic. As long you have proper controls in place and test them regularly all you may need is to adjust your testing and focus to account for the information received.
Feel free to reach out if you have any questions or are looking for some more guidance of how to best use this type of tool/service.
"As a medical data company, compliance and data security are extremely important to our organization. The team at Aegis IT Solutions was instrumental in ensuring that our clients’ data is properly safeguarded while providing strategic advice and helping us navigate through complicated compliance challenges associated with an international enterprise providing and managing access to personal confidential data."
"We do data analytics for many large corporate clients, both in the cloud and on premises. Security was a sore topic for us until we retained services of Aegis IT Solutions. Ilya was very responsive, professional and knowledgeable. With his help and leadership, we improved our processes, properly planning for security-related activities and professionally communicating with clients for the best mutually acceptable security approach."
"Client service is the ethos of Aegis IT Solutions. Ilya and his team never fail to provide the most up-to-date insight on technology and system upgrades. They always take time to meet our law firm’s never ending IT needs. We considered Aegis IT Solutions as one of the most essential assets to the function of our busy practice. I am grateful for having formed this lasting relationship."
© 2021. Aegis IT Solutions. All rights reserved.