Silvano Rebai - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

Should large enterprises add dark web monitoring to their security policies?

Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.

Many breaches have been detected based on activity on the dark web, such as customer databases being sold. Should large enterprises consider looking for threats using dark web monitoring? If so, should they use human analysts or automated scanning?

Dark web monitoring is the new artisanal way to gather threat intelligence. Incorporating threat intelligence both proactively and reactively into an information security program has value, but understanding the data sources, how the data is validated and how it is shared is critical to getting value from it.

One aspect of this is the value gained from monitoring the dark web. The dark web is often unaccounted for in enterprise security policies because as a smaller, private part of the deep web, it requires special software and browsers for access. As a result, it has become the source of a large amount of cybercrime.

The advice I gave on hacker chatter in 2011 still holds true in terms of monitoring activity on the dark web. Monitoring hacker chatter has some value, as does monitoring the dark web, but enterprises need to determine if what hackers are talking about poses a threat to their organizations.

To that point, one aspect of dark web monitoring is looking for the sale of customer or human resource databases. While looking for general threat intelligence may be done best by organizations with dedicated resources, looking for canaries in a coal mine or watermarks to identify whether a customer database or other sensitive data is available on the dark web could alert an enterprise to a security incident in one of its systems or at a third-party entrusted with its data.

By searching for specific data that should not exist in another data source using dark web monitoring, you can investigate to determine if there was a security incident internally or elsewhere if the data is found outside the enterprise.

As with hacker chatter, you can periodically perform an automated search of the dark web to look for the canary or the watermark and then manually investigate.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in February 2019

Dig Deeper on Data security breaches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What kind of suspicious activity has your organization found when monitoring the dark web?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close