Post
The new IAB dashboard helps teams detect pre-attack indicators more efficiently, enabling faster identification of unauthorized network access to you or a partner – before it can be sold and exploited.
We’ve added a new IAB Intelligence dashboard to our investigation platform, Cerberus, making it easier to shift left and identify actors selling access to infrastructure matching your organization’s (or a partner’s) description.
Key Benefits
- Spot a key attack vector earlier and more easily using
- Preemptively get notified if a listing matches your organization’s description
- Defend your organization or critical national infrastructure
Since the details in IAB posts are intended to attract buyers, but rarely disclose the name of the target to avoid detection, Searchlight’s AI Agent automatically looks for common linguistic signals and patterns in these posts across dark web forums. Using the dashboard, Searchlighters can:
- Filter and set alerts on IAB listings by Sector, Revenue, and Location
- View posts matching your organization’s description
- Pivot on posts to verify the actor’s credibility and access type for sale (RDP, VPN, stolen credentials)
Searchlighters can view all collated posts within a centralized dashboard, giving defenders quick access to threats operating in the Initial Access (TA0001) tactic in the MITRE ATT&CK framework. Our IAB Mitigation Guide details what you can do if you find a credible post that matches your organization’s description.
Early success stories
Although this feature has only just been released to Searchlighters, in the beta access period, we identified breached files that had not yet been disclosed publicly to the impacted victims, including a global restaurant chain and a national governing body. Searchlight Cyber’s Threat Intelligence team has reached out to these cybersecurity teams to share the information.