FAQs

Searchlight Cyber gathers data from different sources on the deep and dark web, including underground forums, marketplaces, and encrypted chats, using a combination of automated and manual techniques. We have a threat intelligence team with extensive experience in law enforcement, cybercrime, and the military, and also utilize advanced tools such as cutting-edge web crawlers and natural language processing to extract context-rich information from the collected data. All data is collected in accordance with US, UK, and European laws.

By partnering with Searchlight Cyber, you’ll unlock access to 15+ years of expertise and research in internet anonymity and the dark web, improving your organization’s intelligence capabilities and ability to pre-empt and prevent cyber attacks from criminal groups.

Searchlight Cyber offers solutions for detecting, managing, and responding to cyber threats. These solutions can help companies meet different compliance requirements, including PCI DSS 4.0, ISO27001:2022, and the common criteria required for meeting the requirements of AICPA SOC 2 audits.

Meet PCI DSS 4.0 requirements, including

  • Requirement 6: develop and maintain secure systems and software by helping to identify and manage vulnerabilities based on the knowledge of how those vulnerabilities are being exploited
  • Requirement 11: Regularly test security systems and processes by performing external vulnerability scans.

Implement security controls to manage risks related to information security and comply with many of ISO27001:2022’s requirements including

  • Section 5.7 Threat Intelligence
  • Section 5.21 Managing information security in the ICT supply chain.

Lastly, Searchlight Cyber can also help with AICPA SOC 2 including

  • Common criteria 4.1 and 4.2 on monitoring
  • 6.6 (protect against threat from sources outside system boundaries)
  • 7.1 (use detection and monitoring to identify vulnerabilities)
  • 7.3 (monitor system components to identify failures to meet objectives).

Want to learn more? Book a demo to learn how you can enhance your security offering with actionable dark web intelligence.

Searchlight Cyber offers a generous partner program for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value Added Resellers (VARs) looking to add dark web monitoring to their services. Our multi-tenancy platform makes it easy for MSSPs to handle multiple customers and offers one-click report creation to help you demonstrate the value of shifting from reactive security to proactive security. In addition to MSSP-focused pricing, we also provide training, support, and access to joint marketing resources via our partner portal. Visit our partner page to learn more or reach out directly for more about our current incentives and programs for MSSPs.

Using Searchlight Cyber’s proprietary technology, is it possible to identify suspicious dark web traffic patterns to and from your network. Traffic from the dark web to or from your network may indicate an attacker is attempting to exfiltrate data or communicate with a command and control server. Book a demo to learn how you can enhance your security offering with actionable dark web intelligence.

Detecting a ransomware attack can be a time-consuming task if performed manually, but it is often possible to identify ransomware groups or actors using ransomware as a service (RaaS) in the lead-up to an attack – including chatter about an organization, reconnaissance, threat actors, ransomware group modus operandi, and resource development activity. To streamline gathering this data, TI and IR teams can use Searchlight Cyber’s Ransomware Search and Insights to identify ransomware group trends related to their industry and quickly collate and share this intelligence with their team. By leveraging this tool, organizations can proactively monitor and defend against potential ransomware attacks, saving time and resources.

Accessing the dark web in most countries using software such as Tor is legal in many countries. However, much of the activity and content you’ll find on the dark web is illegal, such as the sale of illicit goods, the exchange of stolen information, and the planning of domestic and international crime. For this reason, the dark web can be a powerful source of information for law enforcement, government, and cyber security professionals – but only if they know where to look. Using Searchlight Cyber, investigators can spend less time searching for dark web intelligence and more time investigating and monitoring threats to your people and organization. Using our platform, investigators and SOC teams can easily and legally access previously unobtainable deep and dark web criminal communications on the deep and dark web.

Searchlight Cyber creates an archive of the dark web so that teams can navigate a comprehensive dataset of clear, deep and dark web sources reaching back over 15 years, and safely investigate live sites as they appear online.

For more information on how your organization can access critical pre-attack intelligence from the dark web to identify threats against your brand, suppliers, and people, download our product datasheets or book a demo.

Our dark web monitoring platform is designed to ensure your signal-to-noise ratio is high, so your team only gets alerted to imminent threats against your organization. To do this, DarkIQ automatically scans your organization’s attributes, such as domains, IPs, and cloud buckets, against over 11TB of data and more than 12 billion dark and deep web records. It then categorizes these results and removes false positives to filter out the noise. You can also refine your alerts by adding and removing attributes from your alerts as well as implementing smart filters to remove results based on your organization’s password policy.

There’s no installation or downloads required—all our investigation and monitoring functionality run in your browser. This makes it easy to get started, scale, and implement into your standard operating procedure. Our agentless deployment also makes it possible to monitor the risk profile of supply chain partners, affiliate brands, and acquisitions without installing a line of code.

You can use Searchlight Cyber’s investigation and monitoring platform to get a holistic view of your online exposure with visibility into clear, deep, and dark web sources including code repositories, social chats, CVEs, and phishing sites.

Enterprises, public sector bodies, and MSSPs can also use Searchlight Cyber to proactively identify the pre-attack activity of cybercriminals against your organization, leadership team, and supply chain, including leaked credentials, open ports, code repos, and vulnerabilities. Book a demo to learn how you can enhance your security offering with actionable dark web intelligence.

You can integrate our dark web API threat intelligence feed to enhance your existing SIEM (Security Information and Event Management). Once connected, you can draw from the world’s most comprehensive dark web dataset to give your organization unprecedented access to deep and dark web marketplaces, forums, and onion sites, as well as code repositories, social chats, CVEs, domains, phishing sites, and more. Book a demo to learn more about our API our SIEM integrations.

Tracking criminals on the dark web can be challenging, as the anonymity and encryption tools used on the dark web make it difficult to identify individuals and trace their activities. However, using Searchlight Cyber’s dark web investigation and monitoring platforms, it is possible to identify and drill into a criminal’s activity and modus operandi, including forum chatter, usernames, aliases, and OSINT data.

Though not all dark web activity is illegal, malicious actors prolifically use it as they believe they can’t be traced. Here are some common ways criminals use the dark web and share information that can be accessed using the Searchlight Cyber platform.

  • Covert communication: Criminals use dark web forums, encrypted chats, and email services to post ransomware notices, plan organized crime, human trafficking, drug trafficking, and child sexual exploitation.
  • Dark marketplaces: A place where illegal goods and services are bought and sold, including drugs, weapons, stolen personal information, and hacking tools and services.
  • Cybercrime: The use of Tor in the execution of cybercrime, including hosting leak sites, relaying command and control communications, launching DDoS attacks, performing network intrusion, and exfiltrating data anonymously. You can also find actors distributing malware- and Ransomware-as-a-Service (MaaS/RaaS) as part of the dark web economy where forums act as resale brokers and recruitment portals, enabling criminals to launch their attacks with minimal effort – or to collaborate on new, more damaging versions of already disruptive campaigns.
  • Sharing illegal content: This includes producers and distributors of Child Sexual Exploitation and Abuse (CSEA) material.

Using Searchlight Cyber, you can shift left in the cyber kill chain to access criminal communications and disrupt threat actors before an attack or crime has been committed.

The dark web can provide valuable intelligence that can assist with threat intelligence prior to an attack and incident response following a cyber attack. Since the dark web is often used by cybercriminals to buy and sell stolen data, it can be a useful source of information for identifying the scope of a data breach and determining what data has been compromised. Additionally, threat actors use the anonymity and proxy capability of TOR to test the external infrastructure of organizations. Understanding when this kind of activity is taking place, especially when extra precautions, such as the use of Tor, are taken can give defenders an early warning signal, threat hunting hypotheses, or aid in IR after action reports

Using Searchlight Cyber, SOC, TI, and IR teams can monitor clear, deep, and dark web data – including dark web forums, marketplaces, and dark web traffic data to identify the cybercriminals responsible for the attack, track down stolen data, and take preventative measures to minimize further damage. Additionally, information on the dark web may reveal vulnerabilities that were exploited in the attack, allowing organizations to take steps to address these vulnerabilities and prevent future attacks. Additionally, threat actors use the anonymity and proxy capability of TOR to test the external infrastructure of organizations. Understanding when this kind of activity is taking place, especially when extra precautions, such as the use of Tor, are taken can give defenders an early warning signal, threat hunting hypotheses, or aid in IR after action reports