<p>Dark web monitoring can give enterprise cybersecurity teams advance warning of potential attacks before they occur and alert them if corporate data and credentials have already been exposed. By getting insight into what kinds of attacks might be incoming and what systems and users could be targets, organizations can implement <a href=”https://www.techtarget.com/searchsecurity/opinion/6-steps-toward-proactive-attack-surface-management”>proactive defense measures</a>, rather than waiting to react to attacks in motion.</p>
<p>Consider a company that learns through dark web monitoring that attackers have installed an infostealer on a particular user’s office computer and are capturing sensitive information such as login credentials. The security team can employ defensive options that range from creating a <a href=”https://www.techtarget.com/searchsecurity/definition/honey-pot”>honeypot</a> to catch the malicious hacker to simply reimaging the computer and tightening configurations to prevent a recurrence.</p>
<p>If, on the other hand, the company doesn’t know anything is amiss until someone uses stolen credentials to log into core systems and exfiltrate massive amounts of data, options are limited, and the damage has already been done.</p>
<p>This is not to say that dark web monitoring is worthwhile for every company. CISOs must weigh benefits against costs and risks, and many will find they can better invest resources elsewhere. For some large and high-profile organizations, however, dark web monitoring can provide significant value — if they know what information to monitor and where to look.</p>
<section class=”section main-article-chapter” data-menu-title=”Limitations, costs and risks of dark web monitoring”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Limitations, costs and risks of dark web monitoring</h2>
<p>While enterprises can gather <a href=”https://www.techtarget.com/searchsecurity/tip/Enterprise-dark-web-monitoring-Why-its-worth-the-investment”>valuable intelligence through dark web monitoring</a>, the practice also has significant limitations.</p>
<p>For one thing, dark web monitoring can uncover only information that threat actors post. If a malicious hacker has privately resolved to breach an enterprise’s networks or applications, he or she has no need to advertise that intention in any way, in any forum.</p>
<p>The other major limitation — especially for organizations conducting DIY dark web monitoring — is that there are so many places to look. More crop up all the time, and most don’t advertise their presence.</p>
<h3>In-house dark web monitoring vs. third-party dark web monitoring</h3>
<p>Going DIY means either dedicating a lot of valuable — read: expensive — staff time to dark web monitoring or doing it poorly. It probably requires buying specialized tools like Maltego or Spiderfoot, and it certainly requires staff to develop expertise using open-source tools such as TorBot or OnionScan.</p>
<p>In-house dark web monitoring also entails programming automated scans and alerts and integrating the threat intelligence stack with other cybersecurity platforms, such as <a href=”https://www.techtarget.com/searchsecurity/tip/SIEM-benefits-and-features-in-the-modern-SOC”>security information and event management</a>; security orchestration, automation and response; and <a href=”https://www.techtarget.com/searchsecurity/tip/EDR-vs-XDR-vs-MDR-Which-does-your-company-need”>endpoint detection and response</a>.</p>
<p>Enlisting a third-party threat intelligence service that offers dark web monitoring requires less time and effort from in-house cybersecurity staff. It comes with its own significant costs, however, as well as the usual caveats of ensuring the <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-select-an-MDR-service-thats-right-for-your-company”>managed service provider is flexible and responsive</a> to customer needs.</p>
<p>Importantly, using a third party to monitor the dark web reduces the risks of gathering firsthand threat intelligence in extralegal spaces. Going DIY means your team is going into dark places. There is always the chance that security staffers will bring something malicious back, or something will follow them home. Using a third party insulates the enterprise from that exposure.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Is dark web monitoring worth it?”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Is dark web monitoring worth it?</h2>
<p>For most smaller organizations, dark web monitoring is not worth it. The benefits don’t outweigh the costs and risks — whether engaging a thi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: