The Challenge
An organization providing intelligence services for clients were previously reliant upon open source data and manual dark web monitoring. Finding information and indications of risk was exceptionally challenging, leading the team to source an alternative solution that would enhance their service offering.
The Solution
When reflecting on the evaluation process prior to deploying Cybersixgill, the client says “We first had to establish what it was we really needed to know. That was very important. Cybersixgill, Recorded Future, and other CTI platforms provide a lot of information. If we didn't have some specific requirements for this information, we wouldn't be able to find the information that is important to us, in the flood of information. I have some prior experience with competitors of Cybersixgill, such as Recorded Future, IntSights, and FlashPoint. I have also tested some similar solutions.
Other solutions, such as Record Future and FlashPoint, sometimes have difficulty receiving load information. Load information means what is actually posted on a forum. By using Cybersixgill I can get exact information from posts on underground forums. Some of the other solutions lack information. That is why I use Cybersixgill, after comparing it with those platforms.”
The Result
Upon reviewing the solution, the client says “Cybersixgill is very useful for influencing our clients' operations. By using Cybersixgill we can collect information from various sources very rapidly. It's really important for us and our customers as a way to improve our CTI operations and their operations. In addition, we have significantly reduced our operations workload. If we didn't use them, we would have to log in to each dark web forum and many other platforms. Now, we can search the entire area of platforms by entering one query. It significantly reduces our workload.
If I conducted research manually it would take one week, but with Cybersixgill it takes two hours or three hours. It's a very large reduction. Finding indications, and the reduction in time it takes to do so, has resulted in a very huge cut in our workload.
They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Cybersixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible. Sometimes threat actors share vulnerable website leaks, and if one contains a client's assets, we can catch it quickly and notify the client. For example, we have a credit card issuing company as a client. We use Cybersixgill to collect information regarding illegal credit card information which is sold on the black market.
If we had to conduct the research that we do with Cybersixgill ourselves, we would have to hire three or four people to maintain our code and the quality of our CTI service. They are a significant factor in cutting our costs. The pricing is cheap compared with Recorded Future.”