Deep & Dark Web Intelligence
Investigations
Leverage Deep & Dark Web Intel for Greater Insights
Deep & Dark Web Intelligence provides insights and early warnings into malicious activity and chatter in hidden channels-like Discord, Telegram, and the dark web. It also helps uncover company data or employee PII included in a recent breach or leaked on the deep or dark web.
By leveraging this intelligence data source, you can gain broader visibility and a deeper look into the future of planned threats with our unique collection of data from dark web channels where threat actors are planning real-world attacks.
How Do These Investigations Work?
- The ZeroFox platform collects data from thousands of dark web and covert communication content sources including forums, marketplaces, Discord, and Telegram chatter that provides early warning on attacks.
- Create queries based on your organization's intelligence requirements and save relevant threads into Investigations that can be shared with others on your team.
- If desired, export the results into CSV format, which allows for ingestion into a variety of other tools, such as a Threat Intelligence Platform (TIP), for further analysis and processing.
How This Intelligence Enhances Digital Risk Protection
Dark Web intelligence can help you defend against real-world threats like executive impersonation, IP exposure, and supply chain attacks.
Features and Benefits Include:
- More extensive analysis: Our proprietary data sets, from unique historical data to the latest dark web research from our embedded operatives, enable in-depth insights.
- Uncover covert chatter-focused feeds: Get alerted to mentions of your people, locations, and brand including communications collected on Discord, Telegram, IRC and the dark web.
- Analyst-curated dark web notes: Get the full picture with more context around new breaches, malware, and threat actor campaigns.
When to Use Deep & Dark Web Intelligence
Data Source: Dark Web, Telegram, Discord, Compromised Credentials
Insights: Mentions of your brand and employee e-mail addresses in cyber attack planning chatter.
Outcomes: Networks scanned for suspicious patterns of behavior for the e-mail addresses/account credentials in question. Hosts scanned for presence of keylogger malware. Accounts locked down and password resets required. Send e-mail to employees about phishing awareness.
Data Source: Botnet Compromised Credentials, Compromised Credentials, Telegram
Insights: Botnet CAC is found on a machine that belongs to your organization.
Outcomes: Quarantine the infected machine and trigger incident response. If you don’t have incident response, engage ZeroFox DFIR.
Data Source: Dark Web, Telegram
Insights: A threat actor is advertising proprietary data. Validate with the actor that the data actually exists by requesting a sample.
Outcomes: If you don’t have an analyst to engage with the threat actor, ZeroFox Dark Ops can perform this due diligence. Submit an RFI request in the ZeroFox platform to engage the Dark Ops team. After confirming data, begin incident response efforts to better understand how this data was leaked. If you don’t have incident response, engage ZeroFox DFIR.
What's Next? ZeroFox Intelligence Solutions
Threat Intelligence Search
- Anytime access
- Augment alerts in the ZeroFox platform
- Add context to alerts from your SIEM, XDR, etc.
- Access a wide range of Global Finished Intelligence
- Save your findings as an Investigation & share with other stakeholders
Enhance Your DRP Security with Threat Intel Search and On Demand Investigation Credits
- Intelligence Search - Self Service
Gain anytime access to our vast threat data lake to perform your own investigations. - On Demand Investigations - Full Service
Our expert team is ready when needed to produce finished intelligence to support more complex assessments and investigations.
With ZeroFox Intelligence, you can quickly and completely answer any questions your security team, or leadership, needs assistance with.
