Dark Web monitoring and scanning explained

September 16, 2020  |  Nick Cavalancia

This blog was written by a third party author.

Shady deals often occur in darkness – criminal activities require secrecy to cloak their illicit nature. Today, you can find those dark places on the fringes of the internet, known as the Dark Web. More often than not, this is the place where cybercriminals go to monetize the data they’ve acquired as the result of a breach.

What is Dark Web scanning? 

As the name suggests, Dark Web scanning works by searching the Dark Web to locate any stolen personal data and then alerting you if personal information is found for yourself or members in your organization. This enables you to then take the appropriate steps to help mitigate any potential damage/incidents. It should be noted that not all data exposed in data breaches ends up on the Dark Web, so if your data isn’t found this doesn’t guarantee that you haven’t been breached.

Why scan the Dark Web?

The Dark Web is host to all kinds of stolen personal information, from credit card details and bank account numbers, through to people’s personal log-in details for any number of web-based services, social security numbers, and even medical records. You’ll also find a broad brush of corporate data on there, such as customer lists, intellectual property, and employee usernames and passwords.

Why is this corporate data so valuable?

If your customer database is stolen, complete with email addresses, a would-be attacker could buy the list and then send out emails pretending to be from your company; this would potentially give them the credibility they need to execute a successful phishing attack and get their targets to share credit card information or online credentials. Alternatively, if your internal data is stolen, attackers can use employee log-on credentials to access corporate applications, systems, and networks to steal data, execute fraud, install ransomware, or use you as the go-between to target a larger partner or customer.

So, while we wouldn’t recommend people should visit this internet underworld any time soon, companies do need to keep an eye out for their data being traded on the Dark Web. Finding stolen user emails and passwords on the Dark Web can be a strong indicator that either your company, or a third-party application or website that your employees use, has been compromised. This puts your business at risk of further exploitation. A good Dark Web monitoring service can help you find this data online and stay one step ahead of your attackers.

Dark Web monitoring vs scanning

The terms “Dark Web monitoring” and “Dark Web scanning” are often used interchangeably. The key difference being that scanning is invariably used to refer to the one-off activity of scouring the Dark Web. However, if this is offered as an ongoing service it would be referred to as Dark Web monitoring.

Dark Web monitoring protects organizations in a number of important ways:

  • Reduce potential damage: If someone steals credentials from your employees, especially those with access to sensitive data, you could face a major attack. Monitoring allows organizations to be alerted to any compromised credentials found, empowering your IT or security teams to change credential passwords and specifically look for attempts to breach your managed networks using detected credentials. This can help you shut down attacks before they occur or contain the damage during an active attack.
  • Investigate and strengthen defenses: Once alerted to a breach based on credential use, you can begin the process of discovering where your security measures failed. If, for example, you find that attackers exploited an unpatched vulnerability and then used compromised credentials to access internal resources, you can patch and prevent a second attack wave.
  • Mitigate brand damage: If a breach occurs, you have to communicate to customers as soon as you know what happened. Failure to do so could harm your brand. A good Dark Web monitoring service can help you hone in on what happened and explain the issue to customers. In cases where customer data or credentials are stolen, you can also offer advice on steps to take like freezing their credit or changing personal passwords.
  • Compliance: With many laws like the General Data Protection Regulation (GDPR), organizations have mandatory reporting requirements after a breach. Failure to report within the proper window could lead to disastrous consequences and heavy fines. With a Dark Web monitoring solution, not only can you start investigating sooner, but you can also show auditors the strong measures your company takes to protect internal credentials and customer data, and an ability to discover potential breaches.

Can a SIEM monitor the dark web?

On their own, security information and event management (SIEM) solutions act as collectors and organizers of key data gleaned from other sources, such as intrusion detection systems, network and system logs, and user activity monitoring solutions. This means that a standalone SIEM solution on its own would not provide Dark Web monitoring services.

However, most SIEM solutions do support integrations to other third-party data sources, and a Dark Web monitoring service could be included here. This would mean that companies have the ability to integrate the presence of Dark Web compromised credentials within their alerts in their SIEM solution. This could provide another layer of security check and could be an important trigger to instigate a password reset and then monitoring usage of that set credentials.

Share this with others


Featured resources



2024 Futures Report

Get price Free trial