CyberMaryland Panel Illuminates the Dark WebPOSTED BY JONATHAN COUCH
Recently, at the CyberMaryland Conference 2016 in Baltimore, MD, I had the pleasure of participating in a panel discussion, “Shedding Light on the Dark Web: Threat Intelligence Enabled Workforce,” moderated by Bree Fowler, Tech Writer for the Associated Press.
Some of the big themes the panel discussed included: defining the Dark Web and what happens there, should companies care about it, and how to approach it.
For those who couldn’t attend, I thought I’d share some of the key points. If you are interested, the video recording of the full panel discussion is available on YouTube, here.
We defined the Dark Web as the underground black market where people buy and sell capabilities and information about individuals and companies across a range of industries. Everything from simple credit card data, personally identifiable information (PII), and stolen corporate documents and data, to specialized forums on subjects like predicting the next Nike shoe or Apple iPhone in order to create knock-offs, are available on the Dark Web. There are even very elite forums that offer “hackers for hire.” Some of these sites are accessible by invitation only; vetted participants buy and sell expertise and access to high-value data.
It’s pretty nefarious activity that has generated a lot of discussion and media coverage. But all this attention has also skewed our perception of the Dark Web, leading many to believe it is a much more expansive underground operation that it truly is. The good news is that the Dark Web is accessible and can be monitored. The bad news is that it can only be accessed with special tools, it can be dangerous, and you need to understand the legal ramifications of interacting with the criminal element.
As part of their threat intelligence initiatives, a lot of companies are wondering how to go about searching the Dark Web for relevant information about their company or key individuals, or attacks that might be targeted at their company or industry. From a tactical perspective you can setup your own capabilities in-house which takes significant resources, time, and expertise, or you can hire outside experts.
But before you go too far down this path, you need to take a step back and ask yourself some strategic questions. Do you have a plan for how to act on the information you find? Do you have the resources to execute that plan? How will you remediate? And how will you prevent it from happening again?
A Threat Intelligence Platform like ThreatQ can help. For example, if you find some of your intellectual property on the Dark Web, you can bring those sources into ThreatQ, correlate it to activity you’ve seen on your network, and determine if you have detected this kind of event on your system. Your incident response team can help complete the picture by identifying system weaknesses so that you can improve them. ThreatQ can even push out updated controls to your sensor grid to protect against a similar breach in the future.
It’s human nature to chase the shiny, new object before thinking about what happens when you catch it. Before chasing down information on the Dark Web, understand what approach makes sense for your organization and how to incorporate that data into your threat intelligence program to mitigate risk.