Cybersecurity consultancy, Pentest People, has announced a new Dark Web Monitoring Service to alert organisations to potential data breaches and enable rapid incident response.
Organisations commission Pentest People’s cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom.
The company’s Penetration Testing as a Service (PTaaS®) provides an initial consultant-led test, followed by ongoing vulnerability testing via Pentest People’s SecurePortal®. This combined approach provides continuous testing, that allows businesses to be alerted to newly-discovered threats and software patches, so that they can respond more rapidly to protect systems and data.
Owing to increasingly sophisticated and stealthy techniques used by attackers, many organisations only become aware that their systems have been breached when their data is offered for sale in secret sites and hacker forums that are not easily accessible to the general public. On the 2nd February, in what has been dubbed the Combination of Many Breaches (COMB), 3.2 billion unique email and password pairs were leaked on a hacker forum.
Pentest People’s Dark Web Monitoring Service uses proprietary intelligence tools to identify whether an organisation’s domain name, brand, or IP addresses, are included on illicit online marketplaces, which could indicate the presence of stolen data such as payment card details, passport numbers, personally identifiable information, or healthcare records.
If a client’s data is detected on the Dark Web, Pentest People’s experienced consultants will investigate whether the alert is a false positive and, if genuine, will provide a risk report that classifies the severity of the breach and provides a full remediation action plan, to enable the company to respond appropriately. Clients can also opt to simply receive alerts, so that their own in-house experts can assess the veracity and severity of a suspected breach.
The Dark Web Monitoring Service uses proprietary security tools, written by Pentest People’s security researchers, which makes use of application programming interfaces (APIs) created during numerous OSINT assignments.
Commenting on the new managed service, which will be delivered via the SecurePortal®, Gavin Watson, technical director at Pentest People said. “There are too many examples of organisations being unaware of breaches for extensive periods, even years. GDPR requires all organisations to report personal data breaches within 72 hours of becoming aware and informing affected individuals without undue delay. By scanning the Dark Web, we’re offering an early warning system, so that organisations can respond more quickly and limit the damage in the event of a breach.”