A few weeks ago, we hosted a webinar on Dark Web Monitoring. I was taken aback that, even a year after remote work, there was a huge registration—one of our most popular webinars ever. If you missed it, do not fear, you can watch a recorded version

The webinar was not popular because of my dulcet Kettering accent, but because dark web monitoring is a topic that continues to attract a huge amount of interest, skepticism, and confusion.  While I don’t normally write follow-up blogs to webinars, there were some incredibly interesting findings from questions we asked of the hundreds of security practitioners that joined the webinar.

So, if you’re interested in what “dark web monitoring” looks like for many security teams, read on!

Exposed Credential Monitoring is the Most Popular Use Case

The “dark web” is not a magical place that organizations will unearth online groups plotting against their company and executives. This does happen but it is a) rare and b) only impacts the biggest organizations. However, monitoring dark web markets and criminal forums still has significant value for all organizations–if they focus on the right use cases. 

Question 1: Which use case do you value the most?

When we asked the audience (across three webinars) what their top use cases were, there was a clear winner–exposed credential monitoring. Approximately 54% of security-minded attendees were selecting that as their top use case. 

Following behind credentials, the other most popular use cases were:

  1. Ransomware tracking
  2. Fraud
  3. Initial access broker listings
  4. Insider threats 

Only 7 Percent of Security Teams have a Dedicated Closed Sources Team

Despite enormous interest in dark web monitoring, most organizations (93%) do not have a dedicated team. This is not that surprising, given that an effective dark web monitoring capability requires foreign language expertise, geographic expertise, and lots and lots of time.

Read more about the people, processes and technology considerations in our Dark Web Monitoring Solutions Guide.

To be clear, this does not mean that teams are not collecting from dark web sources–39% perform ad hoc searches, and 14.2% use an outsourced provider, such as Digital Shadows SearchLight (now ReliaQuest GreyMatter DRP).

Question 2: How mature is your dark web monitoring program?

Try dark web monitoring for free

If you’re still relying on ad hoc searches for your dark web monitoring and want to see if there is a better way, we’re providing a free, seven day option to do so. Here you can track ransomware victims (an example is below) and initial access broker listings. Register here to get your free Test Drive account.

Tracking ransomware victims in SearchLight