https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

Cyber Threat Intelligence

How MSSPs Can Deliver Value Through Dark Web Threat Intelligence

  • Written by Ben Jones
  • December 20, 2022
MSSPs can better protect clients from dark web activity by monitoring whether scouting and prep are underway.
Seaerchlight Security's Ben Jones

Ben Jones

By monitoring the dark web for precursory activity to a cyberattack — such as credentials being shared on criminal forums, IP addresses communicating with the dark web, breaches for sale, or even mentions of company secrets — MSSPs can take proactive steps to protect their customers, pre-empt attacks and demonstrate their value from day one.

Solving the MSSP Cyberattack Paradox

When a managed security service provider (MSSP) onboards a new client, it immediately begins to monitor the network for suspicious behavior. However, unless there’s an anomaly of some kind from the outset — i.e., a cybercriminal is already in the process of attacking the company — there can be very little for the MSSP to initially report back. This puts the MSSP into a paradoxical situation where it is waiting for an incident to occur before it can prove its worth to the customer, despite — of course — not at all wanting its client to experience a cyberattack.

This paradox can be removed if MSSPs can pre-empt potential incidents before they can be put into play. That’s where dark web monitoring and contextual threat intelligence comes in, steps that provide a very visible, and very quick, return on investment for new customers by extending their visibility beyond their organization out to where their potential adversaries operate: on the dark web.

Cybercriminals from opportunistic amateurs to state-backed ransomware groups use dark web marketplaces and forums to plan, execute and publicize their attacks. They discuss the organizations they’re looking to target, buy vulnerabilities and exploits and share exfiltrated data with other criminals.

The ability to gain visibility into this criminal underworld means that MSSPs can help businesses get off the back foot by identifying the early warning signs of attack before they are hacked.

The Value of Dark Web Monitoring

It’s not just the customer that can see a quick ROI from dark web monitoring. By incorporating this functionality within their service offering, MSSPs can create new commercial opportunities.

The most obvious of these fall into the security audits, penetration testing and consultancy areas. An MSSP, you would hope, already has the ability to find network vulnerabilities that could be exploited. However, being able to go further, to demonstrate not only how that exploitation could occur but also that such an exploit is already for sale on the dark web, is something else altogether. Moreover, the ability to collect and collate external threat data, such as traffic from the dark web going to an organization’s infrastructure components, helps the customer to better understand the attacker’s perspective, and the techniques they use at each stage of the “Cyber Kill Chain” to execute their attacks.

Another commercial opportunity that can be derived from dark web data is training and awareness programs, sold off the back of evidence of security risk. In the face of concrete proof of dark web criminals targeting their organization, it’s much harder for a customer to make the “show me the breach” argument before committing to any additional spending. Now the MSSP can present the evidence that, while the network may not have been breached yet, preventive action is urgently required.

Delivering Dark Web Context

Of course, one understandable hesitation among MSSPs looking to undertake dark web monitoring for their customers is the possibility of alert overload. Is this another threat intelligence source that is going to overwhelm their customers with irrelevant information?

This, however, highlights another benefit of dark web intelligence – unlike other threat intelligence, it is highly specific to the organization. This is because searching the dark web is based on “attributes” of the organization, such as credentials, IP addresses or executive names – as just three examples. This results in two things: context and actionability. Let’s start with the latter.

Threat intelligence is only valuable to a company if it is directly actionable. A generic threat trend report doesn’t help the customer implement new measures that will improve its security posture. It looks to its MSSP to make specific recommendations based on intelligence: we have evidence of X, which requires remediation using Y. For example, if a software vulnerability in a supplier’s technology is being discussed on a dark web forum, the company can take very specific preventive actions — such as alerting the supplier, applying a patch to the software, and actively monitoring the network for signs that an intrusion already has taken place.

As for context, the pre-attack phase of the MITRE ATT&CK framework, which maps defenses against the tactics, techniques and procedures (TTPs) of threat actors, illustrates how dark web intelligence helps companies stop cybercriminal activity earlier in the Cyber Kill Chain.

MSSPs can show how visibility into the dark web gives them coverage of the first two tactics of the framework — cybercriminals’ Reconnaissance and Resource Development — which take place outside of the company’s network. This proves they’re helping the customer take a more proactive approach to security by stopping cybercriminals while they’re still planning their attacks.

Ben Jones started his career in defence and aerospace as an engineer designing unmanned aircraft. He transitioned into cybersecurity after recognising the evolution toward virtual battlefields and the rapid growth of cyber threats to nations, organisations and individuals. Ben co-founded Searchlight Security to help in the fight to protect society from dark web threats. You may follow him on LinkedIn or @SLCyberSec on Twitter.

Tags: MSPs VARs/SIs Best Practices EMEA Security Technologies

Most Recent


  • ThreatLocker Zero Trust World Day 2 2023 Feature
    Zero Trust World 2023: ThreatLocker Unleashes Ops Threat-Detection Tool
    ThreatLocker also will be rolling out a new portal.
  • Layoffs
    Telecom-IT Layoff Tracker 2023: Cisco, RingCentral, Microsoft, 8x8, Sophos, More
    The onslaught of layoffs is bleeding over into this month.
  • Job Cuts
    January's Tech Layoff Scourge: Deep Dive Into Channel Impact
    We break down the seemingly daily layoffs impacting various companies doing business in the channel.
  • Cloud Merger
    Bam Boom! Pax8 Buys Cloud Company to Enable MSPs with Microsoft Dynamics
    The purchase will help partners automate clients’ business processes. Rob Rae will play a role, too.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cerberus Sentinel Rebrands As CISO Global to Reflect Growth
  • Making Waves
    7 Channel People Making Waves This Week at Canalys, VMware, Forrester, Check Point, More
  • Source code on a computer screen
    Okta Confirms Another Breach, This Time Source Code Stolen
  • Crystal ball Big Ben London
    Channel Futures' 2023 EMEA Outlook: Partners Will Help Customers Weather the Storm

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Zero Trust World 2023: ThreatLocker Unleashes Ops Threat-Detection Tool

February 2, 2023

Telecom-IT Layoff Tracker 2023: Cisco, RingCentral, Microsoft, 8×8, Sophos, More

February 2, 2023

January’s Tech Layoff Scourge: Deep Dive Into Channel Impact

February 2, 2023

Industry Perspectives

View all

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

The Benefits of Hiring an Investment Bank

January 30, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

Day 2 of #ZTW: @ThreatLocker unveils new Ops threat detection tool. dlvr.it/Shs93Y https://t.co/dAnj6IUiF2

February 3, 2023
ChannelFutures

.@broadvoice appoints a channel vet as new program leader. Before joining the company, he had risen through the ran… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

More activity over at @Pax8 (which just hired @RobTRae): the #cloud marketplace firm has purchased @BamBoomCloud.… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

.@SamsungMobile launches #GalaxyS23 phones, new #GalaxyBook3Ultra at Samsung Unpacked. dlvr.it/ShrW8G https://t.co/DloltwdMsE

February 2, 2023
ChannelFutures

The new partnership between Channel Futures and @ITExchangeNet is poised to benefit the partner community.… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

.@JuniperNetworks announces transition to “solution building outcomes," addresses pain points around quoting, prici… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

Day 1 of #ZTW23: @ThreatLocker hopes attendees walk away smarter about #zero trust and cybersecurity.… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them dlvr.it/ShpCHp https://t.co/Av6eJmYnnF

February 1, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X