We changed our name from IT Central Station: Here's why

Cybersixgill Investigative Portal OverviewUNIXBusinessApplication

Cybersixgill Investigative Portal is #2 ranked solution in top Digital Risk Protection tools and #5 ranked solution in top Threat Intelligence Platforms. PeerSpot users give Cybersixgill Investigative Portal an average rating of 8 out of 10. Cybersixgill Investigative Portal is most commonly compared to Recorded Future: Cybersixgill Investigative Portal vs Recorded Future. The top industry researching this solution are professionals from a comms service provider, accounting for 31% of all views.
What is Cybersixgill Investigative Portal?

Sixgill’s fully automated threat intelligence solutions help organizations fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response in real-time. 

Sixgill Investigative Portal empowers security teams with contextual and actionable alerts, along with the ability to conduct real-time, covert investigations:

    • Powered by the largest data lake of deep and dark web activity
    • Real-time actionable alerts customized to your organization
    • Quick deep dive into any escalation in real-time and gain a complete picture to understand the context.
    • Research threat actors profile, MO and history. Review and analyze across languages, sites, timeframes, types of products, topics, entities and more
    Cybersixgill Investigative Portal Buyer's Guide

    Download the Cybersixgill Investigative Portal Buyer's Guide including reviews and more. Updated: January 2022

    Cybersixgill Investigative Portal Customers

    Current customers include large enterprises, financial services, manufacturing, GSIs, MSSPs, government and law enforcement entities.

    Cybersixgill Investigative Portal Pricing Advice

    What users are saying about Cybersixgill Investigative Portal pricing:
  1. "The pricing and licensing are good. It is expensive for us because the US dollar is quite strong compared to our dollar. Otherwise, it is quite reasonable for what it is. All the tools in the market are around the same price from my experience."
  2. "Sometimes, Cybersixgill Investigative Portal is cheaper than its competitors."
  3. "The pricing is cheap compared with Recorded Future. Sixgill's cost-effectiveness is very good."
  4. Cybersixgill Investigative Portal Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Lead Cyber Threat-Intelligence Analyst at a educational organization with 10,001+ employees
    Real User
    Top 20Leaderboard
    Provides early detection of imminent attacks, and speeds up addressing of vulnerabilities internally because it makes them real
    Pros and Cons
    • "The solution’s approach of using limited open source intelligence and focusing, instead, on the Deep Web and Dark Web is what seals the deal. That is why I like them. I have other tools that I can aggregate all the open source intelligence from. I value Cybersixgill because it provides access to things that no one else does."
    • "Regarding their scraping abilities, things could be solidified. There are definitely improvements that could be made on the specificity for setting certain queries."

    What is our primary use case?

    Cybersixgill is a tool that allows you to monitor your organization's exposure to cyber criminals and threats by what I would call scraping Dark Web and underground hacker forum sites.

    It's not on-premises. It's a service that's offered by Cybersixgill.

    How has it helped my organization?

    I'm a cyber threat intelligence analyst. This is what I do. The scope of Cybersixgill is about 20 percent of my job. For me, personally, and the organization, there has been immense benefit because it has given me early detection of imminent attacks, but not just against my organization. We have also been able to help other organizations, based on the attacks that are being launched against our vertical,  meaning companies and organizations that fit our profile.

    It also enables us to do advanced analysis, such as threat-actor profiling. Being able to do advanced threat-actor network analysis allows us to take a higher view of an imminent attack and possible exploitation of vulnerabilities. That's helpful because it informs us about what's about to be exploited—what these criminals are looking for, what the threat-actor might be exploiting against the vertical itself.

    In addition, it has reduced our security workload. I was a one-man shop for the first two years. It's hard to put a number on it, as I would have to gain access to the sources and translate the forum. I would have to create a scraper, myself. I would estimate it saves me up to 20 hours a week. They have a good thing going.

    What is most valuable?

    One of the most valuable features is the ability to be alerted to any possible imminent attack, or mention of your organization by a possible attacker.

    It is also of the highest importance that it runs on a collection of Deep Web, Dark Web, and closed sources. This tool is a must for any organization that has a large footprint. The solution’s approach of using limited open source intelligence and focusing, instead, on the Deep Web and Dark Web is what seals the deal. That is why I like them. I have other tools that I can aggregate all the open source intelligence from. I value Cybersixgill because it provides access to things that no one else does. And the tool is configured to do this in a way that provides advanced analysis. That is one of the main values that it provides. They are not just aggregating open source news and feeds, they're actually gaining access to real intelligence.

    The size and scope of the solution's collection are pretty impressive. I am impressed with the ease through which the tool allows you to track threat actors who are likely to target you, on a variety of underground forums which are closed. These are sources that would require a solid effort to infiltrate. The automatic translation of any exchange within the platform makes it the most expedient solution for automated threat intelligence and chatter monitoring.

    Cybersixgill has also enabled us to access sources which we have not seen anywhere else. They have access to closed forums that I don't want to mention, but that access is important because it's not available anywhere else.

    What needs improvement?

    They're a newer company, so they're working on their UI a lot. Sometimes the UI is a little glitchy. They're working on different things and making efforts, so that's totally forgivable.

    But regarding their scraping abilities, things could be solidified. There are definitely improvements that could be made on the specificity for setting certain queries. 

    Step-by-step videos would be useful, instead of a book of instructions, because they're a new tool. They're now getting to the point where video training would be useful, or even live training. More digestible video instructions or opportunities for training, so that you actually learn hands-on, would help.

    For how long have I used the solution?

    I have been using Cybersixgill Investigative Portal for a year and a half.

    What do I think about the stability of the solution?

    It's very stable.

    What do I think about the scalability of the solution?

    Scalability is not really applicable. The only integration that I've found has been with my Anomali Threat Intelligence Platform. I'm not even sure that you would want it to scale.

    They could improve, perhaps, some SIEM ingestion and the ability to integrate with other tools carefully. But this is a different tool and that's why I like it. It's not solely a technical intelligence tool. You're essentially spying on exchanges. Perhaps some level of implementation with other security solutions, or some level of automation with other security solutions would be helpful.

    We're leveraging it to provide value to the incident response team, to the governance and compliance team, to the access management team, and to the vulnerability assessment team. We're leveraging it for a lot. As for expanding our usage of it, we're planning on trying to find ways to automate some of the inter-group alerting and use of the tool.

    How are customer service and technical support?

    Their technical support was responsive, but they have not achieved a solution yet for the problem that I was having. The issue is that I was having goes beyond just tech support.

    Which solution did I use previously and why did I switch?

    Before Cybersixgill, I would use open source tools and my own access to Dark Web forums. I would use GitHub tools and my own investigation on Dark Web forums, and it would take an enormous amount of time. Once I found this solution, I saw that I can do it all within one platform, easily.

    How was the initial setup?

    The initial setup was straightforward. You just upload the IPs, the domains, and the keywords that you want them to look out for, the ones that are indicative of mentions of your organization, and you're ready to go.

    Setting up recurring queries and tracking of threat actors can only happen once you see who's going after you, but the initial setup of the tool can be done within hours.

    In our company there are two of us who use the solution, both of us in threat intelligence.

    What was our ROI?

    I've seen an incredible return on the investment, in the form of time-savings and extremely valuable alerting on infrastructure attacks against us, alerts that I would not have seen if it wasn't for them.

    There is also value in our ability to help other organizations that are not as fortunate as we are, organizations that are in our vertical. That has actually put our organization in an extremely good light.

    In addition to the reputational, time-savings, and security advantages, there is a cultural advantage, in a way. This is important and is possibly something that we would not think about. It is difficult for large organizations to have patching and addressing of vulnerabilities in an expedited way, when they're dealing with multiple IT departments. But when the threat intelligence team is able to provide the exact time and way in which something is going to be exploited, based on screenshots of forums that detail the targeting, and based on real-life examples of how they do it—the kind of intelligence that we're able to generate because of Sixgill access—it makes patching and addressing of vulnerabilities a lot faster, because it makes them real.

    What's my experience with pricing, setup cost, and licensing?

    The pricing given to us is excellent.

    Which other solutions did I evaluate?

    I looked at Recorded Future. The main difference is that Cybersixgill is doing one thing, and one thing extremely well, and that is access to Dark Web forums. 

    Recorded Future was too bloated. It had a lot of additional information that was open source. I don't need that. I get that from other places. I needed something that did one thing and that did it extremely well, and that is access to Dark Web, hard-to-find places, and alerting on infrastructure attacks when mentioned in those places. Recorded Future tries to do the job of two tools. I like the fact that Cybersixgill keeps it separate.

    And Cybersixgill was incredibly more affordable than them. 

    Overall, it was better on several levels: 

    • focus
    • access to specific forums and Dark Web spaces
    • simplicity of use; the UI was easier to use and better to look at 
    • pricing.

    What other advice do I have?

    My advice is make sure you schedule a walk-through, and then get it.

    I have been very vocal about how much this tool has helped. I'm a big proponent of it. When I talk to people and collaborate with people in other organizations and they say, "Oh my God, how did you know that?" I'll tell them I knew because of this tool. Others don't do it as well as these people do. This tool does it better than anybody else, because they have focused on one very specific thing and they do it well. Their level of infiltration of these closed forums, and the backend engineering that they've provided, are better than any other solution.

    In terms of conducting deep and complex investigations it would depend on how you define those terms. We don't just do threat-actor tracking. Sometimes we're tracking infrastructure and this is not the tool to do that. This is more of an alerting tool. But within the realms and the scope of what Sixgill was created for, you can actually create some pretty advanced tracking queries and alerting. The altering is invaluable.

    For example, by setting queries to track exfiltration of ransomware gangs that employed the double ransom technique, it can exfiltrate the names of any companies that are being ransomed, before they hit the news. That allows me to cross-reference with our third parties and to tell my CSO that a third party is being compromised. I can tell him that before it even hits the news, and that we need to go into protection mode and assume that there might be potential impact to our organization, based on their compromise and the exfiltration of that data.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    General Manager - Cyber Security at a consultancy with 11-50 employees
    Real User
    Top 10Leaderboard
    We can easily conduct searches on leaked credentials
    Pros and Cons
    • "The advanced analysis has made our security operations more efficient. It has also potentially given us quicker access to data that we might not have otherwise located."
    • "The breadth of access to data is good, but there are gaps. More data would be my suggestion because the platform is good and I have no complaints about the system. I think it is just a case of always trying to get more data sources."

    What is our primary use case?

    We do a heap of open source intelligence collection, where part of that is threat risk assessments for our organization. We use it for being able to conduct searches on Cybersixgill Investigative Portal and identify at risk accounts, current trends, threat data, etc. 

    We use it as a cloud software as a service provided by Cybersixgill. Therefore, we log into a provided software service, so we are not actually running it on our network.

    How has it helped my organization?

    Rather than hiring more analysts, we have been able to do more with less and automate some of our investigation functions. It doesn't automate all of them, but it certainly helps.

    The advanced analysis has made our security operations more efficient. It has also potentially given us quicker access to data that we might not have otherwise located.

    Cybersixgill's approach of using limited open source intelligence and focusing instead on the deep web and dark web is a good move. The reality is you are not looking for one tool that does everything. A trained analyst can locate a lot of the open source information without the use of too many tools, so I actually don't think it needs to be able to do everything. I think that focusing on this area is a good one. From a competitive perspective, more tools are focusing in this area so it is certainly becoming quite a competitive space, but Cybersixgill's tools are very good.

    What is most valuable?

    We can easily conduct searches on leaked credentials. It gives us the ability to look at a timeline and build profiles against companies that we are trying to protect, then track changes to credentials or leaking bucket/cloud services associated with those companies. That is the benefit for us. A lot of it is stuff that we can do manually, but it is more about the time it takes as well as the number of analysts you need to do it compared to getting it provided as a quick service.

    It is scalable in that we don't need a dozen people to do the work. With this tool, one person can do it.

    What needs improvement?

    The breadth of access to data is good, but there are gaps. More data would be my suggestion because the platform is good and I have no complaints about the system. I think it is just a case of always trying to get more data sources.

    For how long have I used the solution?

    I have been using the solution for 12 months.

    What do I think about the stability of the solution?

    It is very stable. We have only ever had one time where we didn't have the service available when we needed it, which is pretty good, particularly given we are in a different time zone. We often find that we have service issues with our companies because of the times of our business days, e.g., that is when most companies are doing their patches in America and Israel, etc.

    We are not using it daily. Our usage ebbs and flows. Sometimes, we are using it all the time, then we might not touch it for a week or two.

    I am the only admin of the solution.

    What do I think about the scalability of the solution?

    Because it is SaaS, it is quite scalable. I haven't seen any scalability issues.

    It is important to us that the solution runs on a collection of Deep Web, Dark Web, and closed sources. The key value-add is the breadth of sources for the data. It is all about cutting down on the time required to conduct detailed research. While all this information can be found if you invest heavily in people and building profiles on dark websites and in forums, the reality is it takes a lot of time, effort, and is not very scalable. For a smaller company, like us, where we don't want to hire dozens of analysts to look at one client, this solution means that we can effectively scale.

    There are six intelligence analysts using it. The tool is quite effective, so that is all that we really need. There are 45 people in the company. 

    The solution is utilized extensively, depending on the work. Sometimes we are doing investigations and using it constantly, then other times there will be other work that we have to do which doesn't require an investigation. So, it ebbs and flows, but it is pretty constant.

    How are customer service and technical support?

    The technical support is good. The only time that we had a problem, they were very responsive. We have only used them once, which is a good sign of their technical support.

    Which solution did I use previously and why did I switch?

    Before Cybersixgill Investigative Portal, we were doing it old school.

    We were at an RSA conference in San Francisco where we spoke to the Cybersixgill guys. They demonstrated the solution and we liked what we saw.

    How was the initial setup?

    The initial setup was straightforward. It probably helped that it is SaaS because it was pretty easy. We implemented and started using it the same day.

    We knew what we needed. We had seen the product before, so the implementation wasn't too complicated. It was just a case of paying for the license, getting access, and then starting to use it. The tool doesn't need any real training. It is a 20-minute thing, then you are good to go.

    I wouldn't see a great deal of benefit trying to deploy it in your own environment because obviously the data is coming from elsewhere. 

    What was our ROI?

    We have seen ROI. It reduces the cost in terms of the number of people that you need to train and have a desk to find the data. It reduced our analysts by half; where we currently have six analysts, we previously needed 12.

    It probably reduces our investigation times by an estimated 15 percent.

    What's my experience with pricing, setup cost, and licensing?

    The pricing and licensing are good. It is expensive for us because the US dollar is quite strong compared to our dollar. Otherwise, it is quite reasonable for what it is. All the tools in the market are around the same price from my experience.

    If you add more companies and things that they are updating on a regular basis, then the price goes up. However, that is pretty reasonable and standard.

    Which other solutions did I evaluate?

    We didn't really see any comparable options at the time that we evaluated it. Since then, we have seen a couple of others, but I still think Cybersixgill Investigative Portal is probably the best of the ones that I have seen, more from the user interface than anything and the way it presents the data. Cybersixgill Investigative Portal has a clean user interface that is fairly easy to use. Whilst there are other tools that provide access to similar systems, this solution is more about the ease of use.

    We also looked at Farsight.

    What other advice do I have?

    It certainly assists and supports deep, complex investigations. However, in my experience, no tool has complete coverage. If you are talking about deep investigations, then you still need a human to follow up with a lot of the data that Cybersixgill Investigative Portal provides you. It doesn't provide you the answer on its own. As an example, we had a client who had leaked data. Cybersixgill Investigative Portal notified us that that data has been leaked, but it doesn't necessarily tell us the details of what has been leaked. It gives you that prompt, then you need to follow that up with an investigation. Cybersixgill Investigative Portal helps you locate where the data is, but you still need to get the data yourself.

    The solution does enable us to do advanced analysis, such as, threat actor profile and social network, but there are limitations to what you can do. It is helpful, but it still needs a trained analyst to make full use of the data that it gives you. I don't think that is a negative thing. That is just the reality of the type of industry that we are in. I don't believe that it's possible to fully automate the advanced analysis.

    Eventually, we may increase our usage, but not in the short-term.

    Biggest lesson learnt: There are some good tools out there for conducting deep web and darknet investigations.

    I would rate this solution as an eight out of 10. It is a good application/tool that makes us more efficient. They are a good team who provide a good service.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Learn what your peers think about Cybersixgill Investigative Portal. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    565,689 professionals have used our research since 2012.
    Head of Cyber Intelligence at a tech services company with 501-1,000 employees
    Real User
    Top 20Leaderboard
    Contains a huge amount of information regarding deep web and dark web, reducing investigation times
    Pros and Cons
    • "To be diligent for the customer, we usually go into Cybersixgill Investigative Portal to analyze and search things. The solution tells us the reputation of cyber threat actors. So, if someone has a reputation of one, it is a really bad idea to care about what that person is saying. However, if you find someone with a reputation of nine, then there is a high probability that we need to address the problem. You can get information about these type of actors in Cybersixgill Investigative Portal. They have a huge collection, which is like having the rules/goals of the dark web and deep web without having to go there. Our analysts avoid going dark web because they have Cybersixgill Investigative Portal and can get the news from their browser, searching wherever they want."
    • "We need real-time updated information. If we could have this, it would be amazing. For example, if someone was posting something, then ten second later, it was on the platform. Sometimes, it takes a minute or hours right now, depending on the forum."

    What is our primary use case?

    We are an MSP who serves different customers of cyber intelligence services. One of the venues that they want to explore is how to do deep web and dark web. For example:

    • Is their access for sale?
    • Are their analytics for sale? 
    • Is their monetization for sale? 

    If there is malware, then this can become a problem for them.

    My main use case is using Cybersixgill Investigative Portal as a search engine for anything that happens in the dark web. I also use it for an overall view of the trends regarding malware and bad stuff. It searches to identify the selling of operation or currency information for any of my customers in cyber intelligence services.

    How has it helped my organization?

    The solution definitely helps in terms of deeper investigations. Usually my analysts come to the conclusion, "If there is nothing in Cybersixgill, maybe there is nothing around that specific topic." Or, if there is just one thing about a specific topic, maybe that is it, because they have a huge amount of information regarding deep web and dark web. If it is not in the solution, maybe it is really hidden or there is simply no information.

    It is common for us that we have HyperFile customers in Mexico. Sometimes, there are hundreds of companies who want to sell to them. So, it is very common that they approach many customers with reports, and say, "You have hundreds of passwords for sale on the dark web," or "You have this kind of information for sale on the dark web." Sometimes, the information is not really relevant information because it is really old.

    To be diligent for the customer, we usually go into Cybersixgill Investigative Portal to analyze and search things. The solution tells us the reputation of cyber threat actors. So, if someone has a reputation of one, it is a really bad idea to care about what that person is saying. However, if you find someone with a reputation of nine, then there is a high probability that we need to address the problem. You can get information about these type of actors in Cybersixgill Investigative Portal. They have a huge collection, which is like having the rules/goals of the dark web and deep web without having to go there. Our analysts avoid going dark web because they have Cybersixgill Investigative Portal and can get the news from their browser, searching wherever they want.

    We set up alerts for attacks related to specific websites or IP addresses, then we alert our customer to know if they need to change passwords or verify their assets. This way, a hacker won't be in a position where they can take them because of the changes that the organization did. 

    Cybersixgill Investigative Portal allows you to search social networking because it treats the dark web and deep web like social networks. This affects the security operations in my company, but also my customers'. For example, if new malware or ransomware start popping up, then we can set up alerts regarding them. 

    What is most valuable?

    In the search engine, you are able to use operators. These operators allow you to do specific searches or open searches. The main things are:

    • If you want to search everything related to a specific malware family but you don't want to have anything related to specific search. So, you can just upload it from the search engine and search for it. 
    • If you only wanted to know about one specific vulnerability, but you don't care what is in Telegram or GitHub as repositories, then it will only care for these things in the dark web forums. You can narrow your search to that. 
    • If you want only sites in Spanish, but not in other languages, you can narrow your search to that. 

    There are a lot of possibilities when using the search engine. It has become really useful for my analysts.

    The solution has enabled us to access sources that we have not seen anywhere else, such as Telegram. It also gives us access to the Genesis Marketplace. Otherwise, we would have to pay someone for that. However, with Cybersixgill, we can go to the platform and search for whatever we want. 

    What needs improvement?

    We need real-time updated information. If we could have this, it would be amazing. For example, if someone was posting something, then ten second later, it was on the platform. Sometimes, it takes a minute or hours right now, depending on the forum.

    For how long have I used the solution?

    I have been using it for more than four years.

    What do I think about the stability of the solution?

    It is a mature solution right now. They have a really good platform.

    What do I think about the scalability of the solution?

    It scales well because it is a SaaS solution. I haven't seen any issues with it.

    How are customer service and technical support?

    They have a great team around the platform who are always working to make sure that you receive high value. They ask for feedback all the time. They also listen to the feedback, which is the most important. The CEO company of the company really cares about customer service.

    I don't call their technical support because their tool is working properly. If I do have to call Cybersixgill for any reason, they respond immediately.

    How was the initial setup?

    In this solution, you only have to give Cybersixgill the email addresses for passes to the platform. It is really simple. You also have two-factor authentication. So, you configure that, and that's it.

    What was our ROI?

    It has helped a lot with investigation workloads. In the past, just for one case, we would spend a lot of time sifting through the dark web and tracking back to recognize threat actors. The solution is really helpful because there is no way to search in the dark web. It has saved a lot of time (about 80 percent), especially since we don't have to make sure each site is regulated to meet our intelligence requirements.

    What's my experience with pricing, setup cost, and licensing?

    Sometimes, Cybersixgill Investigative Portal is cheaper than its competitors.

    Which other solutions did I evaluate?

    It is very important that the solution runs on a collection of deep web, dark web, and closed sources. I have other platforms for other kinds of stuff. I have Cybersixgill only because of its capacity to have information regarding the deep web and dark web. That is its main feature.

    The size and scope of the solution’s collection is amazing. I have tested different solutions and Cybersixgill Investigative Portal is the one that has the most information regarding the deep web and dark web. They have a huge collection.

    I have tested out other solutions. When we compare what they can and cannot do, we see how Cybersixgill Investigative Portal is superior in many ways.

    What other advice do I have?

    Go for it. It is really simple. If you are unsure that it will give you value, just ask for access for 24 hours. Then, you can explore the solution and see how easy it is to operate it. You will love it. Everybody loves this solution.

    The dark web by itself is overrated. Sometimes, you don't find what you want without the context of open sources. I believe Cybersixgill's strongest capability resides with the dark web and deep web. if they go a little into open sources, that is great, but they are good at what they do.

    I would rate this solution as 10 out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Manager of Cyber Intelligence Center at a consultancy with 10,001+ employees
    Consultant
    Top 5Leaderboard
    Enables us to collect information from various sources very rapidly, while significantly reducing our workload
    Pros and Cons
    • "They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Sixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible."
    • "Sixgill has strong capabilities based on search queries, but there is some difficulty in using Sixgill. Their querying is very powerful but it can be difficult. It's not hugely complex but you need some skill to use Sixgill querying."

    What is our primary use case?

    We have two use cases. We are providing intelligence and services regarding cyber threats against our clients. Our service covers information from open sources and also the dark web. It's in that context that we are using Sixgill.

    For example, we have a credit card issuing company as a client. We use Sixgill to collect information regarding illegal credit card information which is sold on the black market. Sixgill covers many dark web markets, including the dark credit card market as an information source. That means we can easily find our customer's credit card information from Sixgill. We also use their API capability to collect credit card information.

    How has it helped my organization?

    Sixgill is very useful for influencing our clients' operations. By using Sixgill we can collect information from various sources very rapidly. It's really important for us and our customers as a way to improve our CTI operations and their operations.

    In addition, by using Sixgill we have significantly reduced our operations workload. If we didn't use Sixgill, we would have to log in to each dark web forum and many other platforms. Using Sixgill we can search the entire area of platforms by entering one query. It significantly reduces our workload.

    In terms of the amount of investigation time it's saving us, before using Sixgill it was very hard for us to find indications at all. So it's very difficult to compare. But if I were to approximate the difference, if I conducted research manually it would take one week, but by using Sixgill it takes two hours or three hours. It's a very large reduction. Finding indications, and the reduction in time it takes to do so, has resulted in a very huge cut in our workload.

    Our open source research is mainly based on security news. It's not a problem for us. We sometimes use Sixgill in combination with open sources because sometimes serious vulnerabilities are reported in security news sources. But sometimes our clients ask us, "Is this a serious threat or not?" or "What is the dark web cyber criminals' reaction regarding this vulnerability?" We use Sixgill to ask such questions.

    What is most valuable?

    One of their strong points is flexibility. That means that once I log in to the Sixgill portal, I can search anything with a specific enquiry. Sixgill provides dark web information based on the search query. By using a combination of the queries, we can exclude various information. It's a very powerful feature of Sixgill.

    Regarding the solution's scope, they already provide many things, and they are gradually extending their coverage. They also cover Twitter, Reddit, and some social media. The only thing they don't cover is security news from open sources.

    They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Sixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible. Sometimes threat actors share vulnerable website leaks, and if one contains a client's assets, we can catch it quickly and notify the client.

    Sixgill also provides threat actor analysis capabilities. When we catch some information regarding a client, such as when some dark web forum member mentions a client's asset, before we report it to the client we conduct a threat actor analysis. Not all members of dark web forums are serial cyber criminals. There are also some kids. Sixgill's threat actor analysis capability provides us with that threat actor's reputation on the forum and helps us know whether a post is very serious or not. We can understand who the threat actor is and whether he is a serious hacker or not. It's very useful information.

    What needs improvement?

    There are no major issues with Sixgill, but the most important ability of a service such as Sixgill is their coverage of information sources. They are continuously adding dark web sites. I don't have a specific request regarding their dark web sites, but I want them to continuously add information sources.

    For how long have I used the solution?

    I have been using Sixgill Investigative Portal for more than four years.

    What do I think about the stability of the solution?

    The portal is very stable.

    What do I think about the scalability of the solution?

    Scalability is excellent. There's no limit to how many clients' information we can register.

    How are customer service and technical support?

    We use their portal site to get technical support, and Sixgill's customer engagement team frequently provides us with new updates or with important information about our clients. We can also contact them through email.

    Which solution did I use previously and why did I switch?

    Currently we don't use any solutions that are similar to Sixgill.

    How was the initial setup?

    It's a SaaS service, so implementation of Sixgill is not difficult. The deployment didn't take too long. They set it up for us within one week. On our side it was my manager and I who were involved in the setup. And the SaaS means we don't need staff to maintain it. On that side, staff is involved only if we need to contact Sixgill, so one person is enough.

    Sixgill has strong capabilities based on search queries, but there is some difficulty in using Sixgill. Their querying is very powerful but it can be difficult. It's not hugely complex but you need some skill to use Sixgill querying. 

    I have been using Sixgill for more than four years so I know what to expect as the result of the queries, but a beginner might find some difficulty in excluding things from the results and getting what they want. Because Sixgill querying is very flexible, sometimes it returns unexpected results.

    We have three staff members using it, all security researchers.

    What was our ROI?

    If we had to conduct the research that we do with Sixgill ourselves, we would have to hire three or four people to maintain our code and the quality of our CTI service. Sixgill is a significant factor in cutting our costs.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is cheap compared with Recorded Future. Sixgill's cost-effectiveness is very good.

    Which other solutions did I evaluate?

    I have some prior experience with competitors of Sixgill, such as Recorded Future, IntSights, and FlashPoint. I have also tested some similar solutions.

    Compared with other solutions, Sixgill's main strength is flexibility. Other solutions, such as Record Future and FlashPoint, sometimes have difficulty receiving load information. Load information means what is actually posted on a forum. By using Sixgill I can get exact information from posts on underground forums. Some of the other solutions lack information. That is why I use Sixgill, after comparing it with those platforms.

    What other advice do I have?

    We first had to establish what it was we really needed to know. That was very important. Sixgill, Recorded Future, and other CTI platforms provide a lot of information. If we didn't have some specific requirements for this information, we wouldn't be able to find the information that is important to us, in the flood of information.

    I would rate Sixgill at eight out of ten. It's a very good solution.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.