Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Threat Intelligence Platforms
September 2022
Get our free report covering Recorded Future, CyberInt, Cybersixgill, and other competitors of IntSights. Updated: September 2022.
633,184 professionals have used our research since 2012.

Read reviews of IntSights alternatives and competitors

Manager of Cyber Intelligence Center at a consultancy with 10,001+ employees
Real User
Top 5Leaderboard
Enables us to collect information from various sources very rapidly, while significantly reducing our workload
Pros and Cons
  • "They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Sixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible."
  • "Sixgill has strong capabilities based on search queries, but there is some difficulty in using Sixgill. Their querying is very powerful but it can be difficult. It's not hugely complex but you need some skill to use Sixgill querying."

What is our primary use case?

We have two use cases. We are providing intelligence and services regarding cyber threats against our clients. Our service covers information from open sources and also the dark web. It's in that context that we are using Sixgill.

For example, we have a credit card issuing company as a client. We use Sixgill to collect information regarding illegal credit card information which is sold on the black market. Sixgill covers many dark web markets, including the dark credit card market as an information source. That means we can easily find our customer's credit card information from Sixgill. We also use their API capability to collect credit card information.

How has it helped my organization?

Sixgill is very useful for influencing our clients' operations. By using Sixgill we can collect information from various sources very rapidly. It's really important for us and our customers as a way to improve our CTI operations and their operations.

In addition, by using Sixgill we have significantly reduced our operations workload. If we didn't use Sixgill, we would have to log in to each dark web forum and many other platforms. Using Sixgill we can search the entire area of platforms by entering one query. It significantly reduces our workload.

In terms of the amount of investigation time it's saving us, before using Sixgill it was very hard for us to find indications at all. So it's very difficult to compare. But if I were to approximate the difference, if I conducted research manually it would take one week, but by using Sixgill it takes two hours or three hours. It's a very large reduction. Finding indications, and the reduction in time it takes to do so, has resulted in a very huge cut in our workload.

Our open source research is mainly based on security news. It's not a problem for us. We sometimes use Sixgill in combination with open sources because sometimes serious vulnerabilities are reported in security news sources. But sometimes our clients ask us, "Is this a serious threat or not?" or "What is the dark web cyber criminals' reaction regarding this vulnerability?" We use Sixgill to ask such questions.

What is most valuable?

One of their strong points is flexibility. That means that once I log in to the Sixgill portal, I can search anything with a specific enquiry. Sixgill provides dark web information based on the search query. By using a combination of the queries, we can exclude various information. It's a very powerful feature of Sixgill.

Regarding the solution's scope, they already provide many things, and they are gradually extending their coverage. They also cover Twitter, Reddit, and some social media. The only thing they don't cover is security news from open sources.

They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Sixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible. Sometimes threat actors share vulnerable website leaks, and if one contains a client's assets, we can catch it quickly and notify the client.

Sixgill also provides threat actor analysis capabilities. When we catch some information regarding a client, such as when some dark web forum member mentions a client's asset, before we report it to the client we conduct a threat actor analysis. Not all members of dark web forums are serial cyber criminals. There are also some kids. Sixgill's threat actor analysis capability provides us with that threat actor's reputation on the forum and helps us know whether a post is very serious or not. We can understand who the threat actor is and whether he is a serious hacker or not. It's very useful information.

What needs improvement?

There are no major issues with Sixgill, but the most important ability of a service such as Sixgill is their coverage of information sources. They are continuously adding dark web sites. I don't have a specific request regarding their dark web sites, but I want them to continuously add information sources.

For how long have I used the solution?

I have been using Sixgill Investigative Portal for more than four years.

What do I think about the stability of the solution?

The portal is very stable.

What do I think about the scalability of the solution?

Scalability is excellent. There's no limit to how many clients' information we can register.

How are customer service and technical support?

We use their portal site to get technical support, and Sixgill's customer engagement team frequently provides us with new updates or with important information about our clients. We can also contact them through email.

Which solution did I use previously and why did I switch?

Currently we don't use any solutions that are similar to Sixgill.

How was the initial setup?

It's a SaaS service, so implementation of Sixgill is not difficult. The deployment didn't take too long. They set it up for us within one week. On our side it was my manager and I who were involved in the setup. And the SaaS means we don't need staff to maintain it. On that side, staff is involved only if we need to contact Sixgill, so one person is enough.

Sixgill has strong capabilities based on search queries, but there is some difficulty in using Sixgill. Their querying is very powerful but it can be difficult. It's not hugely complex but you need some skill to use Sixgill querying. 

I have been using Sixgill for more than four years so I know what to expect as the result of the queries, but a beginner might find some difficulty in excluding things from the results and getting what they want. Because Sixgill querying is very flexible, sometimes it returns unexpected results.

We have three staff members using it, all security researchers.

What was our ROI?

If we had to conduct the research that we do with Sixgill ourselves, we would have to hire three or four people to maintain our code and the quality of our CTI service. Sixgill is a significant factor in cutting our costs.

What's my experience with pricing, setup cost, and licensing?

The pricing is cheap compared with Recorded Future. Sixgill's cost-effectiveness is very good.

Which other solutions did I evaluate?

I have some prior experience with competitors of Sixgill, such as Recorded Future, IntSights, and FlashPoint. I have also tested some similar solutions.

Compared with other solutions, Sixgill's main strength is flexibility. Other solutions, such as Record Future and FlashPoint, sometimes have difficulty receiving load information. Load information means what is actually posted on a forum. By using Sixgill I can get exact information from posts on underground forums. Some of the other solutions lack information. That is why I use Sixgill, after comparing it with those platforms.

What other advice do I have?

We first had to establish what it was we really needed to know. That was very important. Sixgill, Recorded Future, and other CTI platforms provide a lot of information. If we didn't have some specific requirements for this information, we wouldn't be able to find the information that is important to us, in the flood of information.

I would rate Sixgill at eight out of ten. It's a very good solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Threat Intelligence Platforms
September 2022
Get our free report covering Recorded Future, CyberInt, Cybersixgill, and other competitors of IntSights. Updated: September 2022.
633,184 professionals have used our research since 2012.