General Manager - Cyber Security at a consultancy with 11-50 employees
Real User
2021-03-24T12:37:00Z
Mar 24, 2021
It certainly assists and supports deep, complex investigations. However, in my experience, no tool has complete coverage. If you are talking about deep investigations, then you still need a human to follow up with a lot of the data that Cybersixgill Investigative Portal provides you. It doesn't provide you the answer on its own. As an example, we had a client who had leaked data. Cybersixgill Investigative Portal notified us that that data has been leaked, but it doesn't necessarily tell us the details of what has been leaked. It gives you that prompt, then you need to follow that up with an investigation. Cybersixgill Investigative Portal helps you locate where the data is, but you still need to get the data yourself. The solution does enable us to do advanced analysis, such as, threat actor profile and social network, but there are limitations to what you can do. It is helpful, but it still needs a trained analyst to make full use of the data that it gives you. I don't think that is a negative thing. That is just the reality of the type of industry that we are in. I don't believe that it's possible to fully automate the advanced analysis. Eventually, we may increase our usage, but not in the short-term. Biggest lesson learnt: There are some good tools out there for conducting deep web and darknet investigations. I would rate this solution as an eight out of 10. It is a good application/tool that makes us more efficient. They are a good team who provide a good service.
Head of Cyber Intelligence at a tech services company with 501-1,000 employees
Real User
2021-03-17T19:25:00Z
Mar 17, 2021
Go for it. It is really simple. If you are unsure that it will give you value, just ask for access for 24 hours. Then, you can explore the solution and see how easy it is to operate it. You will love it. Everybody loves this solution. The dark web by itself is overrated. Sometimes, you don't find what you want without the context of open sources. I believe Cybersixgill's strongest capability resides with the dark web and deep web. if they go a little into open sources, that is great, but they are good at what they do. I would rate this solution as 10 out of 10.
Lead Cyber Threat-Intelligence Analyst at a educational organization with 10,001+ employees
Real User
2021-03-10T20:36:00Z
Mar 10, 2021
My advice is make sure you schedule a walk-through, and then get it. I have been very vocal about how much this tool has helped. I'm a big proponent of it. When I talk to people and collaborate with people in other organizations and they say, "Oh my God, how did you know that?" I'll tell them I knew because of this tool. Others don't do it as well as these people do. This tool does it better than anybody else, because they have focused on one very specific thing and they do it well. Their level of infiltration of these closed forums, and the backend engineering that they've provided, are better than any other solution. In terms of conducting deep and complex investigations it would depend on how you define those terms. We don't just do threat-actor tracking. Sometimes we're tracking infrastructure and this is not the tool to do that. This is more of an alerting tool. But within the realms and the scope of what Sixgill was created for, you can actually create some pretty advanced tracking queries and alerting. The altering is invaluable. For example, by setting queries to track exfiltration of ransomware gangs that employed the double ransom technique, it can exfiltrate the names of any companies that are being ransomed, before they hit the news. That allows me to cross-reference with our third parties and to tell my CSO that a third party is being compromised. I can tell him that before it even hits the news, and that we need to go into protection mode and assume that there might be potential impact to our organization, based on their compromise and the exfiltration of that data.
We first had to establish what it was we really needed to know. That was very important. Sixgill, Recorded Future, and other CTI platforms provide a lot of information. If we didn't have some specific requirements for this information, we wouldn't be able to find the information that is important to us, in the flood of information. I would rate Sixgill at eight out of ten. It's a very good solution.
Sixgill’s fully automated threat intelligence solutions help organizations fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response in real-time.
Sixgill Investigative Portal empowers security teams with contextual and actionable alerts, along with the ability to conduct real-time, covert investigations:
Powered by the largest data lake of deep and dark web activity
Real-time actionable alerts customized to your organization
Quick...
It certainly assists and supports deep, complex investigations. However, in my experience, no tool has complete coverage. If you are talking about deep investigations, then you still need a human to follow up with a lot of the data that Cybersixgill Investigative Portal provides you. It doesn't provide you the answer on its own. As an example, we had a client who had leaked data. Cybersixgill Investigative Portal notified us that that data has been leaked, but it doesn't necessarily tell us the details of what has been leaked. It gives you that prompt, then you need to follow that up with an investigation. Cybersixgill Investigative Portal helps you locate where the data is, but you still need to get the data yourself. The solution does enable us to do advanced analysis, such as, threat actor profile and social network, but there are limitations to what you can do. It is helpful, but it still needs a trained analyst to make full use of the data that it gives you. I don't think that is a negative thing. That is just the reality of the type of industry that we are in. I don't believe that it's possible to fully automate the advanced analysis. Eventually, we may increase our usage, but not in the short-term. Biggest lesson learnt: There are some good tools out there for conducting deep web and darknet investigations. I would rate this solution as an eight out of 10. It is a good application/tool that makes us more efficient. They are a good team who provide a good service.
Go for it. It is really simple. If you are unsure that it will give you value, just ask for access for 24 hours. Then, you can explore the solution and see how easy it is to operate it. You will love it. Everybody loves this solution. The dark web by itself is overrated. Sometimes, you don't find what you want without the context of open sources. I believe Cybersixgill's strongest capability resides with the dark web and deep web. if they go a little into open sources, that is great, but they are good at what they do. I would rate this solution as 10 out of 10.
My advice is make sure you schedule a walk-through, and then get it. I have been very vocal about how much this tool has helped. I'm a big proponent of it. When I talk to people and collaborate with people in other organizations and they say, "Oh my God, how did you know that?" I'll tell them I knew because of this tool. Others don't do it as well as these people do. This tool does it better than anybody else, because they have focused on one very specific thing and they do it well. Their level of infiltration of these closed forums, and the backend engineering that they've provided, are better than any other solution. In terms of conducting deep and complex investigations it would depend on how you define those terms. We don't just do threat-actor tracking. Sometimes we're tracking infrastructure and this is not the tool to do that. This is more of an alerting tool. But within the realms and the scope of what Sixgill was created for, you can actually create some pretty advanced tracking queries and alerting. The altering is invaluable. For example, by setting queries to track exfiltration of ransomware gangs that employed the double ransom technique, it can exfiltrate the names of any companies that are being ransomed, before they hit the news. That allows me to cross-reference with our third parties and to tell my CSO that a third party is being compromised. I can tell him that before it even hits the news, and that we need to go into protection mode and assume that there might be potential impact to our organization, based on their compromise and the exfiltration of that data.
We first had to establish what it was we really needed to know. That was very important. Sixgill, Recorded Future, and other CTI platforms provide a lot of information. If we didn't have some specific requirements for this information, we wouldn't be able to find the information that is important to us, in the flood of information. I would rate Sixgill at eight out of ten. It's a very good solution.