Cybersixgill Reviews

Cybersixgill is a tool that allows you to monitor your organization's exposure to cyber criminals and threats by what I would call scraping Dark Web and underground hacker forum sites.

It's not on-premises. It's a service that's offered by Cybersixgill.

I'm a cyber threat intelligence analyst. This is what I do. The scope of Cybersixgill is about 20 percent of my job. For me, personally, and the organization, there has been immense benefit because it has given me early detection of imminent attacks, but not just against my organization. We have also been able to help other organizations, based on the attacks that are being launched against our vertical,  meaning companies and organizations that fit our profile.

It also enables us to do advanced analysis, such as threat-actor profiling. Being able to do advanced threat-actor network analysis allows us to take a higher view of an imminent attack and possible exploitation of vulnerabilities. That's helpful because it informs us about what's about to be exploited—what these criminals are looking for, what the threat-actor might be exploiting against the vertical itself.

In addition, it has reduced our security workload. I was a one-man shop for the first two years. It's hard to put a number on it, as I would have to gain access to the sources and translate the forum. I would have to create a scraper, myself. I would estimate it saves me up to 20 hours a week. They have a good thing going.

We are an MSP who serves different customers of cyber intelligence services. One of the venues that they want to explore is how to do deep web and dark web. For example:

• Is their access for sale?
• Are their analytics for sale? 
• Is their monetization for sale? 

If there is malware, then this can become a problem for them.

My main use case is using Cybersixgill Investigative Portal as a search engine for anything that happens in the dark web. I also use it for an overall view of the trends regarding malware and bad stuff. It searches to identify the selling of operation or currency information for any of my customers in cyber intelligence services.

The solution definitely helps in terms of deeper investigations. Usually my analysts come to the conclusion, "If there is nothing in Cybersixgill, maybe there is nothing around that specific topic." Or, if there is just one thing about a specific topic, maybe that is it, because they have a huge amount of information regarding deep web and dark web. If it is not in the solution, maybe it is really hidden or there is simply no information.

It is common for us that we have HyperFile customers in Mexico. Sometimes, there are hundreds of companies who want to sell to them. So, it is very common that they approach many customers with reports, and say, "You have hundreds of passwords for sale on the dark web," or "You have this kind of information for sale on the dark web." Sometimes, the information is not really relevant information because it is really old.

To be diligent for the customer, we usually go into Cybersixgill Investigative Portal to analyze and search things. The solution tells us the reputation of cyber threat actors. So, if someone has a reputation of one, it is a really bad idea to care about what that person is saying. However, if you find someone with a reputation of nine, then there is a high probability that we need to address the problem. You can get information about these type of actors in Cybersixgill Investigative Portal. They have a huge collection, which is like having the rules/goals of the dark web and deep web without having to go there. Our analysts avoid going dark web because they have Cybersixgill Investigative Portal and can get the news from their browser, searching wherever they want.

We set up alerts for attacks related to specific websites or IP addresses, then we alert our customer to know if they need to change passwords or verify their assets. This way, a hacker won't be in a position where they can take them because of the changes that the organization did. 

Cybersixgill Investigative Portal allows you to search social networking because it treats the dark web and deep web like social networks. This affects the security operations in my company, but also my customers'. For example, if new malware or ransomware start popping up, then we can set up alerts regarding them. 

We do a heap of open source intelligence collection, where part of that is threat risk assessments for our organization. We use it for being able to conduct searches on Cybersixgill Investigative Portal and identify at risk accounts, current trends, threat data, etc. 

We use it as a cloud software as a service provided by Cybersixgill. Therefore, we log into a provided software service, so we are not actually running it on our network.

Rather than hiring more analysts, we have been able to do more with less and automate some of our investigation functions. It doesn't automate all of them, but it certainly helps.

The advanced analysis has made our security operations more efficient. It has also potentially given us quicker access to data that we might not have otherwise located.

Cybersixgill's approach of using limited open source intelligence and focusing instead on the deep web and dark web is a good move. The reality is you are not looking for one tool that does everything. A trained analyst can locate a lot of the open source information without the use of too many tools, so I actually don't think it needs to be able to do everything. I think that focusing on this area is a good one. From a competitive perspective, more tools are focusing in this area so it is certainly becoming quite a competitive space, but Cybersixgill's tools are very good.

We have two use cases. We are providing intelligence and services regarding cyber threats against our clients. Our service covers information from open sources and also the dark web. It's in that context that we are using Sixgill.

For example, we have a credit card issuing company as a client. We use Sixgill to collect information regarding illegal credit card information which is sold on the black market. Sixgill covers many dark web markets, including the dark credit card market as an information source. That means we can easily find our customer's credit card information from Sixgill. We also use their API capability to collect credit card information.

Sixgill is very useful for influencing our clients' operations. By using Sixgill we can collect information from various sources very rapidly. It's really important for us and our customers as a way to improve our CTI operations and their operations.

In addition, by using Sixgill we have significantly reduced our operations workload. If we didn't use Sixgill, we would have to log in to each dark web forum and many other platforms. Using Sixgill we can search the entire area of platforms by entering one query. It significantly reduces our workload.

In terms of the amount of investigation time it's saving us, before using Sixgill it was very hard for us to find indications at all. So it's very difficult to compare. But if I were to approximate the difference, if I conducted research manually it would take one week, but by using Sixgill it takes two hours or three hours. It's a very large reduction. Finding indications, and the reduction in time it takes to do so, has resulted in a very huge cut in our workload.

Our open source research is mainly based on security news. It's not a problem for us. We sometimes use Sixgill in combination with open sources because sometimes serious vulnerabilities are reported in security news sources. But sometimes our clients ask us, "Is this a serious threat or not?" or "What is the dark web cyber criminals' reaction regarding this vulnerability?" We use Sixgill to ask such questions.