Searchlight Security, a provider of threat intelligence for companies exploring the dark web, said it has bolstered its flagship Cerberus platform with a new tool that automatically collates data from active ransomware groups.
Ransomware Help for MSSPs
The Ransomware Search and Insights enhancement is intended to help managed security service providers (MSSPs), organizations and law enforcement to investigate, track, and gather intelligence on live ransomware activity. Dark web monitoring is emerging as one of the fastest growing offerings among MSSPs, Searchlight said. The idea is to help customers stay abreast of ransomware hackers’ moves and to anticipate what’s possibly coming.
The tool integrates with MSSPs offerings and can deliver easy-to-digest overviews of ransomware activity to customers, or action intelligence internally to protect their client base from emerging threats, according to Searchlight.
Greater Insights on Ransomware Groups
Enterprises will also benefit from the tool by observing the victims of threat actors, posts on leak sites, and track known group members all in one place. Organizations can also identify which ransomware groups are targeting organizations that match their profile (e.g. industry, geography, business size). The can then tailor their defenses with a better understanding of which group is most likely to attack them.
As Dr. Gareth Owenson, Searchlight’s co-founder and chief technology officer, explained:
"Although ransomware has been one of the most pressing threats for several years, it still remains persistent because security teams and law enforcement agencies have been on the back foot, playing catch-up with the ever-changing tactics and profiles of ransomware groups. With visibility into the dark web presence of active ransomware threat actors, analysts can better understand how they are currently operating, therefore gaining a critical advantage over groups.”
The Search and Insights enhancement also aids law enforcement and enterprises, the company said. For example, tracking the activity of prolific threat actors on marketplaces and forums can help law enforcement agencies’ efforts to disrupt and take down these groups.