Today, we announced that Sixgill Darkfeed is now available to users of Threatquotient’s ThreatQ platform. ThreatQ users can now rely on Sixgill’s exclusive feed of actionable indicators of compromise (IOCs). This allows security teams to enhance the intel they receive through ThreatQ with contextual data in real-time in order to get ahead of threats before an attack.
The Sixgill-ThreatQ integration elevates threat hunting for malicious IOCs in corporate networks and allows for better understanding of malware TTPs and trends.
That’s really good news for companies that want to keep their networks safe, buying valuable time in a fast-evolving threat environment where every millisecond matters.
The new integration is another sign of Darkfeed’s success in the marketplace. Since Darkfeed was released in March, we’ve announced more than half a dozen integrations, and we have more in the pipeline.
So, we wanted to take a moment to discuss what makes Darkfeed different and why it is receiving so much attention in the marketplace.
The dark web itself is atomized into disparate networks, some of which aren’t accessible with a normal web browser. The sites aren’t indexed. These are just a few of the many reasons that make dark web surveillance a technical challenge.
Still, the dark web is quite large, and it acts as a kind of social network for threat actors. They trade tips, tactics, and techniques. Opinions are shared, fake and real news are posted, and underground commodities change hands.
Traditionally, these threat actors were only discovered through various sensors and honeypots that detect attacks in progress. But, by then, it’s too late.
Capturing chatter from the darkweb gives companies a chance to get a head start on attacks. Darkfeed automatically gathers indicators of compromise, or IOCs - things like malicious hashes, or URLs and malware variants that threat actors are talking about. It systematically categorizes it into actionable intelligence and “pushes” this directly into various security tools like the ThreatQ platform. The IOCs are automatically delivered with context such as extended details and scoring so security teams can enhance their understanding of threats. Armed with this understanding, they can then take steps to prioritize their actions; deciding which threats to block, prevent, or preempt first.
Speed, however, isn’t the only advantage of Darkfeed. Typically, we see that the threat intelligence networks and honeypots that alert companies to attacks are operated by anti-virus vendors.
In order to illustrate the Darkfeed advantage, we did some research to show just how different Darkfeed’s data is from these honeypot networks. We compared the IOCs that Darkfeed identified with those from ten of the leading anti-virus software applications. What we found was that no antivirus software identified more than 34 percent of the IOCs that Darkfeed found.
Which is a way of saying that Darkfeed accelerates threat response, and makes it more comprehensive. For users of the ThreatQ platform, we’re excited to bring industry leading intelligence to help them stay ahead of the breakneck pace of criminal activity.