As Dark Net Endangers Enterprises, MSSPs Need New Tools
… monitors numerous high-quality dark net sources, extracts mentions of the specific assets that are compromised, and structures them into clear alerts in a dedicated workspace on the system, so that they’re perfectly digestible for the end user,” Gal told Channel Futures. “We take all of the complexity out of the dark net and provide the high-quality intelligence from these sources for the MSSPs and their users.”
Such capabilities will prove critical as the dark net evolves and targets the enterprise.
“The dark net continues to turn more and more into an ecosystem of trading services rather than goods,” Ayesha Prakash, Kela’s newly tapped vice president of global channels and strategic alliances, told Channel Futures.
This “servitization,” as Prakash put it, means threat actors working to generate more money now view organizations as prime targets. Thus, these cybercriminals continue to create new and specialized markets for various products and services. Think targeted ransomware and credential abuse as just two examples. However, because so-called servitization (or the aforementioned cybercrime as a service) requires fewer skills on the part of the hackers, MSSPs can gain an advantage with the right tools on hand.
“Enterprise defenders [can] collect actionable, targeted intelligence, effectively aiding enterprises in reducing their attack surface and gaining a better visibility into what attackers do,” Prakash said. “This is definitely a growing trend that we expect to continue … over the next year.”
How IntelAct Works
First off, MSSPs can use IntelAct with the other resources they have in place. It does not replace anything; rather, it augments what MSSPs already use.
“The intelligence gained from IntelAct can be used as a trigger for investigation or as … a source of data enrichment,” Gal said.
To that point, Gal added, “An IntelAct alert regarding a new leaked employee email can trigger a password change. Or, it can be used to check if the password of a user who performed a suspicious login, that was prompted by another data source, was published somewhere in our sources.”
MSSPs also can employ IntelAct for visibility into clients’ exposure to the dark net. Here’s what that can look like:
- Monitoring emerging cybercrime trends
- Looking for compromised credentials
- Prioritizing and managing vulnerabilities
- Threat-based vulnerability patching
One of the keys is that IntelAct allows MSSPs to perform these actions for multiple clients.
“IntelAct allows full automation, which is something that is very different than most solutions out there today,” Gal said. “Most existing solutions require lots of manual assistance in the process of servicing their clients. IntelAct’s automation allows MSSPs to scale the number of clients they are catering to without the need to expand their teams, essentially allowing them to better increase their revenues.”
Kela recommends MSSPs lean on IntelAct to give clients more complete services, and to upsell to those customers. Some possible instances of that include proactive mitigation and patch management; reducing “noise” and false positives by verifying and prioritizing threats; and tracking adversaries and collecting intelligence across multiple illicit online communities.
And those recommendations don’t just apply to enterprise end users. Prakash says MSSPs need to protect themselves as much as they do their clients.
“Service providers are a big target by threat actors nowadays as well,” she said.
- Page 1
- Page 2