Get cyber threat results related to your company by scanning keywords from specific data sources.
Cyber Threat Surveillance
The Cyber Threat Surveillance feature provides the capability to review possible threats in the Dark Web that could indicate cyber risk in your company or users. With Cyber Threat Surveillance, the main goal is all about risk reduction, and having visibility to those risks or potential risks can put you one step ahead of the game.
This is an Add-On service that you can include in your current plan. If you're interested in getting this service talk to sales at sales@symbolsecurity.com and enable this important feature on your company(s).
How it works?
1. Define Keywords
Symbol allows you to add multiple keywords to search by. These categories need to be defined per company and the quantity will vary depending on your plan.
These are some of the keywords you could add to the list:
- Single String (Like Company Name or Product Name)
- Domain
- CCN (Credit Card Numbers)
- SSN (Social Security Number)
- IP addresses
- Crypto Addresses
2. Select Data Sources
By default, cyber threat results are extracted from all data sources, however, you can decide which sources you want to get results from.
In order to define a custom list of data sources navigate to the "Data Sources" tab from the cyber threat surveillance view and click on the "Manage Sources" button to choose which sources you want to use for getting cyber threat results.
3. Track Results
Once you have defined your keywords, our application every 24 hours will search on the DarkWeb any result associated with the provided information. These results will be shown in the "Results" tab that is shown in the Cyber Threats view.
Each result listed on the view will have the following information:
- Title.
- Threat Date.
- Threat Content (It shows all the information extracted from the DarkWeb).
- Status (Pending, Urgent, Resolved).
- Keyword(s) (The keywords used to get the result).
- Negativity. (This is a value of how likely the content could be used for criminal activity).
- Source.
Some things to keep in mind about the results:
- Every day the application will only search for results on the past 24 hours prior to the search, however, if this is the "first call", then the application will search for historical results about past years.
- The result's content is automatically removed after 30 days.
3. Take Actions
Admins will be able to take some actions on the listed results, they could:
- Categorize
- Ignore (When ignoring results, they will be automatically removed from the list).
These are some of the categories that admins can assign to each result:
-
Pending: this is the default category.
-
Urgent: would be applied when the result has negativity greater than 80%. Also, it would need to be closed out as resolved at some point by the admin.
-
Resolved: It would be a positive closure and each result marked with this category will disappear from the main list and will be sent to the "Resolved Results" list.
4. Notifications
Admins can enable or disable the Cyber Threat Surveillance notifications that are being sent when new results are found, giving them more control over their organization's security measures. This notification can be managed both for companies and specific admins.
Filtering Results
Once the filter button on the top right of the screen is pushed a box will open up with the options to filter the results on the results page:
- Categories: allows you to filter by a specific status such as pending, urgent, resolved etc.
- period of time: allows you to pick between specific dates on the top of the box.
- keywords: allows you to type in specific keywords to filter by.
To clear filters, there is a button right under the filters button on the top right.
The list of "Resolved Results" could be accessible by clicking on the number of resolved results that are shown at the top of the screen.
Note: Cyber Threat results and keywords can also be managed from the Symbol API.