Searchlight Security launched Ransomware Search and Insights, a new strategic enhancement to its Cerberus platform.
Ransomware Search and Insights automatically collates data from active ransomware groups to help organizations and law enforcement agencies to investigate, track, and gather intelligence on live ransomware activity.
This curated view of ransomware groups means that patterns in tactics, incidents, and victimology can be observed in real-time, helping analysts to bolster their threat intelligence, and gain the upper hand on ransomware groups.
“Although ransomware has been one of the most pressing threats for several years, it still remains persistent because security teams and law enforcement agencies have been on the back foot, playing catch-up with the ever changing tactics and profiles of ransomware groups,” said Dr. Gareth Owenson, CTO of Searchlight Security. “With visibility into the dark web presence of active ransomware threat actors, analysts can better understand how they are currently operating, therefore gaining a critical advantage over groups.”
Enabling enterprises to pre-empt attacks
Ransomware Search and Insights allows organizations to observe the victims of threat actors, posts on leak sites, and track known group members, all in one place – significantly reducing time and resources spent individually researching each threat group.
With previously unseen insight into ransomware activity as it is happening, they can also identify which ransomware groups are targeting organizations that match their profile (e.g. industry, geography, business size) and tailor their defenses with a better understanding of which group is most likely to attack them.
Empowering law enforcement
Cerberus’ Ransomware Search and Insights provides investigators with the most up-to-date intelligence for their fight back against cybercrime. Ransomware groups pose a significant risk to national security through the persistent threat to critical infrastructure. As ransomware groups use the dark web to conduct their campaigns with impunity, tracking the activity of prolific threat actors on marketplaces and forums can help law enforcement agencies’ efforts to disrupt and take down these groups.
“The Ransomware Search and Insights module was born from our work with national law enforcement agencies who require real-time insights to investigate and take down ransomware groups. We have listened to and collaborated with them to address these needs and bring the next evolution of threat hunting to life,” explained Owenson. “Investigators can now work smarter, not harder, with live intelligence on ransomware operators collated and delivered to them.”
Ransomware intelligence for MSSPs
Dark web monitoring is emerging as one of the fastest growing offerings amongst Managed Security Service Providers (MSSPs), driven in no small part by increased customer demand to stay one step ahead of attackers and prevent disruptive ransomware incidents.
Ransomware Search and Insights provides MSSPs with a valuable tool that integrates into their existing offering, with the ability to deliver easy-to-digest overviews of ransomware activity to customers, or action intelligence internally to protect their client base from emerging threats.