A Market Leader in Cyber Threat Intelligence, with Solutions that Extend Far Beyond the Industry Standard: Cybersixgill

“If you haven’t already started thinking about investing in cyber threat intelligence, you are already behind the power curve.”

Cybersixgill is a Tel Aviv-based cyber threat intelligence company. It operates worldwide and serves global enterprises, financial services, MSSPs, government and law enforcement entities.

The firm’s fully automated threat intelligence solutions help organizations fight cybercrime, detect phishing, data leaks, fraud, and vulnerabilities as well as amplify incident response in real-time. Utilizing advanced machine learning techniques, Cybersixgill brings agility to the cyber chain of command, automating the production cycle of cyber threat intelligence and proactively providing customers with the critical insights and automated remediation procedures they need to protect their various assets in the face of the ever-accelerating cyber threatscape.

Cybersixgill was founded in 2014.

To highlight and further understand what Cybersixgill stands for and seeks to explore in this segment, I sat down with Sharon Wagner, Cybersixgill’s CEO.

Below is an excerpt.

Q. As a journalist, I find Cybersixgill quite striking. From the emotional branding standpoint, it has that appeal. How did you come up with the brand name? And please brief us about the history so far.

Our brand name is designed to reflect our unique capacities — not just to extract information from the deep and dark web but to shine a light on the deepest, darkest corners of the underground, empowering our clients to delve beneath the surface and see the entirety of the threatscape. Cybersixgill provides comprehensive, contextual, and actionable insights to reveal the activities that take place in the world’s third-largest economy in an intuitive and effective way. The Cybersixgill brand is designed to encapsulate positivity and proactivity, empowering our customers to run their own independent investigations with confidence. Our six pillars, referenced both in our name and depicted within our logo, reflect our promise to our customers: Proactivity, Visibility, Actionability, Context, Automation, and Insights.

Q. How uniquely does Cybersixgill help organizations fight cybercrime, detect phishing, data leaks, fraud and vulnerabilities, and amplify incident response?

Whereas other vendors rely on humans to search and extract intelligence, Cybersixgill’s threat intelligence solutions are fully automated and comprehensive, providing full access to closed sources and critical intelligence from the underground. This enables security teams to proactively block threats that threaten their organizations and customers, enriching endpoint protection in real-time. Whereas other vendors do not provide the full intelligence picture, forcing clients to make crucial decisions with little information, Cybersixgill provides intelligence with context, giving analysts necessary insight into the nature and source of the threat. With this intel in hand, our customers can effectively prioritize and remediate threats by using one of our pre-configured integrations in their existing security operational tools and easily automate the remediation process. With Cybersixgill’s threat intelligence solutions, analysts can leverage the best in market data collection of hundreds of millions of intelligence items, including historical data dating back to the 90s, deleted posts, invite-only messaging groups, and millions of threat actors. By empowering our clients to run their own investigations, we put the reins back in their hands, giving them total control over their cybersecurity program. We not only provide these capabilities but do so while protecting organizations from unnecessary exposure and risk. Rather than using active collection methods that expose critical client information, keywords, and assets to dark web threat actors, Cybersixgill offerings provide a safe and secure conduit for covert investigations on the deep and dark web.

Q. What can you tell us about the company’s fully automated threat intelligence solutions and investigative portal?

Cybersixgill is a new breed of threat intelligence that offers a full suite of CTI solutions powered by the most comprehensive, automated collection from the deep and dark web, providing exclusive and real-time access to underground activity. By combining extensive collection capabilities with search functionality and security automation, the Investigative Portal delivers unmatched contextual visibility into the underground threat landscape in real-time, allowing analysts to maximize their performance. With advanced machine learning techniques, the Portal automatically compiles patterns and profiles of dark web threat actors and their interactions with peers across platforms, driving proactive and actionable mitigations and improvements to make customers’ infrastructure more resilient to future threats. The Portal also enables custom alerting and monitoring, tailored to each organization’s assets, data and needs.

Q. How does Darkfeed™ deliver real-time intel into organizations’ existing security systems to help proactively block threats?

With the broadest, automated collection from the deep and dark web, Cybersixgill Darkfeed is a feed of malicious indicators of compromise (IOCs), including domains, URLs, hashes, and IP addresses that are automatically extracted and delivered in real-time. Darkfeed is actionable, allowing users to receive and preemptively block items that threaten their organization, and is the most comprehensive IOC enrichment solution on the market. By enriching users’ IOCs with Darkfeed, customers gain unparalleled context and essential explanations to accelerate their incident prevention and response. Our solution integrates seamlessly into customers’ existing security stack, which allows security teams to block threats and enrich endpoint protection in real-time straight from their security dashboard.

Q. How does the DVE Score facilitate vulnerability management?

Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Score is based on our comprehensive collection of vulnerability-related threat intelligence from the deep and dark web and is the only solution that provides users total context and predicts the immediate risks of a vulnerability based on threat actors’ intent. Derived from automated AI analysis of underground discourse on deep and dark web forums (combined with intel from other sources), the DVE Score helps teams to track threats from critical vulnerability exploits (CVEs) that most others define as irrelevant or obsolete, yet have a higher probability of being exploited by threat actors. With this intel, security teams can more efficiently prioritize remediation for maximum protection. By enriching CVEs with the DVE Score, customers gain deeper visibility with relevant intel from the underground augmented with dynamic attributes such as where they are trending, POC exploit details and more. Armed with extra context, our customers can understand the real impact of CVEs to accurately prioritize critical vulnerabilities.

Q. In what industries are your clients? Can you provide us with one or two success stories describing the challenges your clients faced and how your solutions helped them overcome those challenges?

Cybersixgill’s customers include the world’s top banks and financial services, insurance companies, retail, manufacturers, telcos and utility providers, and more. In addition, due to our unique value proposition and product capabilities, our solutions are used by government and law enforcement agencies worldwide. The breadth of Cybersixgill collection capabilities gives us the unique ability to address multiple use cases, offering solutions covering multiple geographies, languages, and verticals.

Recently, in February 2021, one of our financial services customers was able to identify a supply chain compromise using Cybersixgill’s Darkfeed. The customer, a $2B+ revenue financial services company, had received an alert through Darkfeed’s automated feed of malicious IOCs regarding outgoing network traffic to an IP address that was flagged as having a compromised RDP (Remote Desktop Protocol) connection. The customer noted that this RDP address belonged to a trusted partner of theirs—a government entity.

Every Darkfeed IOC includes a post ID, a unique identifier that allows the feed consumer to open the original post in Cybersixgill’s Investigative Portal. This empowers a deeper investigation to understand the full context behind the indicator. As it turned out, the IP address had appeared in a post from the same day that contained 1,496 RDP credentials, including their partner’s IP address and company name, as well as RDP login credentials. Any attacker could have used these 1,496 RDP credentials to launch a large-scale attack.

Armed with Darkfeed, our customer was able to relay this critical intel to their partner. Having received crucial intelligence moments after it had appeared on the dark web, our customer was able to block the threat and remediate the vulnerability before it was weaponized and used in an attack. As such, the partner was able to effectively remediate the situation, preventing a potentially devastating cyberattack.

Q. What new endeavors is your company currently undertaking?

Cybersixgill invests a significant part of its revenue and investments in engineering and data science, consistently enhancing our current products as well as developing and launching more products, tools, and capabilities at both ends of the market. We are also working to expand our collection, applying innovative and advanced machine learning and automation techniques to extract critical information from previously inaccessible sources. Since threat actors are advancing their evasion techniques daily, our autonomous capability adapts constantly to ensure that our customer base continues to benefit from the best insights into the cybercriminal underground. Cyber threats do not exist in a vacuum, and neither can cyber threat intelligence. To stay ahead of the threat curve, our customers must be able to identify potential threats earlier and act to prevent them before they materialize. This is why we invest heavily in creating meaningful integrations into the leading security products in the industry — SIEM, SOAR, EDR, and Vulnerability Management tools — to create seamless, effective, and proactive mitigation and remediation playbooks, tailored to each customer’s needs.

Q. What plans for transformation are you pursuing to remain relevant now and in the future?

The modern cybersecurity threat landscape is accelerating at an alarming rate, producing an overwhelming volume of threats that continue to grow in terms of sophistication, scope, and severity. Yet, as cyberthreats continue to evolve and develop, many of the predominant threat intelligence methodologies are rooted in the approaches of yesterday. They are confined by siloed teams, manual processes, outdated information, limited understanding of cyberthreats and threat actors, and slow responses.

With the maturity of machine learning, NLP, and big data, Cybersixgill has made great strides in the threat intelligence evolution, transforming current processes to meet the demands of the future. Our preemptive incident response methodology, Continuous Investigation/Continuous Protection (CI/CP), has pioneered an agile threat intelligence methodology to outpace the speed of the modern threat landscape. The CI/CP framework brings agility to the cyber chain of command, automating the production cycle of cyber threat intelligence and empowering security teams to collect, analyze, research, and respond to threats in real-time while proactively disrupting future attacks.

“With the maturity of machine learning, NLP and big data, Cybersixgill has made great strides in the threat intelligence evolution, transforming current processes to meet the demands of the future.”