Denver, Colorado, USA – DarkOwl today announced the release of a new product, DarkSonar API, to help organizations better assess and track their potential cyber risk based on the nature of its exposure on the darknet.
Built on DarkOwl’s proprietary Entity dataset, DarkSonar generates a risk rating that is unique to each company. The algorithm used to generate these signals takes into account key quantitative and qualitative factors over time of organizational exposure of email addresses with associated passwords, and weights each signal accordingly. The result is a quantifiable risk indicator that can help companies and organizations monitor and potentially predict cyberattacks.
In testing internally and with beta partners in the insurtech and third-party risk industries, DarkOwl found an elevated DarkSonar score in the months before a cyberattack in approximately 75% of the cases where a company publicly acknowledged a breach. Depending on the companies and the nature of the attacks this percentage was as high as 85% in some instances.
“The darknet contains data critical to understanding criminal behavior and security risk,” said Mark Turnage, CEO of DarkOwl. “To develop DarkSonar, we looked at our own vast dataset of darknet content and focused on what has proven to be the number one attack vector for threat actors—namely credentials with passwords. In doing so, we saw that the magnitude of a company’s credential exposure within our database, and the real-life cyberattacks they experience, have a high correlation. This suggests that DarkSonar has not only a monitoring use, but may also have some predictive qualities. It is a valuable tool every threat intelligence team should use and have available.”
DarkOwl’s partner, SecurityScorecard, also expressed the importance of such a tool – even for small businesses. “We recently conducted research with an independent cyber research institute and found that 98% of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years,” said Alex Rich, VP of Alliances & Channels at SecurityScorecard. “This only reinforces the need for security teams to prioritize maintaining insight into their entire digital ecosystem, including their supply chain. DarkSonar offers a unique way to signal such risks, which is important for businesses of all sizes.”
DarkSonar API was built to be utilized for self-risk assessments, brand monitoring, vendor risk management, and cyber underwriting and risk rating. As supply chain compromise becomes an increasingly prevalent problem, DarkSonar is a means to continually monitor for third-party risk.