Intelligent CIO Middle East Issue 23 - Page 86

EDITOR’S QUESTION MAJID KHAN, MSS ARCHITECT AND CSOC MANAGER AT HELP AG accessible by standard web browsers. Through use of specialised networks, this hidden Web makes it possible for users to remain completely anonymous. Again, some users simply leverage this anonymity to protect their privacy while others use it to engage in illegal activities. Here, one may find market places, similar to eBay, selling things like leaked credentials, credit card data, forged documents, and Malware kits - some even with a ‘buy back’ guarantee if they don’t work. I n order to better assess threats or use of the dark web, it’s important to understand what the dark web really is and what role can it play for organisations that are concerned about its security. The Internet can be broadly divided into three aspects of the Web. These are the Surface Web, the Deep Web and the Dark Web. The Surface Web refers to the normal internet that we browse day in and day out. This is anything that can be crawled and normally indexed by popular search engines - generally believed to be less than 10% of the whole web. Next is the Deep Web - this is the area of the Web for which access is controlled. Search engines may not be able to crawl through it and you may not be able to directly access it, because in some cases it is protected by passwords; or simply because no hyperlinks to such content exist for one to browse. This is where most – almost 80–90%– of web content exists. This does not mean there is anything illegal in such content, this could be anything like companies’ databases or any internal information for which the intended audiences are limited. If we go deeper into the next layer of the Web, which attracts a lot of interest from a security perspective, we find the Dark Web. This section is intentionally hidden so as not to be 86 INTELLIGENTCIO The anonymity of the financial transactions related to these purchases is also maintained by use of cryptocurrencies like Bitcoin. Of course, there is a good chance of being scammed too. Navigating the Dark Web also requires knowing where to go and resources such as Dark Web Wikis help users find sites of interest. You may also find ‘hackers’ discussing new vulnerabilities, attack campaigns or attack targets. Access into some Dark Web sites is controlled too, as they want law enforcement, reporters and others to keep away from their website. Some Dark Web sites are accessible by invitation only and some may even require you to prove your skills, often by hacking some websites before access is granted. Due to the nature of the content available on the Dark Web, it is important for security focused organisations to consider intelligence from the Dark Web to be an important aspect of their security strategy and therefore included in their Security Operations Centre (SOC). Intelligence from the Dark Web can help organisations be aware of breaches related to their organisation, planned attack campaigns, and new vulnerabilities which may impact their organisation. Getting this visibility from the Dark Web can be very tricky, hence there are security companies who specialise in offering this as a service. They basically harvest information from the Dark Web and make it available to organisations as part of the service. It’s like accessing ‘useful’ Dark Web content without actually being in it. To summarise, it’s important for organisations to include intelligence from the Dark Web in their security strategies, this will help them better predict and respond to cyber security breaches.