DarkWebDark Web. Scanning vs Monitoring
DarkWeb, watchOUT

Dark Web. Scanning vs Monitoring

Dark Web scanning, is being pushed by a lot of people and lot of vendors who either have a background in big data analytics or else in traditional log management technologies, such as SIEM.

Though I am a big supporter of dark web monitoring, dark web scanning vendors and techs pushing their offerings (products & platforms) as a potential monitoring solution for threats and stolen data on Dark web is something I don’t agree with. I see a lot of vendors providing dark web monitoring services using basic technologies and components which is capable of large scale crawl, collection, search and filter capabilities.

Their claim is to be able to scan the darkweb & locate the stolen data or credentials or other stuff on darkweb and/or deep web, is often misplaced, misquoted and misrepresented. Let us understand a few things about darkweb and what it takes to monitor it meaningfully and use the information and intelligence collected from it.

What is dark web scanning?

Dark web scanning is mostly facilitated by basic crawl, search and match technologies. Use of the analytic components and technologies enables orgs to analyze the collected darkweb data and present the basic findings. This is what is mostly perpetuated by a lot of people as darkweb monitoring. Such technologies, platforms and products have a problem.

They presume an easy availability of dark web assets (servers & resources on them). And, they also presumes the unhindered crawling option to be available to get to those darkweb servers and repositories. And then either scrap for information or else look for information specific to a particular customer/domain. This is mostly not true.

Why such basic web data scrapping and analysis does not work, needs to be understood.

But, before, we get there, lets understand what is dark web monitoring.

What is dark web monitoring?

Dark web monitoring is a large scale hunt operations for a given customer, to discover and unearth data belonging to that customer. Range of techniques are used to infiltrate through dark sites, dark forums, clandestine chat forums and more places to find the stolen data or else locate sensitive information about a particular customer.

A dozen odd techniques are used to facilitate an entry into hidden corners of dark web and know, locate and get stolen data. Crawling of the dark web servers & resources on them is, one and very small part of darkweb monitoring.

Presumption of Availability of Sites

Quite a many of onion sites, on darkweb, specifically the ones, which, may indeed contain stolen data, disruptive and harmful conversations or marketplaces will generally not be up and running most of the time.

Majority of the time, these sites come up for a brief duration, through a secondary channel coordination, to conduct specific transaction or else to do specific conversation, and, then they are taken off the grid.

Lack of Indicators

The real stolen and sold data or indicators on dark web sites, which, may really contain one which belongs to an enterprise, is mostly very obfuscated. And, in some cases it is not placed online at all. While you may be able to scan a specific set of nodes on dark web, you may still not bump into any specific indicators through tags or keyword searches.

Mutation of Locations

Quite many cyber criminal operators, groups & malicious actors will keep both, their digital infra and conversation on darkweb in mutated form. The data and other info on dark web, by these malicious actors will not be kept on static set of hosts and static set of trails.

So, even if you locate an asset on dark web which indicates compromised data, keeping on trail of that will be difficult if not impossible, using search and scrapping based technology.

How is Dark web Monitoring, Different?

Dark web monitoring should use a range of techniques, and, many of them are not as tech savvy or technology dependent, as one would think.

These methods will depend on how monitoring has been modeled but here are general list.

  • Using pseudo identities to infiltrate forums/marketplaces/data dumps
  • Indicative purchases on marketplaces which show your interest in stolen data
  • Creating multi-set identities to explore market places which claim to sell data
  • Avatars which posture themselves as employees & show interest in selling data
  • And, many more

Overall monitoring ops for darkweb has very limited dependency on search techniques. It is largely dependent on active engagement and reverse espionage.

Quite a many times, it takes more than three to six months, to seed the players, into darkweb eco system, who can get their hands on specific customer’s stolen data. Any claims that they can keep an eye on all and any stuff on darkweb and locate the sensitive or stolen stuff right away, using a web scrapping tech, is doubtful.

Dark web monitoring is for companies, which are committed to get preemptive about their security, and, engage, look and act on stolen data, credentials and more which can be used against them.

Dark web Scanning vs Darkweb Monitoring

  • Dark web scanning does not yield results, most of the time (save your investment)
  • Dark web scanning is passive in nature and hopes to find stuff
  • Dark web monitoring is complicated and time taking process
  • It takes a team of experts & quite a bit of understanding of darkweb, to locate data
  • And, dark web monitoring is a continuous process, which builds up over time
  • Overall monitoring ops for darkweb has very limited dependency on search techniques. It is largely dependent on active engagement and reverse espionage.

Dark web Scanning may be a “good to have tool” from baseline search and satisfaction point of view. But, it does not yield any meaningful and effective results, from threat management point of view.

Leave a comment:

Your email address will not be published. Required fields are marked *

Top
oh hello you
Award-winning
creative agency.
Delivering high-quality projects for international clients. Ask us about digital, branding and storytelling.

CONTACT ADDRESS
36 East 20th Street, 6th Floor

GENERAL INQUIRIES
borgholm@qodeinteractive.com

SOCIAL MEDIA

Privacy Policy

This Privacy Policy applies to the www.castellumlabs.com

Castellum Labs recognises the importance of maintaining your privacy. We value your privacy and appreciate your trust in us. This Policy describes how we treat user information we collect on http://www.castellumlabs.com and other offline sources. This Privacy Policy applies to current and former visitors to our website. By visiting and/or using our website, you agree to this Privacy Policy. Castellum Labs is a business unit of Raaga Technologies Private Limited and focuses on information technology and cyber security services and products.

Castellumlabs.com is brand and is a property of Raaga Technologies Private Limited, an Indian Company registered under the Companies Act, 2013 having its registered office at Workyard, 337, Phase 2, Industrial Area, Phase 1, Chandigarh, India - 160002.

Information we collect

Contact information. We might collect your name, email, mobile number, phone number, employer company, your designation, street, city, state, pin-code, country and IP address.

Payment and billing information. We do not conduct any online transaction and do not ask our website users for any kind of financial or payment information on our website.

Information you post. We collect information you post in a public space on our website or on a third-party social media site or asset or page or account or wall belonging to Castellum Labs.

Demographic information. We may collect demographic information about you or any other information provided by your during the use of our website with your consent and your approval. We might collect this as a part of a survey also.

We collect information in different ways.

We collect information directly from you. We collect information directly from you when you fill a query form or else when you drop a message to our number of else when you call our phone numbers. We also collect information if you post a comment on our websites or ask us a question through phone or email.

We collect information from you passively. We may use tracking tools like Google Analytics, Google Webmaster, browser cookies and web beacons for collecting information about your usage of our website and any associate web sites of ours.

We get information about you from third parties. For example, if you use an integrated social media feature on our websites. The third-party social media site will give us certain information about you. This could include your name and email address.

Use of your personal information

We use information to contact you: We might use the information you provide to contact you for confirmation of the answers for your queries posted on our website.

We use information to respond to your requests or questions. We might use your information to confirm your registration for a webinar or an event or a course published by us.

We use information to improve our products and services. We might use your information to customize your experience with us. This could include displaying content based upon your preferences.

We use information to look at site trends and customer interests. We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties.

We use information for security purposes. We may use information to protect our company, our customers, our websites or our other digital assets on internet.

We use information for marketing purposes. We might send you information about special promotions or offers. We might also tell you about new services, features, products, reports or other offerings. These might be our own offers or products, or third-party offers or products we think you might find interesting. Or, for example, if you submit a query, we might enroll you for our newsletter with your consent.

We use information to send you transactional communications. We might send you emails or SMS about your account, registration or a query submitted by you.

We use information as otherwise permitted by law.

Sharing of information with third-parties

We might share information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or query processors or transactional message processors. Some vendors may be located outside of India.

We will share information with our business partners. This includes a third party who provide or sponsor an event, or who operates a venue where we hold events. Our partners use the information we give them as described in their privacy policies.

We may share information if we think we have to in order to comply with the law or to protect ourselves. We will share information to respond to a court order or subpoena. We may also share it if a government agency or investigatory body requests. Or, we might also share information when we are investigating potential fraud.

We may share information with any successor to all or part of our business. For example, if part of our business is sold we may give our customer list as part of that transaction.

We may share your information for reasons not described in this policy. We will tell you before we do this.

Email Opt-Out

You can opt out of receiving our marketing emails. To stop receiving our promotional emails, please email unsubscriber@castellumlabs.com. It may take about ten days to process your request. Even if you opt out of getting marketing messages, we will still be sending you transactional messages through email and SMS about your queries.

Third party sites

If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites.

Grievance Officer

In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below:

Mrs. Rinky (Sukriti) Shukla

Workyard, 337, Phase 2,
Industrial Area, Phase 1,
Chandigarh, India - 160002

Phone: +91 - 86399 53505
Email: sukriti.shukla@castellumlabs.com

If you have any questions about this Policy or other privacy concerns, you can also email us at privacy@castellumlabs.com

Updates to this policy

This Privacy Policy was last updated on 20.12.2025. From time to time we may change our privacy practices. We will notify you of any material changes to this policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.

Jurisdiction

If you choose to visit the website, your visit and any dispute over privacy is subject to this Policy and the website's terms of use. In addition to the foregoing, any disputes arising under this Policy shall be governed by the laws of India.

Annual Summary Report

Please provide your details to access the report.