What is Dark Web Monitoring?
Dark Web Monitoring tracks leaked credentials typically found in data dumps and other lists on the dark web by scanning for leaked credentials that match those of your customers. These leaked credentials pose a critical risk to employees and businesses if left unchecked. Guardz scrapes and analyzes sources that monitor the dark web for malicious activity targeting businesses and users. We analyze domains related to your company, and once leaked credentials are found, they are surfaced as high-severity issues.
Once a user completes the initial signup, the Dark Web Monitoring feature is activated, and the scan begins based on the company’s domain name.
Dark Web Monitoring Capabilities
Guardz scans multiple sources, including the dark web, to find leaked credentials. These sources include:
Pastes
Darknet: Tor
Darknet: I2P
Whois
Usenet
Leaks, COMB
Bot Logs
WikiLeaks
Dumpster
Sci-Hub
Public Leaks
Public Web
💡 Note: Only the organization admin can view leaked user passwords.
Dark Web Monitoring - Issue Types and Remediations
Issues related to Dark Web Monitoring involve leaked credentials of your users. Guardz provides remediation steps to address these issues, including password resets.
A single issue is opened for all leaked credentials, aggregating all impacted users and listing the relevant details.
Not all issues are related to a specific Guardz user; some email addresses may be old or cannot be linked to a current Guardz user.
Guardz cannot always identify the specific system or vendor associated with affected emails and leaked credentials. Therefore, password resets need to be performed on the primary vendor’s platform.
FAQ Dark Web Monitoring
Question: How often does the Dark Web scan run?
📍Answer: The Dark Web Monitoring scan currently runs automatically on a weekly basis. We are scanning for leaked user credentials and passwords. This weekly frequency provides the coverage needed today. We do have improvements for the Dark Web scanning feature in our roadmap.
Question: How can I check when the last scan was for a customer?
📍Answer: To see the last scan date for a specific customer, select that tenant, navigate to the "Dark Web Monitoring" security control, and expand it. The last scan date will be visible there.