Dark web threat intelligence firm Cybersixgill lands $35M

Threat intelligence vendor Cybersixgill aims to bring enhanced data collection capabilities this year to its products, which leverage machine learning (ML) and automation to pinpoint “early signals” of cyber threats via sources such as the dark web, CEO Sharon Wagner told VentureBeat.

Today, Cybersixgill also announced it has raised a $35 million series B funding round in part to fund the further development of its products. Notable investors in the round include prominent cybersecurity vendor CrowdStrike, which is also a customer of Cybersixgill.

SonicWall reported that the total number of ransomware attacks more than doubled in 2021 — jumping 105% during the year compared to 2020. Meanwhile, 83% of organizations experienced a successful email-based phishing attack in 2021, versus 57% the year before, according to Proofpoint data.

Thus, as debilitating cyberattacks continue to increase in prevalence — and concerns grow about potential retaliation from Russia over the west’s support of Ukraine — “the need for early signals against these emerging threats is crucial to protect and respond,” Wagner said in an email.

Threat intel data lake

To arm businesses against these threats, Cybersixgill says it has built the world’s “largest threat intelligence data lake,” which automatically collects threat data from across the deep and dark web, social media, the public internet and other sources.

This data lake is then paired with proprietary ML algorithms that enable users to rapidly find the information they need, score the risks they’re facing (using the probability of exploitation) and generate profiles about the relevant threat actors, according to Cybersixgill.

The bottom line, the company says, is that the offerings provide customers with a “threat and risk intelligence data backbone that fuels cyber/risk decision-making.”

“Cybersixgill’s threat intelligence provides these early signals and is the most instrumental tool for our customer to not only access accurate insights, but prioritize where to take action,” Wagner said.

Key uses for the company’s threat intelligence solution include threat hunting, ransomware detection, incident response, vulnerability management, detection of leaked data and brand protection, according to the company.

Key differentiators

Cybersixgill’s two most important differentiators are the “depth and breadth of our threat intelligence and the timeliness of our data,” Wagner said.

Due to the company’s automated collection capabilities, it’s able to continuously add to its large volume of collected data and surface more unique findings than competitors, he said.

Meanwhile, as a result of the same automation mechanisms, “we are finding these items a lot quicker,” Wagner said. “With the ever-intensifying threat landscape, access to the earliest warnings possible is critical so that organizations can respond and react on time.”

Competitors in the space include Recorded Future, Digital Shadows, Flashpoint, Intel 471, Cyble and IntSights.

Cybersixgill, however, has “the broadest data lake in the market,” Wagner said. “This means that we can provide faster and broader access to the data, which is critical to any organization that is in a need to increase its ROI and improve its security posture.”

Key data sources include activity in “the cybercriminal underground” — such as limited-access deep and dark web forums, underground markets, and invite-only messaging groups on Telegram, Discord and QQ, he said. The company also utilizes “an unparalleled archive of indexed, searchable historical data from as early as the 1990s,” Wagner said.

ML capabilities

Cybersixgill uses ML to transform data into “actionable knowledge,” he said. Specifically, ML-powered functions in the offerings include malware, advanced persistent threat (APT), vulnerability and threat actor processing and profiling; advanced risk scoring for threat actors and malware; and advanced recommendations, according to Wagner.

With the help of the new funding round, the company plans to continue enhancing its threat intelligence offerings. Updates planned for 2022 include continuing to expand the data collection capabilities of its products with richer, more-sophisticated automation tools, as well as with improvements such as enriched data analysis using AI-based processing, Wagner said.

Integrations with key product areas will be another priority, he said. Those areas include extended detection and response (XDR), security orchestration automation and response (SOAR) and security information event management (SIEM).

Growth funding

The series B funding round was led by More Provident and Pension Funds. Along with CrowdStrike, other backers in the round included Elron Ventures, SonaeIM and OurCrowd. Tel Aviv, Israel-based Cybersixgill has now raised a total of $56 million in funding since its founding in 2014.

While its offering has been generally available since 2015, Cybersixgill has seen its revenue take off over the past 24 months, growing 350% during that time period, Wagner said. The company now has a goal of doubling its revenue in 2022, year-over-year, he said.

Cybersixgill has 100 customers, with a focus on verticals including financial services, government and law enforcement, telecommunications and retail.

The company’s threat intelligence offerings are also geared toward use by managed security services providers (MSSPs) and cybersecurity vendors. MSSPs that leverage Cybersixgill include Optiv and Carahsoft, while cybersecurity customers that use the offerings include F5, Radware, CyberProof and CrowdStrike.

In a quote posted on the Cybersixgill website, Crowdstrike CTO Michael Sentonas said that the automated data collection and analysis offered by Cybersixgill provides “deep and accurate threat intelligence, delivering context to drive preemptive security responses.”