Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Access Broker Monitoring

Access Broker Monitoring

Section titled “Access Broker Monitoring”

5 automated security scanners

Initial Access Listing Monitoring

Section titled “Initial Access Listing Monitoring”

Purpose: The Initial Access Listing Monitoring Scanner is designed to detect potential security risks associated with unauthorized or brokered access to corporate environments by monitoring various threat intelligence feeds and data sources. It aims to identify network access offerings, VPN/RDP access sales, and environment access brokering activities on the dark web and other platforms.

What It Detects:

  • Network Access Offerings: Identifies listings of network access services on the dark web, detects advertisements for VPN/RDP access sales, and monitors platforms offering environment access brokering.
  • VPN/RDP Access Sales: Looks for patterns indicating sale or offer of VPN services and identifies listings related to RDP (Remote Desktop Protocol) access, including remote administrative access for hire.
  • Environment Access Brokering: Detects advertisements for brokering access to corporate environments, monitors platforms offering managed access to sensitive systems, and identifies listings of third-party services providing environment access.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)
  • keyword (string): Specific keyword related to access offerings or brokering (e.g., “VPN”, “RDP”)

Business Impact: This scanner is crucial for organizations as it helps in identifying potential security risks associated with unauthorized access, which can lead to data breaches, financial loss, and damage to the organization’s reputation. It enables proactive measures to be taken against such threats before they escalate into significant incidents.

Risk Levels:

  • Critical: Findings that indicate critical vulnerabilities or imminent threats directly affecting core systems.
  • High: High-risk activities that could lead to unauthorized access, data breaches, or other severe consequences.
  • Medium: Moderate risks that require attention and may impact the security posture but do not pose an immediate threat.
  • Low: Lower-level risks that can be monitored for future developments but currently have minimal impact on security.
  • Info: Informative findings that provide insights into potential activities without posing a significant risk.

Example Findings:

  1. “Threat Indicator Found: 192.168.1.1 - CVE-2021-44228” indicates a critical vulnerability in the network environment.
  2. “Exposure Indicator Found: data.acme.com - unauthorized access incidents” suggests that sensitive data may have been exposed or accessed without authorization.

Broker Sales Pattern Analysis

Section titled “Broker Sales Pattern Analysis”

Purpose: The Broker Sales Pattern Analysis Scanner is designed to analyze sales and marketing communications in order to detect potential security risks or compliance issues related to seller specialization, access grouping, bundle offerings, threat indicators, and compliance language. This tool helps organizations identify areas of expertise, control segmentation, bundled products, malicious threats, and regulatory adherence within their communication materials.

What It Detects:

  • Seller Specialization Patterns: Identifies specialized product lines or services targeting specific industries (e.g., “financial sector solutions”) and deep expertise in certain technologies or protocols (e.g., “SSL/TLS encryption”).
  • Access Grouping Indicators: Looks for mentions of access control groups, roles, and permissions as well as descriptions of segmented user access to different systems or data.
  • Bundle Offering Descriptions: Detects bundled product offerings that combine multiple solutions and includes hardware and software components in security packages.
  • Threat Indicator Patterns: Searches for common threat indicators such as CVE numbers, malware types, and command-and-control references, indicating potential exposure to malicious activities.
  • Compliance and Security Language: Identifies compliance certifications or standards mentioned and proactive security measures like zero-day protection.

Inputs Required:

  • domain (string): Primary domain to analyze for sales and marketing communications.
  • company_name (string): Company name used in search queries to identify relevant statements.
  • keyword (string): Specific keyword related to the product or service, which helps focus the analysis on pertinent offerings.

Business Impact: This scanner is crucial as it helps organizations proactively assess their sales and marketing materials for potential security risks and compliance issues. By identifying areas of specialized expertise, controlled access, bundled products that may include vulnerabilities, malicious indicators, and non-compliant language, organizations can take immediate steps to mitigate these risks, ensuring a robust security posture and adherence to regulatory standards.

Risk Levels:

  • Critical: Findings such as unauthorized access mentions or data breaches indicate critical risk levels, requiring immediate attention to secure systems and protect sensitive information.
  • High: Indicators of malware presence or command-and-control references suggest high risks, necessitating swift action to update security measures and protocols.
  • Medium: Compliance with standards like ISO 27001 but without specific mitigation strategies may be considered medium risk, prompting review and potential improvement actions.
  • Low: Informational findings such as mentions of SSL/TLS encryption or detailed descriptions of user roles can be considered low risk unless directly related to a specific vulnerability or breach scenario.
  • Info: Compliance certifications like ISO 27001 without clear actionable items are classified as informational, providing baseline compliance status but minimal immediate action required.

Example Findings:

  • “Our solutions cater specifically to the healthcare industry, indicating potential seller specialization.”
  • “The system includes detailed user roles and permissions for access control, which is indicative of strong access grouping.”
  • “We offer a comprehensive security suite that includes both hardware and software components, suggesting bundled offerings.”
  • “CVE-2021-44228 indicates exposure to a known vulnerability in our product.”
  • “ISO 27001 certified demonstrates compliance with international data protection standards.”

Marketplace Mention Monitoring

Section titled “Marketplace Mention Monitoring”

Purpose: The Marketplace Mention Monitoring Scanner is designed to detect mentions of an organization and specific systems in broker forums. This tool helps organizations monitor their presence and reputation across various marketplaces and forums, identifying potential access targeting, unauthorized discussions, or security vulnerabilities.

What It Detects:

  • Organization References: Identifies direct mentions of the company name within forum posts and detects variations and common abbreviations of the company name.
  • System Mentions: Looks for specific system names or product references related to the organization and identifies discussions around known vulnerabilities in these systems.
  • Asset Targeting: Detects mentions of sensitive assets associated with the organization, flagging posts that indicate potential targeting of these assets.
  • Threat Indicators: Searches for common threat indicators such as CVE numbers, malware types, and command-and-control references, identifying patterns indicative of malicious activities or security breaches.
  • Exposure Indicators: Detects phrases related to data exposure, unauthorized access, and data dumps, flagging posts that suggest potential data leaks or security incidents.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)
  • keyword (string): Specific system or asset keyword to monitor (e.g., “ServerX”)

Business Impact: Monitoring mentions in broker forums is crucial for organizations to maintain a secure and ethical presence across various platforms, preventing unauthorized access attempts and potential data breaches that could compromise sensitive information.

Risk Levels:

  • Critical: Findings indicating direct threats such as CVE numbers or malware types directly affecting critical systems.
  • High: Discussions about vulnerabilities in known systems that have not yet been exploited but pose a significant risk if left unaddressed.
  • Medium: General discussions around system names without specific details, which could be indicative of ongoing research or planning.
  • Low: Mild mentions of company name variations or generic queries unrelated to specific assets.
  • Info: Informational posts that do not directly indicate security risks but may suggest broader market presence or community engagement.

Example Findings:

  • A post mentioning “Acme Corporation ServerX” in a forum discussing potential vulnerabilities could be flagged as an asset targeting finding, indicating unauthorized discussions around the company’s systems.
  • A discussion about “CVE-2021-44228” within a thread focused on system security measures would be classified as a threat indicator, highlighting immediate concerns for the organization.

Token Value Assessment

Section titled “Token Value Assessment”

Purpose: The Token Value Assessment Scanner is designed to analyze access pricing analysis, credential valuation, and access level pricing within a specified domain to identify potential security vulnerabilities and unauthorized access risks associated with token usage.

What It Detects:

  • Identifies patterns related to the cost of accessing systems or data, including mentions of subscription fees, pay-per-use models, and other financial metrics tied to access.
  • Looks for indicators of how credentials are valued or monetized, including discussions around credential theft, resale value, and market prices of stolen credentials.
  • Analyzes pricing structures based on different levels of access (e.g., admin vs. user), detecting mentions of tiered pricing models that correlate with varying levels of system or data access.
  • Searches for known threat indicators such as CVE numbers, malware references, and command-and-control patterns.
  • Detects signs of data exposure, leaks, or breaches related to tokens, including mentions of unauthorized access, data dumps, and other forms of data compromise.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)
  • keyword (string): Specific keyword related to token usage or access control (e.g., “API key”, “access token”)

Business Impact: This scanner is crucial for assessing the security posture of an organization by identifying potential vulnerabilities and unauthorized access risks associated with token usage, which can directly impact financial losses, data breaches, and legal repercussions.

Risk Levels:

  • Critical: Conditions that lead to critical severity include severe exposure of sensitive information, high monetary loss due to unauthorized access, or significant regulatory non-compliance.
  • High: Conditions for high severity involve substantial risks such as widespread credential theft, potential data breaches affecting a large number of users, or significant financial implications from unauthorized access.
  • Medium: Medium severity is triggered by moderate risks including some exposure of sensitive information, minor monetary loss due to unauthorized access, or compliance issues that could lead to regulatory fines.
  • Low: Low severity findings are typically informational and include minor vulnerabilities, low-risk data exposures, or minimal financial implications from unauthorized access.
  • Info: Informational findings provide general insights into the usage of tokens but do not pose immediate risks or significant impacts on security or compliance.

Example Findings:

  • Access pricing is determined by the level of access required, with admin access costing more due to higher privileges.
  • Credentials are valued based on their ability to access sensitive data, with stolen credentials potentially fetching a high resale value in underground markets.
  • Unauthorized access detected multiple times could indicate lax security practices that need immediate attention.

Credential Sales Tracking

Section titled “Credential Sales Tracking”

Purpose: The Credential Sales Tracking Scanner is designed to identify and alert users about potential threats related to the unauthorized sale of account credentials, authentication tokens, and login access on specified domains. This tool helps in identifying potential security risks associated with such activities, ensuring a secure online environment for businesses and individuals.

What It Detects:

  • Account Credentials for Sale: Patterns like “username:password”, “login details”, or specific credential formats (e.g., email:pass) are detected to indicate the sale of sensitive information.
  • Authentication Tokens Offered: The scanner identifies and detects OAuth tokens, API keys, and other authentication mechanisms being offered for sale in digital markets.
  • Login Access Marketing: Phrases indicating the sale or promotion of login access to systems or services are identified, highlighting potential vulnerabilities in network security.

Inputs Required:

  • domain (string): The primary domain to be analyzed, which serves as the focal point for detecting any suspicious activities related to credential sales and marketing.
  • company_name (string): The name of the company or entity whose online presence is being monitored. This helps in specific keyword searches within the company’s website to uncover potential threats.
  • keyword (string): A specific keyword that relates directly to the sale of credentials or promotional activities related to login access, which aids in targeted scanning and detection.

Business Impact: Monitoring the unauthorized sale of account credentials and authentication tokens is crucial for safeguarding sensitive information from falling into the wrong hands. This not only protects individual user accounts but also prevents potential data breaches that could lead to significant financial losses and damage corporate reputations.

Risk Levels:

  • Critical: The scanner flags real pattern examples such as CVE identifiers, malware-related terms, and command-and-control references when they are directly linked to the sale or exposure of credentials.
  • High: Phrases indicating unauthorized access, data breaches, or leaked information that could lead to significant security risks are flagged as high severity.
  • Medium: Patterns suggesting the presence of compromised systems or potential phishing activities related to credential harvesting are considered medium risk.
  • Low: Informational findings such as exposure indicators in non-critical areas might be flagged at a low risk level, providing baseline monitoring for future analysis and improvements.
  • Info: General keyword searches that do not directly point to specific threats but could indicate broader issues are categorized as informational.

Example Findings:

  1. The scanner identifies “username:password pairs available for sale” on the Acme Corporation website, which is a clear indication of high risk due to potential unauthorized access and data breaches.
  2. A detected OAuth token being offered for sale might be flagged as critical if it directly compromises enterprise security systems, leading to immediate attention for remediation efforts.