Netcraft

Dark Web Market Searches

Fraudsters commonly make use of Tor hidden services and the marketplaces available on them to sell credentials stolen from customers and employees, leaked internal documents, forged identity documents, or payment card data.

Netcraft explores these marketplaces, providing intelligence on the illicit materials being sold by fraudsters relating to your brand.

Features

  • Regular searches for your brands on dark web marketplaces
  • Valuable intelligence and early warning of criminal activity
  • Screenshots and text extracts from listings including prices and sellers
  • Identification of new marketplaces following law seizures and exit scams
  • Detect possible data security breaches

Benefits

  • View the data being made available on dark web marketplaces

Pricing

£18000 per instance

  • Free trial available

Service documents

G-Cloud 11

416381848736183

Netcraft

Andy Ide

01225 447500

asi@netcraft.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints All modern web browsers supported.
System requirements Web Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24 hours, 7 days a week
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is provided by electronic mail and telephone.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide online documentation, and also can provide a Webex (or similar) demonstration of the portal to answer any questions.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Via the API, or we can provide a data extract on request.
End-of-contract process N/A

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface Website provides the results from the searches for your brand, together with text extracts and screenshots of the marketplace listings.
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API Yes
What users can and can't do using the API Extract the search results
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources We scale our applications to account for load placed by all customers.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach We physically secure access to our data centre and backup media.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Via the API, or we can provide a data extract on request.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON via API
  • TSV
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability If the Service is unavailable continuously for 3 (three) days or unavailable for an aggregate of 120 (one hundred and twenty) hours within the Subscription Period the customer may terminate the Service and receive a pro-rata refund for the unused period.
Approach to resilience Available on request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels User Account Authentication, Multi Factor Authentication, IP ACLs
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Risk based approach.
Information security policies and processes Defined in our internal Policies and Procedures document

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have an internal change management process
Vulnerability management type Supplier-defined controls
Vulnerability management approach Netcraft is a PCI approved scanning provider, and tests its own infrastructure. Patches are applied as appropriate.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Netcraft has a Security Incident Detection and Remediation programme.
Incident management type Supplier-defined controls
Incident management approach We have an internal policy for handing incidents.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £18000 per instance
Discount for educational organisations No
Free trial available Yes
Description of free trial We can offer a trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑