What are the Deep Web and Dark Web?
Defining the Deep and Dark Web
The term Deep and Dark Web (DDW) refers to websites that are hidden or omitted from standard web searching and crawling or require an alternative (usually encrypted and anonymized) means to access them aside from normal web browsing. Both Deep and Dark Web are often incorrectly associated as hostile spaces that only harbor illicit or illegal content. Despite the prevalence of such activity, there are legitimate and proper applications for the DDW and are attractive for organizations and users that are concerned about privacy and are simply are looking to make use of the encryption and anonymity that goes along with participating in the region of internet space known as the Deep and Dark Web.
What are the Primary Differences between the Clear Web, Deep Web and Dark Web?
- The Clear Web is openly-accessible and available via HTTP/HTTPS websites (e.g. fidelissecurity.com, youtube.com, apple.com, toyota.com). Clear Web sites can be navigated to directly via web browser search or queried using simple search engine techniques.
- The Deep Web is often hidden from basic search engine requests and crawlers. The content is usually accessible via normal web browsing if URL is known and information is usually protected or restricted behind permissions settings.
- The Dark Web is even further compartmented than the Deep Web, where network traffic is “relayed” through multiple anonymous proxy servers in order to hide the origin of the client and host. The Dark Web is not accessible by normal web browsers (e.g. requires TOR) and all traffic and activity are encrypted with a focus on maintaining anonymity. While the Dark Web is where much of the illicit web-based activity is concentrated (e.g. underground marketplaces for drugs and weapons, and forums where cybercriminals discuss, develop, and trade malware and exploits), it is not solely the realm of criminal activity.
Why the Deep Web and Dark Web are Important?
A lot of mainstream coverage and advertising around the deep web and dark web focuses on the illicit activities that take place on underground marketplaces and forums. These include the development, distribution, and/or sale of drugs, weapons, hitmen services, pornography, counterfeit currency, personal and financial data, and malware and exploits. This is true; however, not all deep web or dark web activity is illicit, nor is all illicit activity relevant to most customers of cybersecurity and anti-virus vendors. The deep and dark web, despite the negative connotation, should be more broadly interpreted as spaces where users can exercise their right to privacy and data protection with no exception to inherent risks or abuse as with any technology or service.
How to Use the Deep and Dark Web as Sources of Cyber Threat Intelligence
While vendors of actual deep and dark web research tools and analysis services do provide value to their customers, the key for a cybersecurity vendor is to tailor collection and intelligence efforts to fit the needs of its customers. The Fidelis Elevate platform consumes threat intelligence from the Fidelis Threat Research Team (TRT) in the form of countermeasures and automated threat feeds. These countermeasures and threat feeds are the results of TRT Security Researchers and Cyber Threat Intelligence Analysts curation of intelligence information and analysis from multiple open-source, dark web, and proprietary sources. In addition, clients can utilize Fidelis’ Threat Research as a Service (TRaaS) solutions to augment the work of internal cyber threat intelligence teams.