Flashpoint Digs Into Dark Web With Security Intelligence API

The security intelligence startup updates its API data feed to provide organizations with more insight into the hidden areas of the internet.

Flashpoint API

Security startup Flashpoint is in the business of providing Business Risk Intelligence (BRI) to its customers and partners in a number of ways. On Sept. 26, Flashpoint is set to announce a new update for its API, providing an improved method for organizations to benefit from security intelligence.

"We're providing improved visibility and context into the Deep and Dark Web, the underground of the internet that is inaccessible to traditional search engines," Josh Lefkowitz, CEO and co-founder of Flashpoint, told eWEEK

The new Flashpoint API v4 provides access to Flashpoint's finished intelligence reports across a range of topics, including cyber-crime, emerging malware, fraud and looking at physical security-related issues including violent extremism. API v4 also provides access to an aggregated collection of Flashpoint analysts' Deep and Dark Web conversations with the most secretive attackers on the internet.

"With the API, organizations are able to search across our intelligence and Deep and Dark Web conversations in a seamless and integrated way," Lefkowitz said.

In addition, API v4 enables Flashpoint intelligence users to monitor and set up alerts for the use of certain keywords to help with specific threats or risks. API v4 also provides access to what Lefkowtiz referred to as Risk Intelligence Observables, which can be used to enrich specific security investigations, provide insight into insider threat activity and help highlight data exfiltration activities.

"Risk Intelligence Observables are a complement and enhancement to traditional IOCs [Indicators of Compromise], which can be utilized in a variety of scenarios," he said.

A common way that many threat intelligence and security vendors share information is with Structured Threat Information eXpression/Trusted Automated eXchange of Indicator Information (STIX/TAXII) feeds that provide a standardized format. Flashpoint's API, however, is not using STIX/TAXII, but rather a JavaScript Object Notation (JSON)-based approach. Lefkowitz explained that due to the types of data that Flashpoint is exposing in the API, it's not well-suited to the format and structuring that STIX/TAXII provides.

"With finished intelligence reports and the unstructured data that we've turned into structured data from Dark Web forum conversations, we found that the way we structure our feed is the most relevant way to provide access," Lefkowitz said.

With a traditional IOC approach to threat intelligence, there is often a direct line to remediation and defensive technologies, such as network firewalls. While Flashpoint's data can be used in a tactical way for alerting and helping to set up security policies, the threat intelligence provided by Flashpoint also has other use cases, according to Lefkowitz.

"We're looking beyond the tactical list of indicators to provide business risk intelligence," he said. "The primary use case for our data is to really to drive better decision making."

The market for threat intelligence is a competitive one, with multiple vendors aiming for a share of enterprise security budgets. Lefkowitz said his firm differentiates itself from its competitors by way of its privileged access to underground environments across the internet as well as the firm's subject matter experts.

"The reality is there is an acute talent shortage of the type that we have assembled at Flashpoint," Lefkowitz said. 

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.