About Project Mariana

DREDGING THE DARK WEB

Project Mariana is an initiative operated and incubated by Tuik Security Group that searches, monitors, and indexes unrestricted Deep Web and Dark Web database leaks, actively collects privately “maliciously-traded” databases and reviews all publicly released databases for data relating to your company. Our unique access to the data and service methodologies to operationalize the information allows cyber-security professionals and compliance teams to mitigate a very real threat vector and ever evolving risk.

Here are just a few of the questions that Project Mariana will help you answer:

  • What information relating to your company is on the Deep/Dark Web and for how long?

  • What databases were breached that contain information relating to your company?

  • At what rate is my risk growing month to month?
  • How do you minimize the breached data from being used to launch an intelligent Advanced Persistent Threat attack against your company?
  • Which employees are directly impacted and would benefit from additional awareness training (Meet Mable from Accounts Receivable)?
  • What usernames and clear-text passwords are being actively traded?
  • Now that you know the information, what do you do with it to improve operational security?

  • Is your network vulnerable susceptible to credential stuffing?

The Deep/Dark Web is very real, with increasing participation and datapoints as well as data feeds, and is not going away. Apathy and naivete are dangerous for organizations. Engaging our services will allow you to strategically respond to breached data dropping on the Deep and Dark Web. Proactive knowledge and management of this information via Project Mariana is the key to responsible mitigation.

“Project Mariana privately let us know about a 16 million record breach of our users’ data before it could impact our users”

Why Care About Dark Web Traded Data Breaches?

THIRD-PARTY VENDORS • EMPLOYEE ACCOUNTS • MY COMPANY

Direct Data Loss

Breached vendors care more about their reputation than your security. As a result, vendors delay breach notifications until passing the message through the legal and marketing departments. The delay increases your risk and exposure. In cases such as Dropbox or other SaaS data storage, the sooner you can take action the better or else their breach may become yours.

Successful Phishing

Gleaning confidential information or gaining privileged system access through Social Engineering becomes much easier with valid confidential information. Leaked databases contain full names, passwords, prior usernames, email addresses, phone numbers, etc.

Invisible Breaches

Intrusion Detection and Prevention Systems combined with closing every technical weakness will not prevent an attacker with valid credentials from simply logging into systems, VPNs, accessing corporate email, or other applications and stay there undetected.

Security Awareness

Employees gain valuable insight into their own breached information. Knowing what information is available to potential attackers helps employees stay alert, helps prevent password reuse, and avoid becoming a victim.

Vendor Management

Each new vendor increases your company’s risk profile. Often times vendors are unaware of their own risk. Therefore, dark web reconnaissance should be part of your vendor due diligence process.

Employee Onboarding

Background checks are standard for all new employees; however, they result in no information security benefit. Confidentially informing new employees of potential attacks originating from their leaked data prevents password reuse and promotes strong security awareness.

RESPONSIBLY DISCLOSING DARK WEB BREACHES

The risk is real and growing

WE HAVE THE EXPERTISE TO HELP