Security Monitoring

Q&A: Why Dark Web Monitoring Should Be A Top Priority For Teams In 2025

Expert Insights interviews Adam Darrah, ZeroFox's VP of Intelligence.

Last updated on Feb 7, 2025
Joel Witts
Written by Joel Witts
Adam Darrah Interview
This article will cover

Organizations that want to start thinking proactively about securing their business data should consider dark web monitoring a top priority. The dark web is where cybercriminals sell and trade stolen business data, malware, and ransomware services. Monitoring the dark web for potential threats against your business, employees or trusted partners can give you a better chance to protect key assets and data.

It hardly needs saying that the dark web is by its very nature murky and complex. Implementing an effective strategy monitor the dark web and, crucially, put findings to good use, can be a significant challenge.

“The constantly changing nature of dark web marketplaces and forums makes threat intelligence frequently unreliable or incomplete,” says Adam Darrah, VP of Intelligence at cyber threat intelligence and dark web monitoring provider, ZeroFox.

In this Q&A, Darrah, Vice President of Intelligence at ZeroFox, shares his insights on the challenges of dark web monitoring and the state of the dark web threat landscape. We also cover the dark web trends he expects to see in 2025 and shares his recommendations for how security teams can implement a successful dark web monitoring strategy.

Q. What are the biggest challenges facing organizations in the dark web monitoring space today and how are threats evolving?

The biggest challenges facing organizations in the dark web monitoring space today include:

  • Data overload: Dark web monitoring generates large volumes of data, much of which is irrelevant or recycled content. The frequent reposting and reselling of data complicates the task of sifting through “noise” to identify genuine, actionable threats. Without advanced filtering mechanisms, security teams risk overlooking critical risks or wasting resources on non-essential data. 
  • Anonymous, fragmented sources: Dark web forums and marketplaces, designed for anonymity, are scattered across hidden sites that can only be accessed with certain browsers, making them difficult to monitor consistently. These sources are constantly changing because dark web marketplaces and forums frequently shut down or shift to new locations, while threat actors evolve their tactics, such as using encrypted channels or decentralized networks, making it necessary for organizations to continuously update their monitoring tools and techniques to track emerging risks effectively.
  • Inconsistent intelligence: The constantly changing nature of dark web marketplaces and forums makes threat intelligence frequently unreliable or incomplete. This instability forces security teams to continuously re-establish connections and adjust their tactics to maintain an effective monitoring program. For instance, they may need to integrate more advanced threat detection tools, such as machine learning-based anomaly detection, to identify emerging risks in real-time. Additionally, they could enhance their existing capabilities by adding continuous threat hunting or increasing the frequency of vulnerability scanning to detect weaknesses before they are exploited.
  • Legal and Ethical Constraints: Security teams must balance the need for intelligence with adherence to data privacy laws, jurisdictional regulations, and company policies, limiting the scope and methods of monitoring in certain areas.

As threats evolve, cybercriminals are using advanced technologies like encrypted channels, sophisticated anonymity tools, and new dark web marketplaces, making it harder to identify risks as dark web platforms quickly change and new ones emerge. 

Additionally, threat actors are collaborating more, sharing stolen data and malware kits, and orchestrating more complex, multi-layered attacks such as combining ransomware with intellectual property theft, which can lead to both financial losses from payments and strategic damage through theft, competitive advantage loss, and leaked customer data.

Q. How does the ZeroFox Dark Web Monitoring platform help to teams address these challenges, and how do you differentiate the platform in this competitive space?

ZeroFox’s Dark Web Monitoring solution safeguards businesses against data leakage, breaches, and the illegal sale of data on a broad range of deep and dark web sites. The platform continuously scans data collected across millions of sources across the surface, deep, and dark web for information about an organization that could pose a threat to its brand or reputation.

ZeroFox uses both human and artificial intelligence to assess risks, vulnerabilities, and malicious exploitation associated with executives, brands, customers, and vendors – and provide expert recommendations to improve security operations. It also has pre-built integrations with security tools, which helps teams stay ahead of potential attacks by allowing them to query mentions of third-party vendors, domain names, and executives.

ZeroFox stays ahead of the competition by going beyond passive monitoring to proactively disrupt potential attacks before they happen.

Working with our over 700 global disruption partners, including the biggest social media platforms, registrars, and hosts, ZeroFox brings extensive external threat expertise to stop dark web compromises. Monitoring the dark web is a difficult and expensive task – requiring constant data and intelligence collection across concealed and covert communications platforms – making it essential to partner with experts like the ZeroFox Dark Ops team, who have infiltrated and built relationships within deep and dark web communities.

Monitoring the dark web is a difficult and expensive task – requiring constant data and intelligence collection across concealed and covert communications platforms – making it essential to partner with experts familiar with these deep and dark web communities.

Q. What are your top recommendations for CISOs in the process of looking for a dark web monitoring solution?

Early detection of threats like data breaches or emerging cyberattacks can drastically reduce the damage to your organization because it allows for faster response times and more effective mitigation. Security teams can also take immediate action to contain the breach, preventing further exposure of sensitive data or systems. CISOs should therefore prioritize key features that allow their teams to respond quickly and with context, including:

  • Integration with incident response and cybersecurity infrastructure: Look for a tool that enhances your incident response capabilities by providing a complete end-to-end solution. It should support quick, efficient counteractions to neutralize threats, reducing both response time and the financial impact of incidents.
  •  Threat intelligence and analysis: The monitoring solution should provide comprehensive threat intelligence, not just alerts about data leaks, but also insights into emerging threats and patterns on the dark web. By understanding threat actors and their tactics – the types of data they target, their preferred attack methods, and the timing of their activities – you can proactively safeguard your organization. Make sure the tool can identify mentions of your brand, employees, or sensitive data in hidden channels to mitigate reputational damage.
  • Leaked data recovery expertise: If sensitive data is found on the dark web, it’s critical to have a plan for recovery. Partner with experienced professionals specializing in dark web engagements to minimize damage by securely recovering stolen data, such as credentials or PII. Avoid engaging with cybercriminals directly—leave that to experts with the proper tools and experience.
  • Real-time Monitoring and Alerting: Implement a system that provides continuous monitoring of the dark web, offering real-time alerts for data breaches and potential threats such as identity theft, fraud, and malware distribution. This helps organizations detect incidents early, giving them the context needed to respond quickly and effectively.

Q. What trends do you expect to see in the dark web monitoring space in 2025? 

Relationships and marriages of convenience will be paramount in 2025 as we begin to see some ransomware collectives are joining forces with or taking up causes in support of hacktivist groups. This risks amplifying the pain of ransomware victims who have committed a serious new and heretofore unknown sin or transgression that deserves punishment by these criminal groups who fancy themselves as avengers of a pretend and false good.

Additionally, these convenient partnerships will also likely lead to victims being shamed across even more online platforms, giving more publicity to the criminal and in some instances, nation-state sponsored groups to accomplish their own ends in scoring cheap political or extortion points.

Q. In your view, what should organizations’ top dark web monitoring planning priorities for 2025 be?

In addition to collecting targeted deep dark web content relevant to your brand via automation, an organization should have a plan to engage with the underground economy via a comprehensive report on trends relevant to one’s brand or industry that is based on expert insights from longtime practitioners in this intentionally noisy space full of pretenders, scam artists, and deceitful bombastic personalities. Find a partner who has had lots of time on target and know how to conduct themselves in this ecosystem.

Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.