Dark Web ID Updates
Enhancements
The following are the key enhancements incorporated in this release:
- The Forgot Password page has been enhanced to provide clear and concise information regarding password updates. It now specifies that when a user updates their Dark Web ID password, this change will automatically update their BullPhish ID password as well. This integrated approach simplifies the password management process, ensuring that both accounts remain in sync and providing a streamlined experience for users.
- We have revised our password reset email template to enhance clarity, professionalism, and user-friendliness. The updated email enables users to reset their account passwords with confidence and assurance, as it includes a secure link that is valid for 48 hours and notes that Dark Web ID and BullPhish ID share the same credentials. It reiterates that resetting the password for one account will automatically reset it for the other.
- The 2FA setup windows have been enhanced with updated information clarifying that BullPhish ID and Dark Web ID operate under a unified 2FA configuration. As a result, the selected authenticator will be linked to both accounts, and they will share the same set of recovery codes. Any changes made to the 2FA settings in Dark Web ID will also be applied to BullPhish ID, ensuring consistent security measures across both platforms. Additionally, the reference to Passly as an acceptable authenticator has been removed from the system, streamlining the authentication process.
The updated information regarding the 2FA setup for Dark Web ID and BullPhish ID is also available on the My Settings page. The updated information confirms that Dark Web ID and BullPhish ID share the same two-factor authentication (2FA) setup: the chosen authenticator will secure both accounts seamlessly, you will have a single set of recovery codes for added convenience, and any changes made to the 2FA settings will affect both services. Moreover, Passly is no longer listed as an authenticator option.
Self-guided onboarding
The self-guided onboarding feature provides on-demand interactive help. It introduces users to crucial Dark Web ID features and how to use them through pop-up menus.
It is available for old partner administrators (users created over 90 days ago) and new partner administrators, although in a slightly different way.
Onboarding for old partner administrators
The onboarding feature can be accessed by old partner administrators as follows:
- Onboarding icon: Clicking the onboarding icon on the upper navigation menu displays a pop-up menu.
The onboarding feature will display one tab. You can filter the tasks displayed by entering a term in the Type in your question… field.
Onboarding for new partner administrators
The onboarding feature can be accessed in two ways:
- Welcome announcement: When a new partner admin logs in to Dark Web ID, they are greeted with a Welcome announcement and can begin the onboarding walkthroughs.
- Onboarding icon: Clicking the onboarding icon on the upper navigation menu displays a pop-up menu.
The pop-up menu includes the following tabs:
- Tasks tab: Lists the onboarding tasks. Start a task by clicking the task name and proceed through each pop-up window. As you complete each task, it is checked off in the list.
- Show Me tab: Allows you to replay the onboarding tasks at any time after you have completed them on the Tasks tab. You can filter the tasks displayed by entering a term in the Type in your question… field.
When you log in to Dark Web ID, the system checks if you have completed all onboarding tasks. If you have not, a modal will be displayed to remind you to do so.
Note: You can end a walk-through anytime by clicking the X in the pop-up window.
Partial masking of passwords
As we continuously enhance our product security and uphold our customers’ privacy by adhering to industry best practices and international cybersecurity standards, we are announcing that passwords found on the dark web will now be partially masked in the latest release of Dark Web ID. This provides the ability to see some characters in order to validate the compromised credentials, without exposing the entire password. This new functionality provides the highest level of protection against cyberattacks to ensure the utmost confidentiality of our customers’ data.
As follows is an outline of the updated password masking policy:
Passwords with fewer than 4 characters: The entire password will be concealed with asterisks.
Passwords with 5 to 7 characters: The first 3 characters will be masked, while the remaining characters will be visible.
Passwords with 8 or more characters: The first 3 and last 2 characters will be displayed, with the middle section masked.
Passwords that were added before this update will remain unchanged.
Partners can self-manage access to API
Previously, if partner administrators wanted access to the Dark Web ID API, they were required to submit a support request. Now, with the Permit access to web services option, partner administrators can enable access to the API for themselves. Also, they can enable API access for other partner administrators and partner agents when creating or editing them.
Note: API access cannot be provided to SMB users.
The new Permit access to web services option has been added to the following pages:
My Account > My Settings page
Create New User page
Edit User page
When the Permit access to web services option is selected for a user, a link to the API Documentation is made available for the user on the Help menu.
To access the API’s services, you are required to enter an IP address in the IP Address whitelist field.
Infrastructure updates
Effective July 2, 2024, Dark Web ID has enhanced scanning of the dark web for compromised credentials and other data as follows:
Live Search may take up to 30 seconds to return results as we interrogate multiple dark web sources.
IP Compromises may increase based on deeper scanning of the dark web.
We have provided additional descriptions of domain and email compromise fields.
Enhancements
Adding a new partner or MME organization
A new Subscription type field has been added to the Create New Partner page. It enables you to indicate MSP or MME as the subscription type for the new organization you are creating. MSP is selected by default.
Creating an MSP
When you create a new MSP organization, its link is listed on the Home page in blue.
Viewing the edit page shows that MSP is selected in the Subscription type field.
In addition, the log at the bottom of the Home page indicates MSP as the Subscription type.
Creating an MME
When an MME organization is created, its link is listed on the Home page in purple.
Viewing the edit page shows that MME is selected in the Subscription type field.
The log at the bottom of the Home page indicates MME as the Subscription type.
Manage Monitored Values page re-design
- The + Add Domain button has been added to the Manage Monitored Values page, and the Save button is no longer available.
- Clicking on the + Add Domain button will open a new pop-up window. Provide a domain and click the Add button.
New Warning Dialog Box
A new Warning dialog box has been introduced to the Add Directory page for Azure AD Credentials. When a user tries to navigate away or refresh the AD Directory page, a warning message appears on the page, alerting the user of the potential impact.
New Feature Lets You Limit Compromise Results to Active Users Only
The Dark Web ID team is excited to announce a significant product enhancement that allows you to filter compromises based on your needs, leveraging a new synchronization with Azure Active Directory.
The new Active User Filtering functionality allows directory synchronization with Azure AD. With just a few clicks, you can create a sync between your organization/your client’s organization to receive compromises for existing/active end users only. The compromises for old/former users will be suppressed. As an additional option, you can also perform the sync using a CSV file.
If you change your mind later, you can remove the sync and resume receiving all compromises for both active and former users.
For details on setting up the Azure Active User Filtering, please refer to this article.
New Dark Web ID Integration Drastically Reduces Compliance Data Collection Time
The Dark Web ID and Compliance Manager GRC teams are excited to announce a new integration between their products that reduces time spent collecting compliance-related data.
The feature integrates monitored domain metrics from Dark Web ID into Compliance Manager GRC, reducing the time and effort required for compliance assessments by automating data collection and evidence mapping.
Key functionalities include:
- Automated Data Import: Imports monitored domain metrics from Dark Web ID into Compliance Manager GRC.
- Effective Mapping: Aligns Dark Web ID monitored domains evidence with various compliance controls, streamlining the security assessment process.
The new feature allows MSPs to perform quick assessments of clients’ dark web monitoring practices. When MSPs spend less time on data collection and compliance audits, they can engage in more client interaction and service enhancement.
Dark Web ID is just one of several Kaseya products that are now integrated with Compliance Manager GRC for seamless evidence of compliance collection.
For details on setting up the Evidence of Compliance integrations, please refer to this article.
New Integration Lets MSPs Run Dark Web Scans Inside audIT
A helpful new integration between Dark Web ID and audIT allows you to run dark web credential compromise scans for your prospect’s or customer’s domain inside the audIT application.
Once you receive the scan results, you can append them, along with a page on Dark Web ID benefits, directly to the audIT report.
*You must have subscriptions to both solutions to enable this integration.
For step-by-step instructions on enabling this integration, please refer to this integration guide.
Receive Dark Web ID Compromise Alerts in RocketCyber
As part of its IT Complete vision, Kaseya continues to build new workflow integrations between its security products. The latest example is the integration between Dark Web ID and RocketCyber, Kaseya’s Managed SOC platform, which allows you to receive Dark Web ID credential exposure alerts within RocketCyber, where you receive your other security alerts.
Once the integration is enabled, the RocketCyber platform will leverage Dark Web ID API to ingest compromised credential alerts from Dark Web ID.
For detailed instructions on how to enable this integration, please refer to this Knowledge Base article.
Note: You must have subscriptions to both Dark Web ID and RocketCyber to enable this integration.
Dark Web ID-Autotask Billing Integration Saves Time, Streamlines MSP Billing
Customer billing just got easier for managed service providers (MSPs) with the new integration between Dark Web ID and Autotask PSA, an IT business management platform commonly used by MSPs. In addition to the long-standing ticketing integration between Dark Web ID and Autotask, the new billing integration feeds MSPs’ Dark Web ID client usage and licensing data into Autotask, helping partners automate customer invoice creation, save time and ensure their clients are always accurately billed for the protection they are receiving.
In addition to Dark Web ID, Autotask now has billing integrations with other Kaseya Security and Audit & Compliance products, including Graphus, Passly, RocketCyber, Network Detective Pro and Compliance Manager GRC. The integrated billing eliminates hours of back-office work at the end of the month to reconcile usage and create client invoices.
Note that you must have subscriptions to both Dark Web ID and Autotask to enable this integration. Please visit the Knowledge Base to learn how to configure this functionality.
If you’re not an Autotask customer, learn how Autotask can provide the insights needed to grow your business and the automation to increase profits by requesting a demo.
Supercharge Your Prospecting Efforts With Dark Web ID-Keap Integration
The Dark Web ID team is excited to announce the release of a fully revamped integration with Keap (formerly known as InfusionSoft), a software platform that assists MSPs in their client marketing and prospecting efforts.
Using Dark Web ID together with their Keap campaign manager, our MSP partners experience sales acceleration. By feeding dark web exposure data directly into marketing workflows, MSPs can move prospects through sales funnels faster and more efficiently. Partners are better able to automate sales follow-up to maximize the dollar amount of every opportunity, creating highly targeted, automated marketing campaigns to exponentially multiply prospecting efforts.
For step-by-step instructions on enabling this integration, please refer to this integration guide.
Dark Web ID Has a Redesigned, More Intuitive Live Data Search Page
Live Data Search is a valuable Dark Web ID functionality that allows MSPs to quickly perform a compromise search for a client or prospect using just their domain name. To that end, the Dark Web ID team has completely redesigned the Live Data Search page, making it easier to read, more modern and visually appealing.
The Live Data Search page revamp includes:
- New summary data cards: See all key metrics at a glance, including total exposures, password hits, and earliest and latest compromises.
- Enhanced PII hit metrics and exposure details.
- Expanded breach details.
- Removal of the need to type “@” before a domain name in the search bar.
- New company profile cards.
New Integration With IT Glue Makes New Dark Web ID Client Provisioning Seamless
The ID Agent team is excited to announce the new time-saving IT Glue-Dark Web ID integration that will help our MSP partners serve multiple clients with ease. The integration benefits IT Glue customers who also utilize Dark Web ID by making the new client setup quick and painless.
Our partners who subscribe to both solutions can now import their SMB clients from IT Glue into Dark Web ID for a much quicker Dark Web ID provisioning process.
To enable the IT Glue integration, a partner admin simply needs to go to My Account -> My Organization -> IT Glue Integration and enter the API key and credentials.
For detailed instructions on setting up this integration, read this article.
New Dark Web ID Automation Feature Eliminates a Tedious Task
Dark Web ID’s reporting module has been enhanced with a new automated report delivery capability. While Dark Web ID has always automatically generated monthly and quarterly business reports for export, customers previously did not have the ability to send these from the platform to their end user clients directly.
Now, by setting up an automation (providing the recipient(s) email address(es) and selecting the report type), partners can have these reports sent to the desired client users every month, saving time and eliminating another task from their to-do list.
To set up the automated report delivery, go to Reporting -> Automate. Check out this article for more details.
New Dark Web ID-Network Detective Pro Integration Reveals ACTIVE Passwords Still on the Dark Web
Many tools that report on compromised passwords discovered on the dark web show when the password was compromised, but the reports can’t tell you if the password has been subsequently updated to address the risk.
A powerful new Network Detective Pro-Dark Web ID integration now analyzes the dates of compromise of passwords discovered by Dark Web ID scans, and compares them with the date of last password update captured by Network Detective Pro.
The results are automatically included in both the Network Detective Pro Full Detail Report, as well as in a new branded graphic for customers and prospects. Any compromised passwords that are active are highlighted in red in the full detail report.
Note: subscriptions for both Network Detective Pro and Dark Web ID are required to generate the new reports.
PII Data Enhancement
Dark Web ID now displays non-sensitive PII (Personal Identifiable Information) values, when available.
Customers who subscribe to our credential compromise monitoring services receive alerts whenever a new compromise is discovered on the dark web. Previously, if a compromise involved PII, Dark Web ID showed how many PII items had been compromised and the PII types (for instance, “PII hit: 3, First Name, Last Name, Address”). Now, we display the actual non-sensitive PII values if they are available (for instance, John Smith, 345 Main Street, Bowie, MD).
Note that not all breaches involve exposed PII, so not each alert will contain these data points.
This update is being introduced as a result of requests and feedback from our MSP customers who want more information and context on the breach alerts and the ability to validate if the exposed data is valid/actually belongs to their monitoring client. This further differentiates Dark Web ID from most dark web monitoring providers in the MSP space.
Dark Web ID Receives the “IT Complete” UI redesign
Dark Web ID has had a complete overhaul of the main navigation bar. This includes page navigation, account navigation (dropdown menu) and support navigation (dropdown menu). Additionally, the look and feel was changed to match the Kaseya family brand to create a familiar experience for the user as well as slim down what was previously a bulky interface.
Enhancements to Monthly & Quarterly Business Reports
We have simplified the layout of Dark Web ID reports, included/excluded several fields and made clear breaks between sections. This enhancement improved the readability and usefulness of our reports and removed several issues as identified by our partners.
Company Profile Tool for Enhanced Prospecting
The new Company Profile feature within Dark Web ID is designed to help our MSP customers to prospect and sell dark web monitoring services.
We know that when an MSP is prospecting an organization, it is helpful for them to have as much information about it as possible going in. In addition to giving MSPs the compromise data for a prospective client, our platform now adds in information about their business, such as the number of employees, business type, revenue, etc.
The new feature will allow MSPs to be better prepared for sales meetings by going beyond a compromised credentials check and supplying additional data points to understand the prospects’ business – without having to leave the Dark Web ID platform.
Things to know about the Company Profile feature:
- It’s located in the top right-hand corner of the Live Data Search screen
- It contains Company Profile, Company Description and Company Social Media sections
- The amount of detail on each company varies, based on the volume of information available about it on the Internet
- It may take 1-2 minutes for the company info to be displayed