On 4 December 2024, the CEO of United Health, Brian Thompson, was shot and killed on a New York street. Suddenly, executive protection became a hot topic among business leaders around the world. What had previously been a "nice-to-have" suddenly became a necessity.

A year later, Signal's US distributor, Everbridge, has sponsored a report from ASIS (a global community of security professionals across industries and disciplines) that examines the current state of executive protection. The report, The Executive Threat Environment: Benchmarking Research on Risk-Based Approaches to Executive Protection, is a wide-ranging document with data from over 400 security professionals and 100 security consultants worldwide.

For many corporate security teams, these findings highlight familiar challenges: limited budgets, inconsistent policies and uneven executive buy-in. The report also contains valuable information for anyone considering the role of Open Source Intelligence (OSINT) in their security toolbox.

A growing focus on executive protection

It's not a huge surprise to see that 42% of security professionals surveyed by ASIS saw a significant increase in focus on executive protection. When we dig into the reasons, the connection to recent events, such as the New York assassination, becomes even clearer. High-profile incidents are cited as a driver by 69% of the security professionals surveyed. A general increase in public threats (72%) and specific threats to executives (61%) paint a strong picture of a threat environment that is now capturing the attention of corporate decision-makers.

What are security professionals doing about it?

Despite the risks, major gaps remain in executive protection. Only 55% of those organizations with 100,000 or more employees (or students) had a formal executive protection policy. That number drops to just 26% among those with fewer than 50,000 staff or students.

This shortfall may stem from misconceptions about what executive protection actually involves. Many professionals still associate it solely with physical security details. But, as one ASIS respondent put it:

“…true executive protection is a proactive risk-management discipline that blends intelligence, logistics, behavioral analysis, medical preparedness, and operational planning to ensure the principal's safety without disrupting their lifestyle or productivity.”

The importance of executive protection

The renewed focus on executive protection may also be due to a realization from corporate leadership of the benefits that it offers beyond physical security. Good executive protection reduces liability risks and protects organizational reputation. As the public face of their companies, an incident involving an executive can undermine confidence among investors, customers and employees alike.

Effective executive protection can also help attract and retain top talent. Demonstrating that the organization takes leadership safety seriously sends a strong signal about its values and professionalism, another tool for competing for the very best leadership talent.

The role of OSINT in executive protection

The ASIS report examines the technical capabilities necessary for effective executive protection, with online threat monitoring ranked as the most important capability. Of the more than 500 security professionals and consultants surveyed:

• 65% said online threat monitoring was important, but only 51% of respondents believed they had full capability.

• Real-time OSINT was ranked as almost as important (63%), yet only 50% of those surveyed believed they had full technical capability.

Of those organizations that had the technical capability, OSINT (82%) and social media monitoring (79%) were the most used methods to identify and assess threats. So, if these are the most used methods, why aren't all organizations using OSINT for executive protection?

One of the biggest challenges comes from executives themselves

One of the findings of the report of interest to those outside security circles, but unsurprising for those on the inside, is that executives are one of the biggest hurdles. Those surveyed identified the top two concerns were:

• Budget constraints (58%).

• Executive non-compliance (47%).

Data to build a business case

In the absence of sensational headlines, security professionals need to build a business case to expand their capabilities. And the best way to build a business case may lie with OSINT tools themselves. Currently, less than half of security professionals surveyed in the report provide comprehensive data to leadership to justify their requirements. Only 41% considered data logging and exportable analytics to be essential capabilities for their executive protection, and only 25% regarded automated after-action reports as necessary.

That’s a missed opportunity. Measurable data can demonstrate return on investment, showing that effective protection prevents incidents rather than simply responding to them.

Good OSINT provides good data

The AI-enabled reporting of products like Signal provides security teams with the data they need to strengthen their cases and further enhance technical capabilities. Using AI, Signal compiles summaries and reports for leadership to demonstrate the extent of threats and the effectiveness of proactive actions taken to mitigate risk.

Having AI as part of the tool reduces the workload on an organization’s team to provide the reports, freeing them up to make the proactive interventions necessary. Signal is also cost-effective, providing real-time, scalable OSINT. The coverage is broad, allowing security teams to have eyes in locations where they can't be physically present.

Effective OSINT yields additional ROI across the organization. It can inform travel planning and reputational management, ensuring a greater "bang for buck" and allowing security teams to have input in other areas of executive protection that go beyond close physical protection.

Summary

Using tools such as Signal gives security teams important capability in real-time OSINT and provides valuable data to build business cases for enhanced protection. The case can’t be built on fear alone. The ASIS report carries some valuable advice for any security professional wanting to make the case for better executive protection:

"Avoid using fear-based messaging. Instead, communicate the value of protection in terms of business continuity, reputation management and operational efficiency.

Build trust by being discreet, professional, and solution-oriented. Involve them in decision-making processes, offer options rather than ultimatums, and always back your recommendations with clear, real-world examples and risk intelligence. Ultimately, the key is to position security as an enabler—not an obstacle—of their success."

With the right data and tools, security teams can build stronger, smarter protection programs.

When you're ready to join those security professionals who see the real value of quality, comprehensive, and real-time open-source intelligence, we're ready to talk. Book a Signal demo today.

Supply chain operations can be vast. While globalization and digital technologies are making the world a smaller place in many ways, they also increase the number of potential vulnerabilities that security teams and supply chain managers must monitor. Current threats to the logistics sector include climate and weather events, piracy, terrorism, DDoS attacks, malware and data breaches.

The range of potential threats is exacerbated by the vulnerabilities of the supply chain and the sheer size and scope of the operations involved. For example, around 90% of the entirety of global trade flows through only 39 bottleneck regions. An effective attack on any of these 39 traffic-heavy logistics hubs would have far-reaching consequences impacting billions of dollars of trade.

One example is the Hong Kong-Shenzhen freight cluster, a critical gateway for global manufacturing and trade, through which tens of millions of tonnes of container and air freight move annually. Additionally, there are a number of geographic chokepoints, such as the Panama Canal and the Strait of Malacca.

It is no longer merely the threat of attacks to these areas, which could halt a vast amount of freight. Incidents, such as the grounding of the Ever Given in the Suez Canal in 2021 and the drought that restricted movement through the Panama Canal in 2023-24, demonstrate that these geographic chokepoints are increasingly vulnerable.

If this wasn’t enough, digitization has increased the number of threats that logistics companies need to consider. This increase in vulnerability needs to be addressed through effective security measures, such as real-time data collection using Open Source Intelligence (OSINT) software.

How can transport and logistics companies secure their supply chains?

Ensuring secure passage

One of the key concerns – and one of the oldest – that logistics and transport companies have to contend with, is tangible and physical security threats; terrorism and piracy being the obvious examples. The rise in extreme weather events, such as hurricanes and droughts, also places pressure on logistics routes. Organizations need real-time information to carefully and continuously assess the threat level, implications and risks surrounding these physical security concerns.

These analyses help organizations to develop mitigation strategies. They also help to establish contingency plans for worst-case scenarios. Organizations need to be able to adapt and respond quickly to events as risk levels change. Supply chain managers across all industries need to consider higher transportation costs, longer travel times and potential issues in meeting schedules when alternative transportation routes are used.

These strategies depend on continuous visibility of current and emerging threats. Without this response, planning is compromised. Being caught unawares could have far-reaching and even devastating consequences. And, in some cases, business models based on time-critical deliveries may be squeezed out of the market.

Keeping cyberspace safe

Cybersecurity is a concern that should be receiving increasing attention as cybercriminals continue to evolve their tradecraft.

In 2017, a cyberattack cost shipping giant Maersk upwards of US$300 million. A vicious malware called NotPetya took down Maersk’s IT systems. Maersk was handling roughly one container ship into port every 15 minutes. So, it's easy to imagine the logistical nightmare that ensued as the company was forced to turn to manual processes to keep things moving.

The Russian military developed NotPetya to target businesses in Ukraine – but the malware quickly got out of hand. Soon, it was spreading around the world, taking down networks and causing billions of dollars in damage and lost revenue. In this scenario, Maersk was simply collateral damage.

More recently, Expeditors International were affected by a cyberattack that forced them to shut down their operating systems, disrupting their services for more than three weeks. Expeditors later revealed the attack had cost them $60 million in lost revenue, investigation and remediation.

Transportation is already heavily reliant on Information Communication Technology (ICT), with virtual threats growing in frequency and complexity. For this reason, cyber threats are an increasing concern across multiple industries. Additionally, for transportation and logistics, cyberattacks designed to induce physical damage are an increasingly common attack vector.

OSINT software for a more secure future

Some organizations operate with hundreds of individual suppliers. If any supplier is disrupted, consequences across the supply chain could be costly. Expeditors International and Maersk are just two examples of this.

Investing in live threat detection doesn’t just reduce risk; it also keeps operations running smoothly and predictably. When it comes to security and supply chain management, it’s especially important to look at future scenarios and manage security proactively. Reacting to crisis situations is not enough. Companies must find the right combination of preventive and reactive measures to achieve the optimal level of supply chain security.

Executives should also keep an eye on so-called wildcard events. That means examining the potential financial impact, the relative vulnerability of their business model, and their company’s ability to respond to low-probability, high-impact events.

As supply chain threats multiply, staying ahead of the intelligence flood becomes more difficult. Signal’s tools cut through the noise by using AI to perform tasks, such as triaging alerts and providing contextual SITREPs for possible threats. This sort of practical application of AI creates efficiencies within security teams, without compromising the crucial situational awareness needed to keep logistics lines open.

How Signal is already helping secure logistics supply chains

• Signal alerts a customer to a supplier’s merger. They can find new suppliers in a timely fashion, preventing disruption and revenue loss.

• Signal provides data on severe weather warnings that affect multiple suppliers and disrupt transportation routes.

• Confidential data is found for sale on the dark web, allowing the organization to act quickly for threat mitigation.

The dark web has grown in popularity over the years, as people become increasingly technologically savvy. Using a darknet browser like Tor or I2P enables users to remain anonymous while browsing the internet.

 People seek anonymity online for many legitimate reasons. For example, they might have concerns about large companies' abilities to track their online activity, or they might not feel comfortable giving Google all their data. Alternatively, they might live in a place with restrictions on freedom and free speech and necessarily turn to dark web anonymity to access world news or freely share journalism.

However, that same anonymity also protects criminals. It allows them to operate across borders, organize crime and trade in illegal items, both physical and digital. Dark web forums also host discussions on topics including extremist ideas, hate speech, threats of violence, or even plans for cyberattacks.

This wide range of dark web activity is a key concern for security professionals. By monitoring the dark web with OSINT tools, such as Signal, security professionals can discover exploit kits targeting their organization, get early alerts of data breaches, and even prevent physical attacks on assets or employees.

In this article, we examine a few of the more common dark web forums and explore how security professionals can utilize OSINT tools, such as Signal, to more efficiently and effectively monitor threats on the dark web.

About dark web forums as data sources

Because of the anonymity afforded by the dark web, people feel comfortable discussing all manner of things. As such, the dark web – especially dark web forums – is a valuable source of intelligence for security professionals. Monitoring these channels can help expose real and potential threats, ranging from planned attacks, both physical and digital, to fraud, data breaches and more.

Below, we examine 7 of the largest dark web forums that professionals should be aware of as potential sources of security data.

BreachForums

Despite multiple takedowns by law enforcement and rumours that it may now be a ‘honeypot’ (a site compromised by law enforcement or security researchers), BreachForums and the mirror sites that pop up are still a major threat. BreachForums and its mirrors are still one of the most visible places for selling or leaking corporate databases and credentials. If your company data is compromised, it is highly likely it will appear here.

DarkForums

This is a relatively new forum, emerging as a successor to BreachForums. With a rapidly growing user base, this English-language site specializes in data leaks, malware and access sales.

Cracked / Nulled

Cybercriminals mostly use these forums to trade and purchase leaked or hacked information. Despite a significant law enforcement action in mid-2025 (Operation Talent), these forums still have millions of members. They are able to remain in operation in much the same way as BreachForums, by spawning mirror sites.

Dread

Dread is a forum on the darknet that mirrors Reddit’s functionality. It provides the same familiar community discussion boards. The forum takes many ideas from Reddit, such as sub-communities and user moderation responsibilities. The site mimics this functionality without any JavaScript. The primary goal of Dread is to offer a censorship-free forum; however, it also provides hacking guides, software and carding tools, as well as drugs and stolen data. Dread also serves as a place for news on the latest dark web marketplaces.

XSS

A longstanding Russian language forum. XSS has a reputation for high-quality content and is a closed forum with restricted access to approved members. Access to compromised systems is frequently sold and traded on this site.

Exploit

Exploit has been in existence even longer than XSS, for many of the same reasons (high-quality content and restricted access). Due to its longevity, most types of cybercriminal activity can be found in dedicated sections.

RAMP

This is another Russian-language forum that has quickly gained prominence on the dark web. It functions as both a forum and a marketplace for criminal activity with a particular focus on financial fraud.

Other prominent forums

Other active forums with substantial membership include:

• LeakBase

• Crax

• Germania (a German-language forum)

• Infinity

• HackForums

• Sinister.ly

• Mirror sites for older forms, such as RaidForums, also persist on the dark web.

The dark web is no longer the only location for this type of activity. Apps such as Telegram and Discord, which sit on the unindexed deep web, are also becoming increasingly popular for cybercriminals to trade exploits, swap information and organize activities.

Related: How Can 4chan be Used as a Data Source for Security Intelligence?

Why dark web monitoring is difficult

Security professionals face numerous challenges when it comes to monitoring the dark web. For a start, there is the sheer volume of posts. With each of these forums and marketplaces operating across numerous time zones, they experience continuous activity. The most popular get tens of thousands of posts a day. Manually monitoring these sites is just not a feasible task.

Secondly, the fluid nature of the dark web community means that forums and marketplaces are forever becoming the victims of law enforcement action, internal troubles or scams. For example, XSS may have become compromised even as this blog is being published. These forums and marketplaces are like a Hydra – when one is cut off, new sites or mirror sites sprout up almost immediately.

Thirdly, the more explicit dark web forums and marketplaces (such as XSS or Exploit) will require you to create an account and may even go some way to verifying that you have the necessary skills to be allowed in. While the anonymity of the dark web means administrators of these forums likely can't work out exactly where you came from or what your true purpose is on their platform, those that are interested might attempt to determine your real identity. When creating an account, it’s essential to make sure it holds no relevance to any other online account you have, if you want to maintain your complete anonymity and avoid becoming a target of those same criminals you are looking to monitor.

Once inside, you must remain active on the platform without arousing suspicion; otherwise, your hard-won access could be revoked.

Finally, a lot of hackers on the dark web would be more than willing to turn their talents and attention to you, should you accidentally cross them. Some websites will infect your device with malware, so treat all links or downloads with suspicion. Additionally, clicking those links may take you to disturbing material. So, unless you’re confident you can safely and securely navigate the dark web, it may be better to look for safer, more efficient alternatives.

How Signal makes dark web monitoring safer and smarter

The Signal OSINT platform works by continuously scanning the surface, deep, and dark web. You can run custom Boolean searches across multiple data sources. These search results can then be filtered using our advanced AI and natural language processing (NLP), which enables you to search across languages, determine location, analyze copy in images and even assess the emotional intent behind text through our NLP software, Spotlight.

The benefits of having a tool like this for monitoring the dark web include efficient, continuous monitoring and assessment of a multitude of sites, allowing security teams to monitor more of the web to catch more threats faster. Because Signal’s searches are across the dark web, rather than specific sites, they do not rely on security teams having up-to-the-minute intelligence about which forums or marketplaces are active and popular. Additionally, security professionals can access this data without ever having to hunt down and access the various dark web forums and marketplaces, which is both more secure and much more time-efficient.

This lets you automate dark web monitoring – cutting costs, while expanding coverage and relevance.

Dark web marketplaces are online platforms, where people can buy and sell illegal goods and services while remaining anonymous. The offerings include leaked credit card details, exploit kits, hackers for hire and advertisements for hitman services.

Because of the range of goods and services available, as well as the conversations that occur around these transactions, dark web marketplaces can be immensely valuable sources of data on criminal activity. As such, they are typically under intense scrutiny from both law enforcement and security professionals.

These marketplaces have become increasingly sophisticated, with slick user interfaces that resemble familiar online storefronts, such as Amazon, along with seller ratings and escrow services for secure payment. This makes the barrier for users lower than ever before.

5 dark web marketplaces

People have been organizing illicit trades via the internet since the 1970s. Those early examples were through closed networks, with actual exchanges of money and goods usually taking place in person. With the advent of cryptocurrencies, it has become easy to complete online trades without leaving a trail. As a result, the online trade of illegal goods has become increasingly commonplace, and vast dark web marketplaces have emerged.

The very first of these marketplaces to pair the darknet with Bitcoin was the Silk Road, created by Ross Ulbricht in February 2011. Over the following two years, the Silk Road set the standard for dark web marketplaces. By the time it was shut down in October 2013, and Ulbricht arrested, the site had traded an estimated $183 million worth of goods and services.

Torzon Market

Torzon is one of the largest general-purpose darknet markets still active in 2025. It offers a familiar mix of narcotics, fraud tools and digital services. The site operates on Tor and supports Bitcoin and Monero, utilising escrow to facilitate transactions. Torzon also imports vendor feedback from other platforms, providing some continuity for buyers and sellers who have migrated after past shutdowns.

STYX Market

STYX has carved out a role as a hub for stolen data rather than drugs. Its listings focus on stealer logs, initial access and financial credentials, making it highly relevant for financial security professionals. Unlike older drug-oriented markets, STYX looks more like a specialized cybercrime exchange than a bazaar.

STYX is a great example of a ‘new model’ market with a searchable structure and trusted vendor processes, which helps buyers quickly filter for fresh data. The market grew through 2023-24 and remains active in 2025, underscoring how access and credentials have become commodities on par with drugs in the dark web economy.

Russian Market

Often written as RussianMarket, this is the largest marketplace for stealer logs. It aggregates credentials, cookies and session data harvested by malware such as RedLine, Raccoon and Vidar, and sells them in bulk. This makes it both a goldmine for attackers seeking account takeovers and a persistent monitoring target for security professionals.

Researchers estimate that millions of logs are for sale, with new ones added daily. Its endurance shows how cybercriminal demand has shifted from physical contraband to stolen identity data. For enterprises, Russian Market illustrates why compromised credentials remain one of the most common entry points for intrusions.

2easy

Sometimes branded 2easy.shop, this site has become known as the budget marketplace for stolen logs. Rather than focusing on premium access, it thrives on low-cost, high-volume sales. Individual log packages are often priced between $5 and $25, making them accessible to a wide spectrum of buyers. 2easy's persistence highlights the democratization of cybercrime. Criminals no longer need large budgets to obtain working credentials, just a few dollars.

BriansClub

BriansClub is a long-running carding shop, best known for selling stolen credit card ‘dumps’ and CVVs. Despite a 2019 breach (and law enforcement action) that exposed millions of its records, the shop has remained active and continues to attract buyers in 2025.

Estimates before the breach suggested a nine-figure annual turnover and, while its exact scale today is harder to verify, it remains one of the most recognisable carding brands.

Other markets include Abacus market, BidenCash, Exploit, Exodus Marketplace and more.

The diffusion of dark web marketplaces

With the rise of encrypted communication apps, such as Telegram and even Discord, some of the trade previously undertaken on the dark web has ‘surfaced’ to the unindexed deep web. Channels such as CrdPro Corner, AsCarding Underground and Daisy Cloud are flourishing on Telegram, with thousands of users in each channel trading everything from logs to bots. These channels often operate as subscription services, providing fresh dumps of material daily.

How to keep track of evolving darknet marketplaces

There are various active dark web marketplaces. One of our data providers estimates there are approximately 20 active, leading dark web marketplaces and dozens of smaller, additional marketplaces. With the diffusion to the unindexed deep web, this number becomes even greater.

Gaining access and monitoring these darknet marketplaces comes with a unique set of challenges. Firstly, they generally have short lifespans. This could be for a variety of reasons. For example, law enforcement might close them down; or, perhaps to help avoid this fate, they frequently change their domain address. It could even be because the admin implemented an exit scam, as happened with Empire Market, where the admin team is estimated to have made off with approximately $30 million worth of Bitcoin in August 2020. Almost none of the marketplaces featured in the 2020 version of this article are in existence now.

Due to this short lifespan, security professionals need to constantly be on the lookout for the next big marketplace. However, because of the illicit nature of the dark web, many websites don’t want to be found; as such, there is no easy way to navigate the dark web. Each website can be thought of as an independent silo. Darknet websites rarely, if ever, link to one another. To find forums and marketplaces on the dark web, as well as in the deep web, you need to know what you’re looking for and how to look for it.

Finally, once the relevant sites have been located and access gained, there is still the serious challenge of monitoring the dark website to gather usable intelligence effectively. Doing this manually requires vast amounts of resources; however, you also can't simply scrape the website, as such activity can quickly get you banned from a site.

This is where Open Source Intelligence (OSINT) tools like Signal come in.

The role of OSINT tools when monitoring the dark web

OSINT tools allow security professionals to effectively and efficiently monitor the surface, deep and dark web. Using Signal, you can create targeted searches with Boolean logic and run the results through intelligent filters powered by our advanced AI. The process can be automated with real-time SMS and email alerting.

This reduces the need for skilled professionals to spend all their time manually monitoring the entire web and assessing the associated risks. Additionally, it reduces the inherent risk of accessing criminal forums and marketplaces. Instead, security professionals get hyper-relevant alerts that can quickly be assessed and acted upon without ever actually having to go onto the dark web or painstakingly gain access to marketplaces.

This approach is vastly more time-efficient and allows you to put your web monitoring on autopilot; reducing costs, while simultaneously increasing efficacy. As cyber-criminals embrace new technologies, it’s becoming increasingly necessary for security professionals to do the same to stay ahead.

Increase the scope of your monitoring ability and the overall amount of hyper-relevant intelligence at your fingertips. Gather actionable intel in real-time.

Open Source Intelligence (OSINT) refers to the process of collecting, analyzing, and utilizing publicly available information to produce actionable intelligence. This information can come from a variety of sources, including social media, news articles, blogs, forums, and other online platforms. OSINT is a crucial component of modern security intelligence, as it helps organizations identify potential threats, monitor emerging risks, and make informed decisions.

The market for Open Source Intelligence (OSINT) tools is rapidly evolving, driven by the increasing need for comprehensive and actionable intelligence to protect employees and business operations.

Buyers in the market for robust OSINT solutions should be looking for several key features to ensure they are investing in the most effective tools, including:

• Competitive pricing

• Scalability

• Comprehensive suite of tools

• Transparency

• Integration capabilities

• A client-centric approach

Key Components of an OSINT Solution

Data Collection

The first step in an OSINT solution is gathering data from various open sources. This includes scraping websites, monitoring social media platforms, and collecting information from public databases. Best-in-breed OSINT tools allow users to configure the searches themselves without needing to reach out to customer support. The goal is to compile a comprehensive dataset that can be analyzed for relevant insights.

Data Analysis

Once the data is collected, it needs to be analyzed to extract meaningful information. This involves using advanced algorithms and machine learning techniques to identify patterns, trends, and anomalies. The analysis process helps in transforming raw data into actionable intelligence and assess content of concern.

Data Visualization

To make the intelligence easily understandable, OSINT solutions often include data visualization tools. These tools create visual representations of the data, such as graphs, charts, and maps, which help in identifying key insights at a glance. The best tools also include the ability to effectively filter data to identify just the content of interest.

Real-Time Monitoring

Effective OSINT solutions provide real-time monitoring capabilities. This means continuously scanning open sources for new information and updating the intelligence in real-time. Real-time monitoring is essential for staying ahead of emerging threats and responding quickly to critical events.

Integration Capabilities

OSINT solutions should be able to integrate with other security systems and tools. This ensures that the intelligence can be seamlessly incorporated into the organization’s existing security infrastructure, enhancing overall effectiveness.

Dissemination and Reporting

OSINT solutions should offer tools to assist analysts in drafting their reports. Generative AI can help quickly distil large amounts of raw data so analysts can complete and distribute reports quickly.

Investigations

OSINT tools shouldn't just detect threats: they should also provide a toolkit to help analysts investigate further to better support robust behavioural threat assessments. Comprehensive OSINT solutions can help identify anonymous threat actors and manage persons of interest.

OSINT Solution Providers available today

• Signal from Signal Corporation

• Dataminr

• Liferaft (Navigator)

• Samdesk

• Flashpoint (Echosec)

• Babel Street

• Penlink (Cobwebs)

• Ontic

• Fivecast

• Seerist

• OSINTCombine (NEXUSXplore)

Signal Corp.

Signal Corp’s OSINT platform stands out in the crowded market with its exceptional blend of affordability, scalability, and comprehensive functionality. Unlike many competitors that charge high fees, Signal offers a cost-effective solution without compromising on features. With prices ranging from $35-60K, Signal provides a competitive alternative to platforms that cost over $100K.

One of the key strengths of Signal cited by its customers is the breadth of sources it can monitor. On the scalability side, while many OSINT platforms charge per user license, Signal grants access to the entire organization, making it an ideal choice for large organizations looking for an affordable yet scalable solution. This approach ensures that protective security becomes a team effort, enhancing overall effectiveness.

Signal’s platform is a true multi-tool, offering a wide range of features that cater to various intelligence needs. From comprehensive data collection and report generation to data visualizations, POI investigations, AI incident detection, and asset alerting, Signal offers a complete solution. This eliminates the need for multiple fragmented tools, saving organizations both time and money.

Transparency is another hallmark of Signal’s offering. In an era where many OSINT solutions operate as black boxes, Signal is transparent about how its platform works and leverages artificial intelligence. This transparency ensures that analysts are well-informed and effective in their roles.

Integration capabilities are also a strong suit for Signal. The platform is designed to plug and play with existing solutions, consolidating data where it’s needed. This can include seamless integration with systems like Everbridge 360, Noggin, Restrata’s resilienceOS, ARCGis/Esri, XMatters, and more.

Signal’s client-centric approach sets it apart from the competition. The company is highly responsive to support requests and is willing to design meaningful features based on client feedback. This commitment to client satisfaction ensures that Signal’s platform continually evolves to meet the operational requirements of its users.

Signal Corp’s OSINT platform offers a compelling combination of competitive pricing, scalability, comprehensive functionality, transparency, integration capabilities, and a client-centric approach. These features make it a standout choice for organizations seeking a robust and reliable OSINT solution.

Signal routinely receives outstanding feedback about its customer service and the operational support/advice its specialists provide.

Dataminr

Dataminr is a real-time information discovery platform that uses AI to analyze public data sources and provide actionable alerts. It is known for its ability to detect breaking news and emerging risks, making it a valuable tool for crisis management and situational awareness.

Liferaft (Navigator)

Liferaft’s Navigator is an OSINT platform designed to help organizations identify and mitigate threats from social media and other online sources. It offers features such as real-time monitoring, geospatial analysis, and search capabilities, making it a comprehensive solution for threat intelligence.

Samdesk

Samdesk is an AI-powered crisis detection platform that provides real-time alerts on critical events worldwide. It leverages social media and other data sources to deliver timely and relevant information, helping organizations respond to emerging threats.

Flashpoint (Echosec)

Flashpoint’s Echosec is an OSINT platform that specializes in deep and dark web monitoring. It provides insights into threat actors and their activities, offering features such as keyword monitoring, geospatial analysis, and data visualization to enhance threat intelligence efforts.

Babel Street

Babel Street is an OSINT platform that offers multilingual text analytics and geospatial analysis. It enables organizations to collect, analyze, and visualize data from various sources, providing insights for threat intelligence and risk management.

Penlink (Cobwebs)

Penlink’s Cobwebs is an OSINT platform that focuses on web intelligence and data extraction. It offers features such as automated data collection, entity extraction, and link analysis, making it a useful tool for investigations and intelligence gathering.

Ontic

Ontic is a protective intelligence platform that integrates data from various sources to provide a comprehensive view of potential threats. It offers features such as real-time alerts, risk assessments, and incident management, helping organizations proactively address security risks.

Fivecast

Fivecast is an OSINT platform that uses AI and machine learning to analyze large volumes of data from open sources. It provides insights into emerging threats, trends, and patterns, offering features such as automated data collection, sentiment analysis, and geospatial visualization.

Seerist

Seerist is an OSINT platform that combines AI and human expertise to deliver real-time threat intelligence. It offers features such as predictive analytics, risk assessments, and incident monitoring, helping organizations stay ahead of potential threats.

OSINTCombine (NEXUSXplore)

OSINTCombine’s NEXUSXplore is an OSINT platform that focuses on data aggregation and analysis. It offers features such as automated data collection, entity extraction, and link analysis, providing valuable insights for investigations and intelligence gathering.

Factal

Factal is a real-time risk intelligence platform that uses AI to monitor global events and provide actionable alerts. It offers features such as real-time monitoring, geospatial analysis, and data visualization, helping organizations respond quickly to emerging threats.

Summary

This comparison provides an in-depth analysis of the current state of the OSINT tools market, highlighting the importance of Open Source Intelligence (OSINT) in modern security intelligence. It outlines the key components of an effective OSINT solution, including data collection, analysis, visualization, real-time monitoring, and integration capabilities.

For further information, contact Signal for a free consultation on your OSINT solution needs, or book a free demo.

Behavioral Threat Assessment

Security intelligence professionals are confronted daily with concerning material: threats, hostile rhetoric, violent ideation. These signals emerge from numerous sources, across a wide variety of platforms including social media, forums, messaging apps, obscure websites.

An OSINT platform is indispensable for detecting threats and identifying persons of interest. It gathers digital breadcrumbs, indicators of violent intent, and reveals patterns that might otherwise remain hidden. But the crucial question remains: once a threat is identified, does your team know what to do next?

The Complexity of Modern Threat Analysis

Security teams must triage a range of potential threats. In this environment, a critical skill is differentiating between noise and genuine risk. A person ranting online about government corruption might be venting frustration. Another individual, using eerily specific language about a planned act of violence, could pose a real danger. The distinction between the two is subtle but vital.

A well-crafted behavioral threat assessment methodology helps analysts make this distinction with confidence. It provides a structured approach to evaluating risk, identifying warning behaviors, and recognizing escalating patterns that indicate a subject may escalate from rhetoric to violent action.

Threat vs. Pose: A Crucial Distinction

One of the most common mistakes in security assessments is focusing too much on whether someone has made a threat, rather than whether they pose a threat. Decades of research show that many attackers do not explicitly announce their intentions before they act. Instead, they exhibit behaviors - subtle but identifiable markers - that indicate a growing risk of violence.

A behavioral threat assessment isn’t about waiting for an individual to cross a red line. It’s about recognizing the patterns leading up to that moment.

Concerning behaviors might include fixation on a particular individual or organization, obsessive grievances, increasingly aggressive rhetoric, or even logistical steps toward an attack, such as acquiring weapons or conducting surveillance on a target.

The Critical Importance of OSINT

Open-source intelligence is an essential component of modern security operations, but it is not a standalone solution. Identifying a concerning online presence is only the beginning. Effective risk mitigation requires a structured evaluation process that considers multiple dimensions:

• Intent: Is the individual merely expressing frustration, or do they exhibit signs of genuine commitment to violence?

• Capability: Does the person have access to weapons, training, or the logistical means to follow through?

• Opportunity: How close is the subject to their potential target, both physically and logistically?

• Behavioral Trajectory: Are they demonstrating escalating patterns of hostility, planning, or preparation?

A sophisticated threat assessment process combines OSINT findings with behavioral analysis to create a comprehensive risk profile.

Recognizing the Warning Behaviors

Certain behaviors serve as indicators that an individual may be escalating toward violence. These warning signs don’t operate in isolation, but collectively contribute to an overall threat profile. Some of the most significant include:

• Pathway behavior: Steps toward violence, such as researching past attacks, acquiring weapons, or making logistical preparations.

• Fixation: An obsessive preoccupation with a person, ideology, or grievance, especially when it leads to an increasingly hostile tone.

• Last-resort language: Statements indicating urgency or a belief that violence is the only remaining option.

• Identity and justification: Viewing oneself as a warrior for a cause, adopting an ‘us vs. them’ mentality, or attempting to rationalize violence as necessary or righteous.

From Identification to Intervention

Recognizing these behaviors is just the first step. The real challenge is deciding what comes next. Does the subject require persistent monitoring? Should law enforcement be alerted? Is immediate intervention necessary?

Signal’s Behavioral Threat Assessment Guide provides a structured methodology to navigate these decisions. Drawing from both operational experience and academic research, the guide presents a framework for assessing threats and determining appropriate responses.

Instead of reacting impulsively to every inflammatory statement online, security teams can apply a methodical approach to distinguish between bluster and bona fide threats. This is the missing piece in many security strategies—the bridge between detection and decisive action.

Elevating Security Intelligence

The landscape of threat analysis is evolving. As the volume and complexity of digital threats increase, so must the methodologies used to assess and respond to them. OSINT platforms like Signal provide the necessary tools to surface threats, but structured behavioral assessments are what turn information into actionable intelligence.

Does your team have the expertise to make the right call? Can they confidently distinguish between a hostile but harmless individual and someone with the intent and capability to act? If not, they risk either overreacting to low-level threats or, more dangerously, overlooking real risks until it’s too late.

With the right methodology, security professionals can move beyond mere detection. They can anticipate, assess, and intervene—turning intelligence into prevention.

Want to learn more? Check out our Signal Behavioral Threat Assessment Guide.

The deep and dark web continues to provide a breeding ground for illicit activity. As cybercriminals, extremists, and data thieves become more sophisticated, these online underworlds have evolved into major hubs for bad actors and nefarious online behavior.

The dark web has grown to serve as a breeding ground for ransomware attacks, data breaches, and a variety of other malicious activities that can strike at the heart of any organization.

In August 2024, a cybercriminal group known as USDoD leaked a database on the dark web, offering it for sale at $3.5 million. The compromised data, originally gathered by National Public Data, includes sensitive details like names, addresses, Social Security Numbers, and information about siblings. A class-action lawsuit was filed against National Public Data in Florida, accusing them of failing to adequately protect the data and collecting information from non-public sources without consent.

This is just one of the many recent security incidents tied to activity on the dark web. The issue is no longer whether threats are lurking in these spaces, but rather how businesses can keep an eye on them in an ever-evolving landscape.

What Is the Dark Web?

Many people mistakenly believe that the dark web is a single, cohesive network, but this is inaccurate. It is a sprawling collection of decentralized platforms, each built with the intention of preserving anonymity and secrecy. These platforms are essential to understand if companies are to effectively monitor and mitigate potential threats.

• Tor (The Onion Router): The most widely recognized of dark web networks, Tor provides users with layers of encryption designed to conceal their online activity. This network serves as a key venue for cybercriminals to operate undetected.

• I2P (Invisible Internet Project): Though less well-known, I2P offers a similarly anonymous environment that’s often used for secure communication, particularly in covert operations or illicit dealings.

• ZeroNet: An alternative to traditional web hosting, ZeroNet uses peer-to-peer hosting technology, which further complicates monitoring efforts due to its decentralized nature.

What Is the Deep Web?

While the dark web tends to grab the headlines, the deep web encompasses a much broader and more general collection of online content that is not indexed by search engines. This content is not inherently dangerous, but it often includes areas where illicit activities take place.

• Paste sites like Pastebin or Ghostbin are often used to dump and share large datasets, including sensitive or stolen information.

• Encrypted messaging apps, including platforms like Telegram and Discord, have become favorites among criminals for their ability to facilitate communication in relative secrecy.

• Alternative social media platforms, such as Gab or BitChute, have carved out spaces for extremist groups and the spread of misinformation, far removed from the moderation standards of more mainstream platforms.

• Breach forums like Cracked and Nulled have emerged as key marketplaces for stolen credentials, malware, and hacking tools, further fueling the dark web ecosystem.

The Challenge of Accessing and Monitoring the Dark Web

For most businesses, monitoring the deep and dark web is a daunting task. First, internal network policies often block direct access to these areas, leaving security teams with limited insight into potential threats.

Even when access is available, security professionals may lack the specialized tools or expertise necessary to navigate these murky waters.

The sheer volume and unstructured nature of data on these platforms add another layer of complexity. Without the proper resources, businesses can easily miss critical indicators of a cyberattack, a data leak, or a vendor compromise.

Why an Enterprise OSINT Platform Is Essential

This is where an enterprise-level OSINT (Open-Source Intelligence) collection platform like Signal becomes an indispensable asset. A robust OSINT solution gives security teams the ability to proactively monitor threats across the deep and dark web without exposing themselves to unnecessary risks. Here's how a comprehensive platform can support your organization:

• Secure, Compliant Access: OSINT platforms like Signal offer compliant, secure access to restricted content. This ensures that security teams can gather intelligence on potential threats without violating company policies or compromising internal network security. They can analyze dark web content without needing to actually access the dark web.

• Automated Data Collection: Instead of relying on manual searches and outdated methods, OSINT solutions automate the process of tracking emerging threats. This includes everything from detecting stolen credentials and tracking extremist threats, to identifying ransomware incidents in real time.

• Advanced Search and Filtering: With advanced tools for parsing and analyzing vast amounts of unstructured data, an OSINT platform enables analysts to cut through the noise. They can extract relevant intelligence with precision, helping them focus on the most immediate threats.

• The Rising Importance of Dark Web Monitoring

As cyber threats become increasingly sophisticated and frequent, simply relying on internal cybersecurity measures is no longer enough. Threat actors can infiltrate via third-party vendors, supply chains, or business partners. A breach in a vendor's system and subsequent dump on the Dark Web, for example, could put your organization at risk, but you might not even know until it’s too late.

Organizations can no longer afford to wait until after the fact to find out if their partners or suppliers have been compromised. As the business landscape becomes more interconnected, proactive intelligence is essential to understand where the vulnerabilities are—and whether your organization is at risk.

Conclusion

The deep and dark web continue to evolve and fuel a vast range of cybercrime and malicious activity. For businesses, this reality requires a shift in how threats are monitored. Relying on traditional methods to keep track of digital dangers is no longer sufficient. The need for comprehensive, proactive OSINT collection solutions is clear.

By incorporating tools like Signal into your security strategy, you gain the ability to navigate the shadows of the internet. It’s a necessity for any organization committed to staying one step ahead of emerging risks.

At Signal, we empower organizations to take control of their cyber defenses with OSINT solutions, enabling you to monitor and respond to dark web threats with speed, accuracy, and confidence.

Artificial intelligence has enabled us to process and interpret vast amounts of online content more efficiently than ever before in order to make critical decisions based on accurate analysis. By integrating advanced capabilities like generative AI, post categorization, and Named Entity Recognition (NER), Signal’s tools are designed to amplify human expertise, not replace it.

Streamlining Content Categorization

The sheer volume of digital content produced every second makes it increasingly difficult for analysts to identify actionable information. AI can help bridge this gap by recognizing threats of violence, hate speech, and a myriad of other areas of concern and then tagging it for a human analyst’s attention.

Instead of manually sorting through thousands of posts, analysts can rely on these systems to surface what matters most, cutting down noise and focusing their efforts where it’s needed. This level of automation ensures no critical detail slips through the cracks, even during high-pressure scenarios.

At Signal, categorization doesn’t stop at basic filtering. Our technology is designed with analysts' needs in mind, using machine learning models trained on real-world data. These models adapt to recognize the nuances of language and context, whether it’s a vague online threat or coded messages from a particular online community.

By grouping relevant posts together under tailored categories, we help analysts build a comprehensive understanding of any situation in a fraction of the time.

Connecting the Dots with Named Entity Recognition (NER)

Manually identifying key details like names, locations, and organizations across a sea of information is both time-consuming and error-prone. With NER, AI can instantly extract these critical elements from posts, offering a structured overview of the key players and locations involved. This feature enables analysts to see connections and patterns that might otherwise go unnoticed, giving them a head start on piecing together a full narrative.

NER is especially valuable in chaotic situations where details are emerging rapidly. For example, during a breaking news event, analysts can use this capability to identify recurring names or places being mentioned online.

This doesn’t just save time: it creates a foundation for deeper investigations, helping analysts connect information across platforms, conversations, or even geographical areas.

Empowering Analysts with Generative AI

Report writing is a core part of an analyst’s job, but it’s also one of the most time-intensive tasks. Generative AI transforms this process by helping draft initial reports in a polished, professional style. Analysts can input key details and receive a draft that’s ready for refinement, significantly reducing the time between gathering insights and delivering findings to decision-makers.

This capability doesn’t just streamline operations—it improves the quality of reports, too. By automating the more routine aspects of writing, analysts can focus on crafting more thoughtful conclusions or verifying critical details. Whether it’s summarizing complex datasets or generating readable summaries of dense information, generative AI ensures analysts spend their time where it counts: interpreting data and making assessments.

Uniting Fragmented Information

When incidents unfold online, they’re rarely confined to a single post or source. Discussions emerge across platforms, each contributing a piece of the puzzle. Signal’s AI clusters related posts to give analysts a complete, unified view of any event. This capability is particularly important for understanding fast-evolving situations, where isolated snippets of information need to be pieced together into a coherent narrative.

The Global Feed feature - providing next-generation open-source intelligence - takes this even further by providing access to a broad range of publicly available data in real time. By clustering posts and analyzing them collectively, analysts can uncover trends, track the spread of misinformation, or identify emerging threats. These insights are critical for producing reports that don’t just summarize events but also offer context and actionable recommendations.

Actionable Workflows, Timely Outputs

In time-sensitive situations, delays are catastrophic. Signal’s AI tools are built to prioritize speed and accuracy, automating repetitive tasks like post collection, categorization, and clustering. This ensures that workflows remain streamlined and decision-makers receive timely insights to guide their actions.

The impact of timely outputs extends beyond efficiency; it directly influences how decisions are made. Whether it’s responding to a security threat or planning a public relations strategy, actionable intelligence delivered in real time allows teams to act with confidence. Signal’s technology ensures that analysts can keep pace with the speed of the internet, empowering them to deliver insights that matter when they matter most.

AI as an Enabler, Never a Replacer

AI’s potential is transformative, but it’s no substitute for the critical thinking, intuition, and experience that human analysts bring to the table. Tools like Signal are designed to complement—not compete with—human expertise. By automating the most time-intensive tasks, AI enables analysts to focus on higher-value activities, such as interpreting ambiguous data or assessing the nuance of a potential threat.

The human-in-the-loop approach is particularly vital in complex cases, such as assessing threats or identifying patterns that require deeper contextual understanding. While AI provides the tools to speed up workflows and surface critical insights, it’s the analyst’s role to ensure that these insights translate into meaningful actions. At Signal, we believe the best results come from the perfect balance of technology and human expertise.

Try Signal

Want to see these capabilities in action? Request a demo today and discover how Signal’s Global Feed and AI-driven tools can transform your workflow.

The allure of “one-click magic” solutions is undeniable. A tool that promises comprehensive results at the press of a button? Great. No digging, no deliberating, just answers. It sounds like a dream, doesn’t it? But dreams can quickly turn into nightmares when the methods behind those answers are shrouded in mystery.

As the old saying goes: if it sounds too good to be true, it probably is.

As we move further into an era dominated by artificial intelligence, it is imperative for analysts to demand transparency from “black box” OSINT solutions.

The Hidden Risks of Black Box OSINT

Without a clear understanding of how intelligence results are derived, users are left with little more than blind faith. Consider the consequences in high-stakes industries like journalism, law enforcement, or national security, where a single unverified piece of information could lead to reputational damage, operational failures, and even endanger lives.

Moreover, the very nature of these tools reduces trust in AI-driven solutions. When users are unable to see how conclusions are reached, skepticism grows. This lack of confidence undermines the potential of artificial intelligence to assist in critical decision-making, turning what should be a powerful ally into a questionable crutch.

Users should never be in the dark about the mechanics of their tools. A lack of transparency not only risks operational credibility but also perpetuates the idea that OSINT solutions are “magic” rather than reliable, verifiable systems.

A Beacon of Transparency: the Power of Clear Sourcing

Rather than hiding behind proprietary algorithms and secretive processes, Signal’s Global Feed platform provides users with interactive dashboards and traceable data points, making it easier to cross-verify intelligence. This proactive transparency is a game changer in an industry plagued by ambiguity.

Transparency begins with an honest discussion of AI’s capabilities and limitations. Global Feed doesn’t sell illusions. Instead, it equips users with a clear picture of what AI can achieve, alongside its potential pitfalls. This openness allows users to navigate the complexities of OSINT with confidence, rather than uncertainty.

Global Feed also incorporates the Admiralty Scale, a trusted method from the intelligence community, to evaluate the confidence and credibility of its sources. This approach not only ensures accuracy but also fosters a deeper understanding of the data’s nuances.

Why Transparency Fosters Trust

Trust is the currency of effective intelligence, and transparency is its foundation. But trust doesn’t come from blind faith; it’s earned through understanding. Global Feed recognizes this and prioritizes user awareness at every step.

By providing clarity and openness on its methodologies, Global Feed demystifies the process of AI-driven intelligence. Users don’t need to be experts in machine learning to grasp the basics of how the platform works. This accessibility empowers users to make informed decisions, rather than relying on the supposed infallibility of a machine.

This transparency creates an environment where users can not only trust their tools but also feel empowered to justify their decisions to stakeholders. The combination of clear sourcing, intuitive tools, and ethical AI use sets a new standard for OSINT platforms.

The Future of OSINT Lies in the Open

The world of OSINT is at a crossroads. On one side, we have black-box solutions that promise simplicity but deliver opacity. On the other, transparent tools like Global Feed that embrace openness as a guiding principle. As the demand for ethical AI grows, it’s clear which path will prevail.

Transparency isn’t just a buzzword; it’s a necessity. It’s the difference between tools that merely function and those that truly empower.

Choose Signal’s Global Feed

You can place your trust in tools that guard their secrets, or you can opt for solutions that place their trust in you by being transparent and forthright. The era of blind faith in “one-click magic” is over. It’s time to demand transparency. And with Global Feed, that demand is met honestly and upfront.

Choose transparency. Choose trust. Choose Global Feed.

Marrying Generative AI with Open-Source Intelligence: A New Era of Collaboration

Open-source intelligence (OSINT) plays a critical role in identifying risks and mitigating threats. However, as the sheer volume of data available continues to grow, the workload for analysts becomes increasingly unmanageable. Generative AI has emerged as a game-changing tool, not to replace the human element but to work alongside it, enhancing the efficiency and depth of OSINT efforts.

The Role of AI in OSINT

Generative AI transforms the OSINT process by automating repetitive tasks and delivering insights more efficiently. Tasks such as drafting reports, scanning social media, or analyzing large volumes of unstructured data can now be handled more effectively with AI tools. This allows analysts to redirect their focus toward deeper analytical thinking, rather than being bogged down by manual data aggregation.

Why Humans Are Still Essential

While AI is adept at processing data quickly, it lacks the ability to contextualize findings or understand the subtleties of human behavior. Analysts bring a depth of knowledge, critical thinking, and ethical oversight that machines cannot replicate.

For example, AI might flag a threatening social media post, but a human analyst would assess its credibility, motive, and broader implications. Human analysts are also better at triaging potentially threatening posts and deeper Behavioural Threat Assessments. Keeping a human in the loop ensures that the intelligence generated is not only accurate but also actionable.

Saving Time Through Automation

One of the most valuable contributions of AI is its ability to handle time-consuming tasks. These include scanning thousands of news articles, identifying patterns across multiple platforms, and summarizing dense reports. By taking on these labor-intensive activities, AI allows analysts to allocate their time to more complex tasks, such as horizon scanning, conducting behaviour threat assessments, and utilizing structured analytical techniques.

Enhanced Insights with Generative AI

AI tools are particularly effective in synthesizing large datasets to uncover trends and anomalies. For instance, generative AI can identify correlations in online chatter, highlight potential risks based on emerging patterns, and even generate hypothetical scenarios for organizations to consider. These capabilities empower analysts to make better-informed decisions, faster.

Navigating Ethical Challenges

The use of AI in OSINT also comes with ethical responsibilities. Ensuring the fairness and accuracy of AI-generated insights requires ongoing oversight from human analysts. This is particularly important in avoiding biases, respecting privacy, and ensuring compliance with legal standards. Human involvement provides the ethical compass needed to navigate these challenges effectively.

Generative AI is a Force Multiplier for Intelligence Analysts, Not a Replacement

Signal’s platform is designed to empower analysts by turning unstructured data into actionable intelligence, and generative AI enhances this mission by acting as a productivity multiplier. By automating tasks like data collation, summarization, and anomaly detection, AI streamlines workflows and frees analysts to focus on deeper analysis and decision-making. This integration doesn’t replace the human element—it amplifies it, allowing professionals to direct their expertise toward interpreting complex information and crafting strategic insights.

Generative AI within Signal’s platform also sparks innovation by surfacing hidden patterns, generating fresh perspectives, and suggesting alternative approaches. It operates as a tool in the hands of skilled analysts, whose judgment ensures accuracy and relevance. Signal’s commitment to blending advanced AI with human expertise creates a partnership where technology supports, rather than supplants, the critical role of analysts, driving more efficient and impactful intelligence work.

A Balanced Approach for the Future

Generative AI and OSINT are not competing forces but complementary tools.

Want to see Signal in action? Signal’s Global Feed delivers real-time insights from diverse, high-value sources across the globe, empowering analysts to stay ahead of emerging trends and threats.

Whether you’re tracking geopolitical developments, monitoring supply chain risks, or detecting hazards near your assets, Signal’s Global Feed provides the clarity and context you need to act decisively. Explore how Signal’s innovative platform is transforming open-source intelligence—learn more here.