Cyjax Intelligence Platform
Strengths: Good open source context for cyber events in the news.
Weaknesses: Difficulty in locating support on the website, lack of depth in the Dark Web.
Verdict: We wish that Cyjax would use humans instead of computers to probe underground forums. Also, this is a bit pricey for what it offers. However, if you need open source intelligence with a bit of closed source thrown in, this is well worth your time to examine.
The Cyjax Intelligence Platform is comprised of multiple technologies built for purpose. It automatically collects information from open and closed source environments, both structured and unstructured data, which is presented to the end-user in customizable views, alongside a set of inbuilt analytical and monitoring tools.
This tool is a pure-play intelligence gathering tool and addresses both open and closed source. However, we were disappointed with its depth in the Dark Web where most useful hacker intelligence is developed. For example, in its forum list we missed such important forums as card club, bitshacking and exploit. Test searches that we did on Satan RaaS and the actor Cold_As_Ice returned very limited current information, all of which for Cold_As_Ice were on the 0day forum excluding AlphaBay where he has advertised the Satan RaaS extensively.
We attribute that lack of depth to the absence of Cyjax analysts actually in the forums. Instead, the company uses automation - with its inherent limitations - to gather intelligence. While Cyjax does have accounts on some underground forums those accounts are, according to the company, automated.
The portal appears to be focused largely on news. While this is interesting and, even, for some organizations, useful, again we found that it lacks the depth necessary for consistent actionable intelligence.
Layout of the portal is clean and you have some degree of control over what appears on the landing page. Although the company claims it has a support portal on its website, we were unable to find it. There is a FAQ there, however (which the company claimed it did not have) and while we found it a little heavy on the marketing, it was useful nonetheless.
The product is quite expensive - somewhat out of range of most organizations that are not fairly large - and would certainly need to be used alongside another service specializing in the Dark Web. Documentation is extensive and excellent: Although it is called a quick-start guide, it is one of the best user guides we've seen for a cloud service.
This portal appears to be part of the Intelligence Managed as a Service (IMaaS) concept and the Cyjax offerings in that regard seem quite extensive. This service adds the benefit of a suite of analyst packages that are quite granular. It appears to us that the portal is more suited to a community tool while the IMaaS is the kind of depth needed.
The support we received from Cyjax was excellent and our small problems were solved within minutes even at 6 a.m. EST on a Monday just a week before the RSA Conference. Overall, however, we probably would not, at its price, add Cyjax to our tool kit since we use research tools for in-depth analysis, most often in the Dark Web. However, for most organizations that can afford it there are good reasons to bite the bullet and spend the money. First, it gives good context even without the depth we are used to in the SC Labs. For that alone it likely is strongly worth considering. Second, if you are tracking some particular issue, you have lots of ways to bring new information about that issue to your attention.
We wish that Cyjax used a bit more robust method of plumbing the computer underground. Detailed data from a broad range of forums and marketplaces is lacking, likely due to the methods used to access the information. The open source materials are much more interesting, however.