Skip to main content
Visit Our Museum of Cyberdefense Past & Future at RSAC 2025
RSAC 2025
Request a Demo

Smarter Security Series – Demystifying the Deep and Dark Web Intel

In the final video of this installment of the Smarter Security Series, Devin Somppi and Lara Meadows bring into focus the much-discussed, sometimes feared, realms of the deep and dark web. The duo dissects what these terms mean, not just to tech wizards but also to business leaders and key decision-makers.

Devin emphasizes that the whole dialogue around the deep and dark web is sometimes inflated due to a lack of understanding.

The question Devin poses, is how do you determine what is deep web or dark web traffic, and how crucial is that data for you?

While discussions of the deep and dark web are dominating many boardrooms, Devin warns organizations to avoid tunnel vision. It is not just about checking a box in terms of coverage. Instead, incorporation of such intel should bolster your threat intelligence program, ultimately contributing to business outcomes.

His stance is solid; implementing advanced cybersecurity measures is akin to driving a top-notch sports car. If you aren’t equipped with the basic knowledge, even the best systems won’t deliver the results you need.

This video throws light on a key tenet of cybersecurity— questioning whether your tactics are yielding the anticipated outcomes. Is your security team benefiting? Are your operations and dev ops team aligned? If your organization doesn’t have the resources, should you partner with an expert?

Watch the interview below!

Show Transcript

 00:11
Lara Meadows
How much are you seeing with deep web, dark web? Because we’re seeing a lot of customers ask that. But then I think going to your XDR, what’s your definition? Yeah, probe a little bit further.

00:22
Devin Somppi
That’s kind of a catch 22 a little bit because it’s a great way to talk and drive discussion of like the deep dark web. And I think I’m not, I don’t have the statistic number in front of me, but I remember it’s something like 60% of the internet is deep web and you can only access it through specific stuff. And I don’t know if that’s actually true or not, but it is definitely broader than just the Google search that you typically do. That comes with a whole slew of other caveats around that, because how do you identify what is deep web and how do you identify what is dark web? And that really comes down to what data actually matters to you and where they’re existing within your environment. And a great example that I’ll give is Tor protocol traffic.

Most firewalls will pick up Tor protocol traffic. It’s just kind of a signature based thing. It’s well known, it’s well studied, it’s well established, as it was a big risk when it first came out. So how do you make a determination based on your perimeter, based on your endpoint, based on maybe even programs installed on terminal servers of what is generating that Tor traffic? And is it actually Tor traffic? Because signatures look for a fingerprint. Well, let me ask you the question. How do you determine what’s a zebra versus a horse based on its hoof print? And so that’s where you start to learn or start to drive further into the context avenue of this and look at threat intel as a piece of the puzzle of that. Is this a known Tor exit node? Do I have DNS logging? Do I have, you know, SSL breakers to look at torque traffic? Can I even determine Tor traffic? And that really starts to open up your eyes to less about the dark web and deep web and kind of tying it back to your posture and understanding where that’s kind of coming from. It’s, it’s a really interesting discussion when you ask organizations or CISOs or CTOs about what the dark web and deep web means to them. Because just like XDR, it means something different to everyone. They have their own interpretation of it. And that can either drive a lot of fear or it can drive a lot of resiliency and discussion to combat what that may be.

 The one thing I will say is it’s really neat when you’re able to learn, or I’ll call it, pull the curtain back a little bit because that’s a place where everybody feels hackers go to hide. It’s a really easy place to escape. It’s a really easy place to be anonymous. And pulling back that curtain a little bit and garnering some of that information from those areas in the form of threat intel is really, really important. And it allows you to really benefit from kind of that information that’s coming from those areas. It’s crucial as part of the threat intel stream for sure. 

03:26
Lara Meadows
It is. But it’s amazing how many companies seem to have this, I won’t say brainwashed, but like going back to our CFO reading the Wall Street Journal, right, and says, hey, we need to get this deep web, dark web. This is really important. So I love your discussion about probing why, how are you going to use it? Where are you planning to get it from? How are, you know, and pushing a little bit further to really understand how folding that intel into your threat intelligence program is really going to help your business.

03:58
Devin Somppi 
For sure. And it kind of comes back to a little bit of like foundations. You know, the analogy that I always kind of talk about is you could buy the best, fastest sports car, like McLaren, like top of the line, but if you don’t know how to drive, you don’t know how to take the basics out, you don’t know how to drive stick, that supercar is not going to do what you need it to do. You may get across the finish line, but you may destroy your reputation, you may destroy your outcome from that. And it kind of ties back into these foundations. And I’m a firm proponent in outcome driven security. What is the tangible, realistic output that we can garner from this? What does this mean for your organization? What does it mean for you? What does it mean for your security team? What does it mean for your operational team and DevOps? Because it has an impact on everything. And if you can start to ask those questions, you can then evaluate what you have. Maybe you don’t have enough resources and need help. You need a partner to do that. Maybe you can tackle it yourself, but it allows you to be realistic in your approach and understand where things may be lacking and allows you to not have point solutions. That’s my favorite thing that I come across a lot is like, I’ll use the CFO, Wall Street Journal example of this. It’s like we need to deal with The dark web, deep web, perfect. And they do it and no one looks at it ever again. We checkbox that we did it and it’s like, okay, did you integrate it fully? Did you operationalize it? Are you leveraging it? Do you have metrics to back your evidence? And that if you don’t work towards that goal, which can be daunting, and not everybody needs to get to the perfect end state, but something is better than nothing, that allows you to actually capitalize on what you’re trying to do.

05:56
Lara Meadows
That’s a key point, a really key point, how often we run into customers. And I loved your outcome driven Security Intel. I love that.
Awesome.

06:04
Lara Meadows
Well, Devin, thank you so much for your time today. Really excited about this and really appreciate all you’re doing.

06:09
Devin Somppi
It was my pleasure. Thank you for having me.