Darkweb and breach monitoring

Service Definition • Armstrong Bell • 21 May 2026
Document summary

This document provides detailed information about the services offered to customers utilising our Dark Web and Breach Monitoring solution. This information clarifies the scope of items included within the overall service provision.

Core service provision

Our Dark Web and Breach Monitoring service is designed to proactively detect and mitigate risks associated with data breaches, compromised credentials, and sensitive information being sold or exposed on the dark web. The service provides the following advanced feature set:

  • Monitor dark web forums, marketplaces, and other illicit online sources for compromised credentials or sensitive organisational data
  • Alert customers when newly identified breaches impact their data
  • Provide detailed breach reports, including the scope and nature of exposed information
  • Detect account takeovers and deliver actionable steps to mitigate risks
  • Generate detailed risk assessments with recommendations for improved security
  • Continuous updates to ensure new threats and breach sources are monitored effectively

The solution is managed and monitored by our in-house team, ensuring that threats are detected and addressed proactively. During on-boarding, monitoring policies are tailored to align with the customer’s organisational needs, including keywords, domains, and high-risk assets.

Service desk support

Customers can directly contact our dedicated support team for assistance with queries or issues. Typical requests include:

  • Adding or updating monitored assets such as domains or email addresses.
  • Reviewing breach alerts and determining appropriate mitigation steps.
  • Clarifying breach reports and recommendations provided.
  • Adjusting alert thresholds or notification preferences.

Service coverage is provided in line with the customer’s existing Managed IT Service support contract.

Alert management

Our team receives alerts for various events relating to the Dark Web and Breach Monitoring platform, including:

  • New breach detections or credential leaks.
  • Anomalous dark web activity involving monitored assets.
  • Platform updates or service disruptions.

Upon receiving an alert, our team conducts an initial impact review. If applicable, communications are sent to customers with detailed findings and recommended actions.

User notification
Our platform includes the ability to notify impacted users of potentially compromised or leaked credentials directly, during on-boarding our team will discuss with the customer as to whether this functionality is desired.
Available reporting

The platform includes several built-in reports, providing insights into threat exposure and mitigation efforts. These reports offer detailed information around compromised data, potential threats, and risk trends:

  • Breach and Exposure Reports: Detailed insights into identified breaches and leaked data
  • Asset Monitoring Reports: Overview of monitored domains, credentials, and keywords
  • Dark Web Activity Insights: Highlights trends and specific threats emerging from dark web sources
Vendor escalation

Our team works closely with our preferred partner for dark web monitoring services, ensuring seamless escalation of incidents where required. All initial analysis and investigation are conducted internally before vendor escalation for advanced technical queries or platform-specific issues. This process is fully managed by our team, with no additional cost to the customer.

Addition of New Features

When new features are introduced to the platform that could benefit the customer, these changes are evaluated by our team for suitability. If the changes require service disruption or modifications to core components that may impact existing functionality, these will be communicated to the customer, and a suitable path forward will be agreed upon.

For additional functionality requiring significant customisation or integration, these items will be scoped and discussed independently with the customer.

On-boarding
The on-boarding steps for the core components are listed below:

  1. Initial Consultation and Requirements Assessment
    • Understand the organisation’s digital footprint and data protection needs
    • Identify key assets for monitoring, including domains, email addresses, and IP addresses
  2. Platform Configuration
    • Set up monitoring tools to track specific keywords, domains, or IP addresses
  3. Baseline Assessment
    • Perform an initial scan of dark web sources and breach databases
    • Deliver a baseline report of existing exposures and risks
  4. User Notification Process
    • Establish communication protocols for alerting affected users, this can be either direct from the platform or via our team
  5. Ongoing Monitoring and Reporting
    • Continuously monitor dark web sources for new threats