Skip to main content
CloudKey
English Français
Request a demo

Dark web monitoring service

Dark web monitoring for business

Dark web monitoring is the continuous tracking of breach corpora, leak sites and the public internet for your organization's exposed credentials and assets, so you find out you are exposed before an attacker uses it against you.

CloudKey delivers a monthly exposure report for your domain: leaked credentials cross-checked against breach databases, exposed subdomains, open ports and edge vulnerabilities, ranked into one executive risk score and sent to a named owner.

  • Monthly report
  • Leaked-credential checks
  • External attack surface
  • One risk score
Get your monthly exposure reportTalk to our team
Sample monthly exposure report showing an executive overview with exposure counts and an overall risk score, prepared for example.com

From a sample report

What one month of exposure can look like

42
Leaked credentials found
18
Exposed subdomains
3
High-risk open ports
7
Vulnerabilities detected
6.5
Overall risk score, rated high

Figures from a sample monthly report prepared for example.com, shown for illustration.

Overview

The view an attacker has of your business, every month

Attackers do reconnaissance before they act. They buy leaked passwords, scan your domain for forgotten subdomains, and look for the exposed service nobody remembered to lock down. Dark web monitoring gives you that same view of yourself, on a schedule, so the gaps get closed before they are used.

Each month CloudKey scans your domain and the breach corpora attackers draw from. We cross-check your email domains against known leaked-credential databases, map your external attack surface, and flag the exposures that actually matter. The result is one report with an executive risk score and a prioritized list of what to fix.

This is monitoring, not a one-off scan. Exposure changes constantly: a staff member reuses a password, a new subdomain goes live, a service drifts out of policy. A monthly cadence catches those changes the month they happen, not at your next annual review.

What is inside

Inside the monthly exposure report

Four signals, cross-referenced and ranked into one picture. The panels below come from a sample report prepared for example.com.

Your email domains cross-checked against known breach databases, so you see which staff credentials are circulating and need a reset before they are abused.

Sample report table of leaked passwords with the searched value, breach source and detection date, prepared for example.com

Subdomain discovery across your domain, including the forgotten and the unmanaged, the assets attackers find first and you often do not know exist.

Sample report table of detected subdomains with index and subdomain URLs, prepared for example.com

Internet-facing IPs scanned for exposed services and open ports that widen your attack surface beyond what you intended to publish.

Sample report of network infrastructure showing IP addresses, open ports and a port-risk legend, prepared for example.com

Known vulnerabilities on internet-facing services, all rolled into a single executive risk score so leadership sees the trend at a glance.

Sample report of vulnerability findings grouped by critical, high and medium severity with CVE metadata, prepared for example.com

Sample data for example.com. Your report shows your own domains, redacted and sent to a named owner.

How it works

How does dark web monitoring work?

Domain-scoped, authorized, and delivered to a named owner.

  1. 01

    Scope your domains

    You tell us which domains and brands to monitor. Reconnaissance only runs against assets you authorize in writing.

  2. 02

    Monthly scan

    We check breach corpora for leaked credentials and map your external attack surface across subdomains, ports and edge services.

  3. 03

    Rank and score

    Findings are cross-referenced and ranked into one executive risk score, so the few that matter stand out from the noise.

  4. 04

    Deliver to an owner

    A redacted report goes to a named owner each month, with a prioritized list of what to fix and what changed since last time.

FAQ

Dark web monitoring, answered

Dark web monitoring is the ongoing tracking of breach databases, leak sites and the public internet for your organization's exposed data, mainly leaked credentials and exposed assets. It alerts you when your information appears so you can act before an attacker does.

By cross-checking your email domains against known breach corpora and scanning your external attack surface. CloudKey does this monthly and delivers the results in one report, so you do not have to search leak sites yourself.

We scope your domains, check breach databases for leaked staff credentials, map exposed subdomains and services, and rank everything into a monthly exposure report with a single risk score and a prioritized fix list.

A compromised credential is a username and password pair that has leaked, usually through a third-party breach. Because people reuse passwords, one leaked credential can open accounts far beyond the site that was breached, which is why monitoring for them matters.

They overlap. Dark web monitoring focuses on leaked credentials and data exposure; attack surface management focuses on discovering and tracking your internet-facing assets. CloudKey's monthly report covers both angles for your domain.

Next step

See your first monthly exposure report

Tell us which domains to monitor. We run the first scan against the domains you authorize and deliver a redacted report with your exposure ranked and scored.

Get your monthly exposure reportTalk to our team