The Internet never sleeps and an attack can occur anytime. Threat actors may even be working in a different time zone. Many times, security teams lack the tools and staff to monitor the web and social media 24/7.

Combining the Cyber Threat Center advanced workflows with robust processes developed over many years, the LookingGlass Watch Desk keeps up with the stream of data being logged day and night. The Watch Desk screens out noise and delivers vetted alerts relevant to your business. Escalation and notification procedures are customized to each client and can include email, SMS, and phone-based delivery based on criticality. You can spend your scarce resources investigating and responding to actual concerns instead of having to staff around the clock just to look out for them.

The LookingGlass Watch Desk uses client-specific inputs such as brands, company and executive names, locations, Internet protocol (IP) addresses, and other indicators for online monitoring. The Cyber Threat Center uses sources from the web, Internet relay chat (IRC), and social media, to monitor for risks including:


  • Internal system or access details, such as technical discussions, employee credentials, and employee contact information (e.g., email addresses that often are, or contain, the username used in the company Lightweight Directory Access Protocol (LDAP) or similar sign-on directory)
  • Disclosures of customer account data, login data, sensitive documents, and/or personally Identifiable Information (PII) such as data captured in a phishing attack, data posted by hackers after a data breach, and data being bought/sold on forums, chat rooms, social media, or “paste” sites
  • Indications of recruitment, planning, execution, or claiming responsibility of cyber attacks against an organization that includes a client indicator in conjunction with various vectors, tools, or known threat actors
  • Disruptive events nearby or impacting your headquarters or major installations, (e.g., fires, natural disasters, major traffic/transport accidents, civil unrest, or emergency response activity)
  • Organized protests or activism affecting your physical operations (e.g., phone bombs, flash mobs, rallies, “occupy” actions, disrupting company events, strikes, walk- or sick-outs)
  • Physical threats to your employees, assets, facilities, or infrastructure, such as murder, arson, attack, assault, harassment, or intentional property damage
  • Targeting or interest by known threat actors
Leave a Message
top down