Black Kite Introduces ThreatTrace to Detect New IOCs Using Internet Traffic

Black Kite, the leader in third-party cyber risk management, announced the release of ThreatTrace, its new capability that improves threat detection using NetFlow and DNS telemetry to strengthen an organization’s visibility into third-party cyber risk. Black Kite is the first TPCRM vendor to incorporate this deep level of visibility into third-party cyber risk monitoring and ratings, enabling teams to proactively take targeted action with their vendors.

“The release of ThreatTrace reflects our continued commitment to building the most comprehensive and trusted data foundation for third-party risk intelligence,” said Candan Bolukbas, CTO & Founder, Black Kite. “Internet traffic flows provide powerful signals of potential compromise. When an organization’s digital assets repeatedly connect to known malicious infrastructure, high-risk regions, or unusual services, it’s a strong indicator that something may be wrong – and teams need to act quickly.”

Cyber Technology Insights: Black Kite and Carahsoft Partner to Deliver Third-Party Risk Management

NetFlow and DNS telemetry have long been valuable data sources in the SecOps world for detecting suspicious activity and deepening cyber investigations. With the release of ThreatTrace, risk teams can detect new IOCs and anomalies to act faster and stay ahead of third-party threats through:

• Stronger cyber intelligence with a new set of controls added under the IP Reputation risk category, informed by NetFlow and DNS telemetry
• Broader IOC and anomaly detection, including botnet-related activity, reconnaissance/C2 communication, potential data exfiltration, and more
• Greater supply chain visibility by uncovering new subdomains and connected third-party service providers.

Cyber Technology Insights: Black Kite Introduces AI-Powered Cyber Assessments

With ThreatTrace, TPRM teams can now proactively detect new IOCs and anomalies, including:

• Botnet Infection: Identifies IP addresses that have been blacklisted by multiple threat intelligence sources, indicating that an internal asset, like a server, IoT device, or workstation, is likely compromised and actively participating in malicious activity, such as spamming, DDoS attacks, or C2 operations.
• Suspicious Outbound Activity: Detects active compromises by correlating DNS queries to high-risk domains (e.g., Tor sites, hacker forums, or C2 servers) with corresponding network traffic from the company’s IPs.
• Active Threat Actor Targeting: Detects when known malicious IP addresses, such as botnets or C2 servers, are actively interacting with a company’s digital assets, indicating an organization is being targeted for reconnaissance or attack.
• Traffic Baseline Deviation: Flags significant deviations from established traffic patterns, including unusual data volume spikes, connections to previously unseen high-risk IPs, and the use of abnormal ports, which are potential markers of data exfiltration.
• Geopolitical and Service Risks: Identifies unauthorized services and suspicious data flows directed toward high-risk or sanctioned countries to detect both potential data leakage and compliance violations.

Cyber Technology Insights: Black Kite, CGS CyberDefense Partner to Tackle Third-Party Risk with Deeper Insight

Source: PRNewswire

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com