CSIS Threat Monitors is a digital risk protection service that provides 24/7 monitoring of external threats to organizations. The service monitors multiple sources including underground marketplaces, dark web, Telegram communities, and phishing sites to identify risks related to the organization. The service tracks stolen payment card information from dark web sources and phishing sites. It monitors for compromised customer and employee credentials that may be exposed in data breaches. The platform includes Telegram monitoring capabilities to detect brand mentions or specific keywords in closed chats and communities. The HoneyNet monitor component tracks malicious servers and domains globally, analyzing sinkholes for communication from the organization's public IP ranges. The Trojan Monitor examines Trojan target lists and configuration files to identify if the organization's URLs or brands are being targeted. The CSIS Threat Intelligence Services team investigates command and control servers, recovers and reverse engineers phishing kits and panels, and retrieves credentials and leaked data from drop sites. The service aggregates data from research activities, incident response learnings, and public and private sources. The platform provides automated real-time alerts when threats are identified, including data leaks, stolen credentials, or relevant mentions on monitored channels.