Skip to content
Dark Web Monitoring

Your credentials are already for sale. The question is whether you know it.

Stolen credentials from breaches you were never part of surface on criminal marketplaces every day, and they're tried against your business first. We watch those markets continuously and alert you before a listed credential is used.

Engagement snapshotGMAN IT
EnquireDark Web Monitoring, ex-GST
ContinuousMarketplace & breach-dump scanning
Same-dayAlert on a matched credential
Add-onManaged as part of your engagement
The exposure you can't see from inside your network

The breach that exposes you might not be yours.

A supplier, a SaaS vendor, or a website your staff signed up for years ago gets breached, and the password reused on your systems surfaces on a criminal forum. Your network logs show nothing wrong, because nothing inside it has been touched yet.

How GMAN protects

Watching the exposure before it's used against you.

Dark web monitoring closes the gap between a credential being stolen somewhere else and it being tried against you.

  1. 01

    We watch the markets, not just your network

    Criminal marketplaces and breach dumps are scanned continuously for your domain's credentials, wherever they surface.

  2. 02

    We cover the whole domain, not named executives

    Every staff credential tied to your domain is in scope, not just the ones an attacker would expect you to watch.

  3. 03

    We alert the same day a match appears

    A matched credential triggers an alert and a forced-reset recommendation before it's tried against your systems.

  4. 04

    We fold findings into the bigger picture

    A leaked credential updates your risk posture across Shield and Fortress, not a standalone alert nobody actions.

What’s deployed

6 controls. One accountable partner.

Every line below is deployed, monitored, and maintained by us — not a part-time attention split across your other vendors.

Deployed and maintained by us

Dark Web Monitoring — Inclusions Ledger

  1. Continuous scanning of criminal marketplaces & breach dumpsNot a quarterly check — an ongoing watch across the sources credentials actually surface on.
  2. Domain-wide credential coverageEvery staff account tied to your domain, not just named executives.
  3. Same-day alert on a matched credentialYou hear about an exposure before it's tried against your systems, not after.
  4. Guidance on forced reset & containmentA clear next step the moment a match appears, not just a notification.
  5. Managed as a standing add-onEnquire to add it to your Shield or Fortress engagement — no separate contract negotiation.
  6. Cancel anytimeA recurring add-on, not a fixed-term commitment.
Live exposure feed
The signature peak

What’s already out there.

Illustrative feed — the pattern is real, the entries are masked. This is what continuous monitoring actually looks like.

Credential exposure feed · illustrativeScanning
  • j•••••@yourfirm.com.auAlerted

    2024 third-party retail breachpassword reused on your tenancy

  • a•••••@yourfirm.com.auMonitoring

    Unrelated SaaS-vendor breachunique password, no reuse detected

  • s•••••@yourfirm.com.auAlerted

    Credential-stuffing list, 2023password reused, MFA blocked the attempt

  • m•••••@yourfirm.com.auMonitoring

    Forum credential dumpunique password, no reuse detected

Dark Web Monitoring

Continuous scanning of criminal marketplaces and breach dumps for your domain’s credentials — added to your Shield or Fortress engagement, billed monthly, ex-GST.

Enquire
Add to your protection

Cancel anytime.

Operational security excellence

We don't describe the work. We show it.

Case file · Medical & Allied Health · Melbourne · redacted

A reused password, flagged before it was ever tried.

  • A staff member's credential surfaced in a breach dump from an unrelated retail website.
  • The same password was in use on the practice's patient-management system.
  • The account was force-reset and MFA enforced before the credential was tested against it.

No unauthorised access occurred. The practice avoided what would otherwise have been a reportable incident under the Privacy Act and the My Health Records Act.

Read the full file

The complete teardown — every gap found and closed — sent to your inbox. No call required.

One email, the file, nothing else. We don't sell lists — discretion is the work.

Find out what’s already exposed — before it’s tried against you.

A Cyber Risk Assessment shows exactly where you stand, and what it takes to close it. Credited toward your first year of protection.