As organizations evolve toward ideals of system-wide security, they are expanding their perimeter to include a growing number of different types of assets. Meanwhile, cybercriminals have a more singular focus – perpetuating threats and payloads. Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015.
The other challenge, besides viable threats, is managing the overwhelming number of security alerts. Security analysts will spend up to 75% of their day triaging alerts. Valuable time is wasted chasing false positives and manually correlating disparate data sources. Security teams end up looking into incidents that have little or no impact on their assets which takes time away from alerts that have more major consequences.
One way to solve this problem is to streamline the collection, processing, and analysis of web intelligence data. Security teams must focus their attention and mitigation efforts on threats that have the most impact on their critical assets.
To build your web intelligence framework, you will need to look across the whole organization and take a system-wide approach to map it. You will need to establish what your security priorities are and what you hope to achieve by using web intelligence.
Define Your Digital Security Perimeter
This means documenting your networks, systems, data, and other digital assets. You must take into consideration your physical security needs, whether you have facilities to secure or executives to protect. You need to also account for intangible assets like your brand.
Assess Your Risks
Once your security team understands fully what assets must be protected, you can start to analyze the risk to assets if damaged or compromised. This will enable you to prioritize the security of your critical assets over the ones where threats have little or no impact.
Next, your security team will be spending some time investigating and assessing the known risks to your assets. While you can’t forecast future risk, you can learn from what you know based on the abundance of information available. Internal logs or security reports, external intelligence, and the security community are good places to start.
Learn how security teams can overcome traditonal security challenges with OSINT & apply actionable intelligence across the entire organization to show that corporate security is more than just a cost center
Web Intelligence Foundations
After you clearly understand your organization’s objectives and you’ve defined what must be protected, you need to design how your security team will operate. At this point, you will need to categorize and obtain the foundational tools you will use to conduct the primary tasks of collection, processing, and analysis of the data.
Half the time spent triaging alerts is spent manually correlating disparate data sources. That data needs to be consolidated in order to connect the dots. This can come in many forms, such as raw data from intelligence databases, open-source intelligence from forums and paste sites, social platforms, or intelligence reports and news. Having access to consolidated web intelligence will cut the time in half.
Raw data needs to be processed by different means than human-generated intelligence, but it needs to be actionable in a common way by security teams. In order to correlate intelligence for your critical assets and to properly analyze events, the collected data needs to be structured. It’s not just about the format – applying artificial intelligence during processing will help you better detect and prioritize indicators to map them to your assets.
You must have tools to automate the collection and processing of data. The final pillar of your web intelligence foundation will require human insight. Your security team will have tools to transform the processed data you’ve collected into informed decisions. Visualizations are often necessary to analyze large amounts of information, and web intelligence will also need to be delivered to other parts of your organization in formats that fit the operational needs of different teams.
Securing Critical Assets
Web intelligence provides a broader view of the threat landscape than internal intelligence alone. Your security team will get better at forecasting future threats and identify patterns that would otherwise remain undetected.
Improving operational efficiency is necessary as security operations evolve. Being able to cordon off your assets and correlate them to data is the key piece to reducing the strain on security teams. They can reduce false positives and focus on the alerts that matter most. The core objective – making it easier and faster to proactively defend assets against threats. This way organizations can operate without hindrance or harm.
New Feature: Import existing asset inventory data
To make it easier to connect your assets to web intelligence, Media Sonar already provides asset management and correlation capabilities. Our system comes with considerable flexibility to allow many different types of assets – digital assets, physical assets, and the truly intangible ones that represent the heart of your organization, like your brand. Now, to speed up the job of implementing your web intelligence foundations and security during events, Media Sonar is launching the ability to import data from asset inventories or other sources to our system in a tabular CSV file. Use existing data to achieve a well-defined security perimeter and quickstart your web intelligence monitoring for critical assets.