Best Practices for Protecting People, Organizations, Locations & Domains with OSINT.
Due to the high volume of false positives, many security teams can suffer alert fatigue which can lead to less than ideal behavior. Analysts can begin to miss, ignore, or turn off alerts. Although this behavior is clearly understandable, it can lead to teams missing important indicators of genuine threats.
Natural Language Processing is a form of machine learning that allows for the teaching of context to a data processing program. Its goal is to enable the rough creation of a human-like understanding of language. While it will not completely replace traditional keyword searching at this point - it will be a bolstering factor to efficacy and relevancy in OSINT investigations.
Beyond private conversations, which are not legally accessible without warrants if at all, there are hidden data sources that live on what is called the Dark Web. The Dark Web is an unconnected collection of private spaces online where communication, sharing, and transactions can often occur in plain sight. It has been corrupted though, and security professionals and law enforcement are taking great interest in this type of activity.
There is a lot out there in terms of public conversations. People use the Internet to communicate everything, even beyond the boundaries of what is often acceptable in regular society. OSINT investigators will want to capture all conversations and interactions surrounding an event for a threat actor they are investigating.
The investigative process requires the right lens, and you need to know where to start looking. OSINT techniques uncover information about malicious threat actors, possible threats, or crimes that have occurred in the conversations and breadcrumbs that people leave behind on the Internet in the commission of, or in relation to, the acts.
What was once the domain of highly specialized teams even half a decade ago, the collection and utilization of OSINT data as a function of security is now becoming a critical component of overall threat intelligence for both corporate and cybersecurity teams. With this rise in priority has come the expansion of teams and an influx of new OSINT practitioners.
All organizations conduct some form of due diligence. It enables decision-makers to identify relationships that will serve in the best interests of their shareholders, customers, employees, and brand. Incorporating OSINT into your due diligence process will be key to getting the information you need.
It is possible, if not likely that your organization is already using OSINT tactics. Digital information is ubiquitous and even unavoidable. But are you using it effectively? Experienced OSINT analysts are hard to come by, but they are best positioned to detect and investigate risks to your organization using open-source data including social media, blogs, forums, and media sources.
The COVID-19 pandemic has resulted in a renewed surge of cyber attacks and exploits. Open-source intelligence holds keys to investigating these types of emerging cyber threats.