Due to the high volume of false positives, many security teams can suffer alert fatigue which can lead to less than ideal behavior. Analysts can begin to miss, ignore, or turn off alerts. Although this behavior is clearly understandable, it can lead to teams missing important indicators of genuine threats.
Beyond private conversations, which are not legally accessible without warrants if at all, there are hidden data sources that live on what is called the Dark Web. The Dark Web is an unconnected collection of private spaces online where communication, sharing, and transactions can often occur in plain sight. It has been corrupted though, and security professionals and law enforcement are taking great interest in this type of activity.
The investigative process requires the right lens, and you need to know where to start looking. OSINT techniques uncover information about malicious threat actors, possible threats, or crimes that have occurred in the conversations and breadcrumbs that people leave behind on the Internet in the commission of, or in relation to, the acts.
What was once the domain of highly specialized teams even half a decade ago, the collection and utilization of OSINT data as a function of security is now becoming a critical component of overall threat intelligence for both corporate and cybersecurity teams. With this rise in priority has come the expansion of teams and an influx of new OSINT practitioners.
All organizations conduct some form of due diligence. It enables decision-makers to identify relationships that will serve in the best interests of their shareholders, customers, employees, and brand. Incorporating OSINT into your due diligence process will be key to getting the information you need.
It is possible, if not likely that your organization is already using OSINT tactics. Digital information is ubiquitous and even unavoidable. But are you using it effectively? Experienced OSINT analysts are hard to come by, but they are best positioned to detect and investigate risks to your organization using open-source data including social media, blogs, forums, and media sources.
Many cybersecurity organizations consider gathering cyber threat intelligence to be among the most fruitful of cybersecurity activities. Corporate rules of engagement can help organizations avoid being subjected to unnecessary risks when gathering OSINT online.
Toni Chrabot, leading Risk Intelligence Strategist & former FBI Special Agent shares insight on adapting the investigative process to address technological advancements.
Official reports from the CDC and WHO only told part of the story. Using the Media Sonar platform, we used a simple set of queries to quickly identify any newly reported cases as they were discovered. This information helped fill any gaps and delays in official reporting and helped to provide an early warning of new cases in North America.
What does situational awareness have to do with facility protection? Facility protection involves protecting physical spaces. This is traditionally accomplished by controlling access and monitoring the physical space for threats. Security personnel observe people, and their behaviors, to inform what actions need to be taken at any given moment. The responses tend to be more reactive than proactive because you must rely on what you see to dictate what to do.