In part 1part 1, we discussed open-source intelligence (OSINT), how it’s being used, and how it can help an organization in their information security operations. In part 2part 2, we discussed a few tools and techniques used to gather open source intelligence and then some examples of analysis to make sense of the information collected.
In the next and final part of this series, we will close out the topic by discussing how OSINT can be integrated with an internal security program and help to beef up security for both infrastructure and operations.
Look for the Signals
The first thing to remember about OSINT is that it does not stand alone. Data is only as good as the surrounding context. By simply gathering data without asking what to gather and why data is being gathered in the first place, the purpose is effectively defeated.
To be able to use OSINT and maximize its capabilities, security professional need to find “the signal in the noise,” so to speak. How these can be found can be done in many ways: standards when looking for fraudulent data, signs of a phishing email campaign, signs of a potential risk upon hiring employees, among other things.
OSINT systems, especially the automated ones, are not just “let loose and see what happens.” They need to be fed the right information. They need to be trained to know what to look for over and over again.
The system cannot simply learn on its own. It needs to be given a path with reproducible, vetted positives and negatives so that it can start to identify patterns on its own.
Of course, looking for them is just one piece of the puzzle. The next is to curate and analyze them in such a way that makes sense. One can make use of tools and services like those given in part 2 to complete the puzzle and assess the various risks in an organization and triage them according to the level of risk of the findings.
Education is the Key
Perhaps the best way to utilize OSINT findings in an organization from a security perspective is to educate members. One can have the most sophisticated technical tools in the world, but by and large, people remain the weakest link. Hence why social engineering is the tool of choice to get things done.
A properly curated, analyzed set of information from OSINT data gives an organization a big picture of what is out there at a given time. This gives organizations the opportunity to educate members on what is normal (as a baseline) and what signs to look for that can make or break their organization.
The Takeaway: Be Proactive and Stay Ahead
Attackers are able to create weapons based on the information they gather through OSINT analysis. Each attack can be tailored to exploit specific weaknesses. The aim of attackers is to either act as someone that can be trusted or create a situation that is considered trustworthy to aid in achieving their goals.
Keeping this perspective in mind, it is the responsibility of the organization to be proactive and constantly monitor and search their OSINT data to stay ahead before issues become major headaches.
Remember, security professionals can have the best tools and the most comprehensive processes, but it only takes one exploited vulnerability for an attacker to achieve their mission.
References
http://www.securityweek.com/osint-alone-does-not-equal-threat-intelligence
https://brightplanet.com/2016/09/how-to-find-the-signal-in-the-noise-of-open-source-data/
https://umbrella.cisco.com/blog/blog/2015/10/21/the-more-you-know-osint-and-security/
http://www.zettacloud.ro/portfolio/intelligent-data-analytics/
