Decoding (Open-source) Intelligence, Part 3: Now What?

In part 1 of this series, we discussed open-source intelligence (OSINT), how it’s being used, and how it can help an organization in their information security operations. In part 2, we discussed a few tools and techniques used to gather open source intelligence and then some examples of analysis to make sense of the information collected. In the next and

Samantha CruzBy: Samantha Cruz, Feb 23, 2018
TwitterFacebookLinkedIn

In part 1 of this series, we discussed open-source intelligence (OSINT), how it’s being used, and how it can help an organization in their information security operations. In part 2, we discussed a few tools and techniques used to gather open source intelligence and then some examples of analysis to make sense of the information collected.

In the next and final part of this series, we will close out the topic by discussing how OSINT can be integrated with an internal security program and help to beef up security for both infrastructure and operations.

 

 

Look for the Signals

The first thing to remember about OSINT is that it does not stand alone. Data is only as good as the surrounding context. By simply gathering data without asking what to gather and why data is being gathered in the first place, the purpose is effectively defeated.

To be able to use OSINT and maximize its capabilities, security professional need to find “the signal in the noise,” so to speak. How these can be found can be done in many ways: standards when looking for fraudulent data, signs of a phishing email campaign, signs of a potential risk upon hiring employees, among other things.

OSINT systems, especially the automated ones, are not just “let loose and see what happens.” They need to be fed the right information. They need to be trained to know what to look for over and over again.

The system cannot simply learn on its own. It needs to be given a path with reproducible, vetted positives and negatives so that it can start to identify patterns on its own.

Of course, looking for them is just one piece of the puzzle. The next is to curate and analyze them in such a way that makes sense. One can make use of tools and services like those given in part 2 to complete the puzzle and assess the various risks in an organization and triage them according to the level of risk of the findings. 

Education is the Key

Perhaps the best way to utilize OSINT findings in an organization from a security perspective is to educate members. One can have the most sophisticated technical tools in the world, but by and large, people remain the weakest link. Hence why social engineering is the tool of choice to get things done.

A properly curated, analyzed set of information from OSINT data gives an organization a big picture of what is out there at a given time. This gives organizations the opportunity to educate members on what is normal (as a baseline) and what signs to look for that can make or break their organization.

 

The Takeaway: Be Proactive and Stay Ahead

Attackers are able to create weapons based on the information they gather through OSINT analysis. Each attack can be tailored to exploit specific weaknesses. The aim of attackers is to either act as someone that can be trusted or create a situation that is considered trustworthy to aid in achieving their goals.

Keeping this perspective in mind, it is the responsibility of the organization to be proactive and constantly monitor and search their OSINT data to stay ahead before issues become major headaches.

Remember, security professionals can have the best tools and the most comprehensive processes, but it only takes one exploited vulnerability for an attacker to achieve their mission.

 

References

http://www.securityweek.com/osint-alone-does-not-equal-threat-intelligence

https://brightplanet.com/2016/09/how-to-find-the-signal-in-the-noise-of-open-source-data/

https://umbrella.cisco.com/blog/blog/2015/10/21/the-more-you-know-osint-and-security/

http://www.zettacloud.ro/portfolio/intelligent-data-analytics/

http://www.basistech.com/solutions/government/osint/

Samantha Cruz
By: Samantha Cruz, Feb 23, 2018

Samantha Cruz is a Cyber Operations Researcher at Horangi specializing in cyber research and security tool development. Before joining Horangi, she has worked for Trend Micro as a security analyst and engineer.

TwitterFacebookLinkedIn

Subscribe to the Horangi Newsletter.

Hear from our Horangi tech experts as we go deep into up-and-coming cyber threats, new solutions, and talk about the future of cybersecurity.