Posted June 11, 2015
Threat analysts often spend hours a day sifting through news articles, blogs, and social media to create situational awareness reports for their organizations. These reports often cover a mix of physical threats, such as protests and public events, and cyber threats, including data breaches, distributed denial of service (DDoS) attacks, vulnerabilities, and patches.
Given that this is an important but often mundane task, how can analysts reduce the time they spend gathering information so they have more time to create better reports? Two new enhancements to the Cyveillance Cyber Threat Center™ are designed to solve this problem and improve intelligence gathering for researchers, analysts, and other security professionals. The first is expanded Global Intelligence capabilities, which we will review today, and the second is Content-based Image Retrieval (CBIR), which we will discuss in a future post.
The Cyber Threat Center’s Global Intelligence function collects information on potential physical and cyber threats across multiple industries. This information can be filtered by industry, timeline, incident type, and threat actor, and then aggregated into a calendar and map view. Each article is summarized and has a link to the external source.
Exportable Calendar & Mapping Platform
All captured information is represented in both an exportable calendar and a threat map. Analysts can download the calendar’s .ICS file to integrate with their personal calendars, giving them an easy way to monitor events. Alternatively, a threat map provides a visual means to see where events are taking place, with each event shown as a “pin” on the map. Both views are interactive and allow for individual events to be clicked on to see more details. In addition, there is an option to create a PDF file so you can easily share information with others in your organization.
Putting Global Intelligence to Work
Let’s say you are in charge of global physical security for SuperDuperFuzzBuzz™, a successful pet merchandising company that just launched a billion-dollar campaign for a self-walking dog leash, FastwalkFido™.* You’re preparing to launch FastwalkFido in three different provinces in China, and want to research upcoming risks in these regions that could cause delays or problems. You log into the Cyber Threat Center, navigate to the Global Intelligence tab, and filter your search to show all news articles about events happening in China that month. You also use the filters “physical security” and “retail” since you want to know about all protests and other physical security issues that are occurring at launch time.
Once the search is completed, you can view all flagged events on the calendar and map, and scan the article headlines and summaries for any potential risks. You then export the calendar .ICS file to your Outlook so you can receive up-to-date alerts for each event. You also take a look at the map and double-check that the threat locations are nowhere near your launch locations. Within five minutes you know that it’s safe to launch the product in these regions. To wrap up, you export this information into a PDF file and roll it up to company executives.
You saved a lot of time by not having to research each individual event, and double-checking locations and dates against the product release locations and dates. Instead of this research taking days, you completed it less than an hour.