Threat Intelligence Blog

open source threat intelligence

As hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. incidents such as the U.S. government’s Office of Personnel Management (OPM) data breach[1] continue to dominate the news, many companies are taking note and ramping up their cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. protocols. However, what is often overlooked is the online or cyber component of an organization’s physical security strategy, including executive protection. The role of threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... here can be just as critical as it is in the more headline-grabbing areas of cyber risk.

Our Vice President of Product Strategy Eric Olson and Vice President of Cyber Security James Carnall hosted a webinar on this topic last week. In case you missed it, here’s a brief recap.

Scoping Your Intelligence Needs

Priorities and responsibilities will vary based on your organization, but a typical physical security portfolio will often include:

  • Disaster preparedness
  • Emergency response and evacuation
  • Employee safety
  • Environmental risks
  • Executive protection
  • Facility security
  • Investigations
  • Infrastructure/Asset protection
  • Physical access control
  • Situational awareness

The first step in evaluating the value and applicability of threat intelligence stems from defining your priorities and assessing your risk profile in different areas. For example, energy producers may have significant concerns around assets and employees in far-flung locations, whereas a hedge fund might be primarily focused on the physical safety of a few key individuals and their families. Understanding your priorities, and allocating resources correctly, is a key first step to understanding where and how to best apply open source threat intelligence.

Types of Open Source Data

There are many types of open source data, ranging from global news, search accessible sites, and social media, to the deep and dark web. Information can also be gathered via public record and aggregator sites, through government data feeds, and non-web sources such as Internet relay chatrooms (IRC).

Let’s take a moment to discuss some details here, as there is much confusion about what exactly defines the deep webDeep Web: A section of the World Wide Web that is sometimes referred to as the ‘Dark Web’ containing pages that are typically inaccessible and not discoverable to search engines. Includes web site pages that are password-protected, dynamic pages and encrypted networks. LookingGlass Cyber (n)- a hard to reach part of the Internet that requires expertise, skill, and special programs. The “don’t try this at home” portion of the Internet. and the dark web. By our definition, these are not the same thing at all, though they are sometimes treated interchangeably. The deep web, while hard to find unless you know the specific URL of your destination, is publicly accessible. It houses what some estimates say are up to 75 percent of public web content that is open but is not indexed by search engines. The dark web, also known as Darknet, is one step beyond that, and can only be reached with specific tools such as a special browser or client software. This includes Tor/.Onion sites, and I2P. The dark web is the hardest for white hats – computer security experts – to monitor.

Six Things You Can Do Right Now

Once you’ve determined your organization’s needs and which sources are best for intelligence gathering, it’s time to put that information to work. Here are some best practices for implementing threat intelligence to enhance your physical security program:

1. Assess online exposure – What are your employees’ online footprints? Where are the biggest areas for potential issues? For example, do you have key executives who are very active on social media?

2. Claim online real estate – Don’t be like Carly Fiorina[2]. Register personal domainDomain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website. names of key executives, as well as brand names in relevant generic top-level domain (gTLD) and country-code top-level domain (ccTLD) extensions before a threat actor or detractor does.

3. Expunge personal data – Hide or remove online personal data that may appear on sites like Spokeo or social media accounts that might be open to anyone to view.

4. Limit sharing – Check device and account settings to minimize data you may be unintentionally providing to the public, such as geolocation data for photos, or sharing detailed personal information such as travel plans on social media.

5. Educate executives and their families – Family members, especially teens, are the most common source of problems for executives. In one case, a well-known CEO’s security precautions were foiled by their teen daughter’s postings on Instagram, which revealed where the family was vacationing to a wide audience.

6. Visualize the data – Represent your intelligence in an understandable and easy-to-digest form. This could be via maps in your Security Operation Center, or through an online platform that incorporates multiple data feeds and sources.

With all of the different sources available for information gathering, both on and off the Internet, companies need tools that help them efficiently aggregate, asses, and comprehend all of the data. LookingGlass’ Cyber Threat Center provides an easy-to-use platform that combines all of the necessary tools for physical and cyber security threat intelligence.

By: Alyssa Shames


You May Also Be Interested In…


[1] http://www.federalnewsradio.com/520/3878568/OPM-reveals-new-details-about-data-breach-victims
[2] http://www.politico.com/story/2015/05/carly-fiorini-website-domain-name-117600.html

Additional Posts

LookingGlass Weekly Cyber Security Trends Report: June 30, 2015

Welcome to the Cyveillance Weekly Cyber Security Trends Report Since threat intelligence is ...

LookingGlass Phishing Report: Top Targets – June 29, 2015

  Phishing Report: Top Targets Week of June 21 - 27, 2015 Author: Robert McDaniel   This ...