Threat Intelligence Blog

open source threat intelligence

As hacking incidents such as the U.S. government’s Office of Personnel Management (OPM) data breach[1] continue to dominate the news, many companies are taking note and ramping up their cybersecurity protocols. However, what is often overlooked is the online or cyber component of an organization’s physical security strategy, including executive protection. The role of threat intelligence here can be just as critical as it is in the more headline-grabbing areas of cyber risk.

Our Vice President of Product Strategy Eric Olson and Vice President of Cyber Security James Carnall hosted a webinar on this topic last week. In case you missed it, here’s a brief recap.

Scoping Your Intelligence Needs

Priorities and responsibilities will vary based on your organization, but a typical physical security portfolio will often include:

  • Disaster preparedness
  • Emergency response and evacuation
  • Employee safety
  • Environmental risks
  • Executive protection
  • Facility security
  • Investigations
  • Infrastructure/Asset protection
  • Physical access control
  • Situational awareness

The first step in evaluating the value and applicability of threat intelligence stems from defining your priorities and assessing your risk profile in different areas. For example, energy producers may have significant concerns around assets and employees in far-flung locations, whereas a hedge fund might be primarily focused on the physical safety of a few key individuals and their families. Understanding your priorities, and allocating resources correctly, is a key first step to understanding where and how to best apply open source threat intelligence.

Types of Open Source Data

There are many types of open source data, ranging from global news, search accessible sites, and social media, to the deep and dark web. Information can also be gathered via public record and aggregator sites, through government data feeds, and non-web sources such as Internet relay chatrooms (IRC).

Let’s take a moment to discuss some details here, as there is much confusion about what exactly defines the deep web and the dark web. By our definition, these are not the same thing at all, though they are sometimes treated interchangeably. The deep web, while hard to find unless you know the specific URL of your destination, is publicly accessible. It houses what some estimates say are up to 75 percent of public web content that is open but is not indexed by search engines. The dark web, also known as Darknet, is one step beyond that, and can only be reached with specific tools such as a special browser or client software. This includes Tor/.Onion sites, and I2P. The dark web is the hardest for white hats – computer security experts – to monitor.

Six Things You Can Do Right Now

Once you’ve determined your organization’s needs and which sources are best for intelligence gathering, it’s time to put that information to work. Here are some best practices for implementing threat intelligence to enhance your physical security program:

1. Assess online exposure – What are your employees’ online footprints? Where are the biggest areas for potential issues? For example, do you have key executives who are very active on social media?

2. Claim online real estate – Don’t be like Carly Fiorina[2]. Register personal domain names of key executives, as well as brand names in relevant generic top-level domain (gTLD) and country-code top-level domain (ccTLD) extensions before a threat actor or detractor does.

3. Expunge personal data – Hide or remove online personal data that may appear on sites like Spokeo or social media accounts that might be open to anyone to view.

4. Limit sharing – Check device and account settings to minimize data you may be unintentionally providing to the public, such as geolocation data for photos, or sharing detailed personal information such as travel plans on social media.

5. Educate executives and their families – Family members, especially teens, are the most common source of problems for executives. In one case, a well-known CEO’s security precautions were foiled by their teen daughter’s postings on Instagram, which revealed where the family was vacationing to a wide audience.

6. Visualize the data – Represent your intelligence in an understandable and easy-to-digest form. This could be via maps in your Security Operation Center, or through an online platform that incorporates multiple data feeds and sources.

With all of the different sources available for information gathering, both on and off the Internet, companies need tools that help them efficiently aggregate, asses, and comprehend all of the data. LookingGlass’ Cyber Threat Center provides an easy-to-use platform that combines all of the necessary tools for physical and cyber security threat intelligence.

By: Alyssa Shames


You May Also Be Interested In…


[1] http://www.federalnewsradio.com/520/3878568/OPM-reveals-new-details-about-data-breach-victims
[2] http://www.politico.com/story/2015/05/carly-fiorini-website-domain-name-117600.html

Additional Posts

LookingGlass Weekly Cyber Security Trends Report: June 30, 2015

Welcome to the Cyveillance Weekly Cyber Security Trends Report Since threat intelligence is ...

LookingGlass Phishing Report: Top Targets – June 29, 2015

  Phishing Report: Top Targets Week of June 21 - 27, 2015 Author: Robert McDaniel   This ...