DOE AGORA Qualquer valor

O que as empresas precisam saber sobre inteligência de código aberto

What Businesses Need to Know About Open Source Intelligence

What Is Open Source Intelligence?

Open source intelligence, or OSINT, refers to information derived from sources available to the general public. Here’s how the U.S. Department of State defines it:

Open source intelligence tools

While it’s easy to think about OSINT as the words or pictures seen on a website or in a social media post, its scope is far greater. Created in 2016, the OSINT Framework provides a helpful overview of the breadth and depth available to researchers and analysts, ranging from usernames, phone numbers, and email addresses to transportation records, public registries, and the global terrorism database.

  • Usernames
  • Email addresses
  • Telephone numbers
  • Social media posts (e.g. Facebook, Twitter, LinkedIn, Instagram, TikTok)
  • Metadata (social media content, images, video, etc.)
  • Blogs, forums, and message boards (e.g., Reddit, Craigslist, 4Chan)
  • Digital and print media
  • Academic research and journals
  • Public records (courts, law enforcement, etc.)

Passive vs. Active OSINT

Given the sheer volume of information publicly available on the web, there’s no shortage of OSINT available to researchers and analysts. However, there are limits to what researchers can access without taking some proactive steps — whether it be creating an account to access specific social media platforms or being invited to specific moderated communities, such as invite-only groups, messaging services, subreddits, or message boards. Depending on the techniques used to collect the information, it is considered either passive or active OSINT.

History of OSINT

There is some debate about the origins of OSINT, but the concept of monitoring and leveraging publicly available information sources for intelligence purposes dates back to at least the 1930s. At the time, the British government asked the British Broadcast Corporation (BBC) to launch a new service that would capture and analyze print journalism from around the world.

Image Credit: BBC

OSINT for Cybersecurity and Physical Threat Detection

While governments and intelligence agencies continue to use OSINT for a variety of purposes, its origins in the private sector can be traced back to the 1980s. Today, OSINT is used by companies of all sizes to both reduce risk and inform decision-making. Examples include:

Monitoring emergencies and developing events

When it comes to emergencies and other potentially disruptive events, a fast and effective response can be the difference between a positive or tragic outcome. Used effectively, OSINT can help security and business continuity leaders identify emergencies as they happen, providing timely information to employees in harm’s way before they are impacted.

Investigating security incidents

Corporate security teams commonly use OSINT when investigating or responding to reported security incidents such as active shooter situations, suspicious activity, bomb threats, and more. Once the situation is reported, security teams may use OSINT to verify critical details such as the location or time an incident occurred or provide the most up-to-date information about rapidly developing events on the ground.

Detecting data breaches and cyber threats

OSINT can help companies quickly detect when sensitive company information is discussed or published on dark web message boards or forums, helping security teams investigate breaches and learn about the vulnerability hackers may have exploited to access the information.

3 Reasons OSINT Alone Falls Short

While open source intelligence is a well-established field with countless applications, the majority of organizations are ill-equipped to navigate the ever-changing field of OSINT on their own. From navigating legal and ethical debates around OSINT data collection to the extensive human and financial resource requirements to effectively monitor online conversations and world events 24/7/365, there are many reasons why organizations might find themselves unsuited to this approach to risk monitoring. Below are some of the ways that OSINT falls short.

Reason #1: OSINT data collection is highly time-consuming

While collecting OSINT data is far simpler now than ever before, making sense of it remains a highly specialized skill set requiring years of training. Unfortunately, due to the volume of data generated every day, OSINT analysts must sift through copious amounts of information from a wide range of sources to piece together a coherent story about what’s actually happening at any given time in a given location. Meanwhile, if the situation is urgent — such as in an emergency or business-critical event — the time required to gather and analyze the information may be longer than the time in which the organization can take meaningful action to alter the outcome, thus calling into question the value of the collection process itself.

Reason #2: OSINT is noisy and difficult to filter

In addition to consuming significant time, the need to constantly monitor, search, and filter voluminous troves of available information to identify relevant insights is tedious for even trained analysts. While AI, machine learning, and other specialized tools help researchers parse information faster, it is challenging for any sized organization to quickly identify all critical, time-sensitive events as they happen. This is particularly true for multi-location businesses tasked with monitoring hundreds of distinct facilities or thousands of remote employees.

Reason #3: Unverified OSINT can’t always be trusted

False positives are another primary concern within the OSINT community. For example, last year, a video of a woman in Singapore rejecting the country’s COVID-19 mask mandate went viral. Shortly after, the woman in question was taken into custody by local police; however, various internet figures took it a step further, identifying her as the CEO of a digital security firm based on publicly available information — reports that turned out to be false. Unfortunately, the misinformation resulted in her company and its employees having to endure both damage to the company’s brands and personal threats before the initial reports were corrected.

4 Things to Look for in a Threat Intelligence Tool

Fortunately, there are several ways organizations can leverage the benefits of OSINT to improve situational awareness and aid decision-making without hiring a dedicated team of analysts to comb through the data. Many are turning to purpose-built threat intelligence solutions that make use of OSINT data while also providing a layer of curation and verification in order to provide businesses a cleaner, more actionable view of what’s happening.

Speed

Whether you have a small security team or a large GSOC, it’s crucial that you know about critical events that pose a risk to your employees or business as quickly as possible. When assessing tools, be sure to ask how intelligence is delivered and how easily it can be operationalized to alert those in harm’s way. Is threat intelligence offered 24/7/365? Can it be integrated with your organization’s mass notification system to streamline response workflows? Activating your emergency response isn’t only about the speed at which information is delivered, it also requires having a mechanism to share it with those impacted.

Depth and breadth of coverage

Make sure any potential provider offers both around-the-clock monitoring as well as comprehensive coverage of a wide range of threat types. What type of incidents are captured? What data sources are used? Does the provider cover all major geographies? Use this information in conjunction with a business continuity checklist to understand if there are any gaps in your preparedness efforts that need to be addressed before moving forward.

Noise-free, accurate information

If the phrase “drinking from a fire hose” came to mind reading about the volume of data created every day, you’re not alone. Trying to monitor and make sense of everything posted on the web — even if you only monitored a fraction of available data sources — is guaranteed to leave your organization overwhelmed with little more insight than had you done nothing at all. How does your provider analyze and filter information? What parameters are used to determine relevance? How does the provider differentiate between unverified and verified sources? Consider requesting a demo to see real-world threat alerts around one of your locations so you can independently assess whether the information provided is adequate.

Location-aware risk assessments

Moving from raw information to actionable intelligence is all about context. In order for organizations to truly understand the impact of threats, they must also understand if, how, and to what extent each threat poses a risk to their people, facilities, and assets. Be sure to ask potential threat intelligence providers how threat data is married with location intelligence? Do they support real-time data syncing with your HRIS? How does the solution account for threats occurring near remote employees or business travelers?

Addressing Information Overload

With an entire world’s worth of information available at our fingertips, learning how to parse and interpret it becomes all the more important. Using OSINT as part of a holistic approach to threat intelligence and monitoring can help your organization reduce risk and keep employees safe during emergencies and other critical events.

Comentários

Ebook

Postagens mais visitadas