Known threats can be obvious. They’re the pieces of information already on your radar: Employee-related incident reports, information obtained from open or closed investigations, events being planned, known persons of interest (POIs).
But what about unknown threats? The suspicious vehicle circling your campus. The threatening phone call about an executive. Those conversations happening online on the deep and dark web. The current conditions in a location where a key employee is traveling.
The unknown threats often require a combination of tools and collaboration to uncover and put meaning and weight to them.
With an increasing number of threat sources, it’s important that teams have the data structure to gain more visibility to potential threat signals. There’s a risk of missing key pieces of information when signals are disconnected. At the end of the day, you might be asking yourself:
- Did I miss a threat?
- Are all my tasks completed?
- Did I properly address all the signals that needed my attention?
- Can I be doing anything else to ensure that I have the best possible picture of the potential threat landscape?
A lack of confidence. Missed signals. Limited visibility. The solution? One central destination for your entire security program. A place to store data, collect research and investigate threats. A place for cross-functional collaboration and communication for the security team and across the organization. A full picture of the threat landscape tied to actionable workflows for a coordinated response.
The key to having the full picture is an integrated approach that helps you to structure the unstructured data. Tools, technology and systems provide a central location to properly track known threats and manage a case over time making the unknown threats more manageable and offering additional context to review for patterns or anomalies within the data.
But what are the sources that help you gain an end-to-end security view and ensure your team has all they need in one place?
- Proactive monitoring: Social media, dark web and real-time threat detection.
A complete view of the threat landscape in relation to a principal, facility, employee or event that brings together real-time and historical data from social media, the dark web, real-time news, weather and interactive maps.
- Integrated research: OSINT, public, criminal and civil records
Direct data connections and consolidation of research tools for identity, public records, arrests, incarcerations, release, civil records, federal court records, sex offender registries and terrorist watch lists.
- Structured assessments: Threat assessment methodology
Integrated assessment tools, like SIGMA and WAVR-21, that let you drive specific data-driven processes to identify, score and rank potential threats – and follow a defensible process while doing so.
- Connected devices: Cameras, access control systems
Get timely visibility and alerts with a seamless connection to your device systems to cross-reference and verify data for proactive facility protection.
- Internal Systems: CRM, authentication tools, issue tracking, HR systems
One or two way communication between systems and tools across the organization helps your team connect the dots using historical and real-time information.
Looking for a deeper dive into each of these sources and recommended best practices for centralizing and structuring the unstructured threats in your ecosystem and scaling your protective intelligence program? Check out part two of this blog series.
What threats might you be missing by managing focus across systems rather than bringing the full picture? Download our whitepaper, Level Up Your Threat Hunting Game: Creating Intelligence from Anomalies and Patterns, to learn the elements of threat hunting.