Structuring the Unstructured to Better Evaluate Known and Unknown Threats
Known threats can be easy to identify. They’re the pieces of information already on your radar: Employee-related incident reports, information obtained from open or closed investigations, events being planned, and known persons of interest (POIs).
Unknown threats can be much harder to uncover, especially if you don’t know where to look or if you don’t have the right tools and processes in place.
The suspicious vehicle circling your campus. The threatening phone call about an executive. Those conversations happening online on the deep and dark web. The current conditions in a location where a key executive is traveling.
The detection of unknown threats often requires a combination of tools and collaboration to uncover and put meaning and weight to them.
With an increasing number of threat sources, it’s important that teams have the data structure to gain more insights from a risk assessment. There’s a higher likelihood of missing key pieces of information when signals are disconnected. At the end of the day, you might be asking yourself:
Did I leave a stone unturned?
Are all my tasks completed?
Did I properly address all the signals that needed my attention?
Can I be doing anything else to ensure that I have the best possible picture of the potential threat landscape?
A lack of confidence. Missed signals. Limited visibility. The solution? One central destination for your risk mitigation program. A place to store data, collect research, and investigate known and unknown threats. A place for cross-functional collaboration and communication for the security team and across the organization. A full picture of the threat landscape tied to actionable workflows for a coordinated response.
An Integrated Approach to Known Versus Unknown Threats
The key to having the full picture of any known threat versus unknown threat is an integrated approach that helps you structure the unstructured data. Tools, technology, and systems provide a central location to properly track known threats and manage a case over time. This, in turn, makes the internal and external unknown threats more manageable by offering additional context to review for patterns or anomalies within the data.
But what are the sources that help you gain an end-to-end security view and ensure your team has all they need in one place for protection against unknown threats?
- Proactive, real-time threat monitoring: Social media, dark web, and active events.
A complete view of the online conversations pertaining to a principal, facility, asset, or event that brings together near real-time and historical data from social media, the dark web, news, weather, and interactive maps. - Integrated research: OSINT, public, criminal and civil records, adverse media
Direct data connections and consolidation of research tools for identity, public records, arrests, incarcerations, release, civil records, federal court records, curated negative articles, sex offender registries, and terrorist watch lists. - Structured assessments: Threat assessment and management methodology
Integrated threat assessment tools, like the Ontic Threat Assessment and WAVR-21, let you drive specific data-driven processes to identify, score, and understand the level of concern with known and unknown threat actors and follow a standardized, defensible process while doing so. - Connected devices: Cameras, access control systems
Get timely visibility and alerts with a seamless connection to your device systems to cross-reference and verify data for proactive facility protection. - Internal Systems: CRM, authentication tools, issue tracking, HR systems
One or two-way communication between systems and tools across the organization helps your team connect the dots using historical and real-time information.
Looking for a deeper dive into each of these sources and recommended best practices for centralizing and structuring the unstructured threats in your ecosystem? Check out part two of this blog series and dig into the study of unknown threats in cybersecurity and physical security.