Structuring the Unstructured: Using a Converged Security Operations Console and Integrated Research to Better Evaluate Threats
In my last post I discussed why it’s important for security teams to have the right data structure in place to gain more visibility of potential threat signals. Whether you’re missing information because of not knowing where to look, not having the right tools in place, or because you’re inundated with noise, it’s easy for intelligence to slip through the cracks.
This is why it is imperative to deploy the right set of solutions that can automatically surface pertinent information from social media, the deep and Dark Web, news sources, government alerts, and weather warnings. These critical data sources help remove blind spots and enable your team to make informed decisions.
Even when you have the right data sources in place to surface relevant intelligence, if you don’t have additional tools in place to connect the dots, you only have visibility of a portion of your threat landscape.
Identifying a suspicious or threatening online post is important, but so is conducting further research on the individual behind the post. Having the ability to perform background checks, uncover public records, identify additional Personal Identifiable Information (PII) and perform link analysis on individuals and their associates will provide the information needed to better assess a threat.
Imagine being able to do both – uncover relevant online content and perform additional investigative research – in the same place.
A Connected View
It’s one thing to know that @JaneDoe is posting threats online about your company and CEO. It’s another to know that:
01
She has been posting online about your business for months;
02
She has a residential address that matches that of a former (disgruntled) employee;
03
She has been arrested multiple times in the past for aggravated assault;
04
She recently was charged with a DUI <1 mile from your HQ.
Take this example from an Ontic client – a large, high-profile-led nonprofit organization. The security team identified a woman who made a threat against the high-profile leader on an obscure conspiracy theorist website that described a plan to hurt him at the nonprofit headquarters. The team used Ontic to further investigate the woman and found out that she was on other conspiracy theory websites writing that the police were “out to get” her. This prepared the team for how to best approach the situation.
By connecting your situational awareness tools with your research suite, your team can swiftly obtain enough information (often within seconds) to know if a threatening social media post can be ignored or if it’s necessary to issue a Be On The Lookout (BOLO) and gather the behavioral threat assessment team.
When security teams are enabled with technology, they become more aware of Persons of Interest (POIs) and threats they may not otherwise have on their radar, and they can be more prepared to handle those threats should they actualize.
