Structuring the Unstructured: Using a Converged Security Operations Console and Integrated Research to Better Evaluate Threats

In my last post I discussed why it’s important for security teams to have the right data structure in place to gain more visibility of potential threat signals. Whether you’re missing information because of not knowing where to look, not having the right tools in place, or because you’re inundated with noise, it’s easy for intelligence to slip through the cracks.

Even when you have the right data sources in place to surface relevant intelligence, if you don’t have additional tools in place to connect the dots, you only have visibility of a portion of your threat landscape.

Identifying a suspicious or threatening online post is important, but so is conducting further research on the individual behind the post. Having the ability to perform background checks, uncover public records, identify additional Personal Identifiable Information (PII) and perform link analysis on individuals and their associates will provide the information needed to better assess a threat.

Imagine being able to do both – uncover relevant online content and perform additional investigative research – in the same place.

A Connected View

It’s one thing to know that @JaneDoe is posting threats online about your company and CEO. It’s another to know that:

She has been posting online about your business for months;

She has a residential address that matches that of a former (disgruntled) employee;

She has been arrested multiple times in the past for aggravated assault;

She recently was charged with a DUI <1 mile from your HQ.

Take this example from an Ontic client – a large, high-profile-led nonprofit organization. The security team identified a woman who made a threat against the high-profile leader on an obscure conspiracy theorist website that described a plan to hurt him at the nonprofit headquarters. The team used Ontic to further investigate the woman and found out that she was on other conspiracy theory websites writing that the police were “out to get” her. This prepared the team for how to best approach the situation.

By connecting your situational awareness tools with your research suite, your team can swiftly obtain enough information (often within seconds) to know if a threatening social media post can be ignored or if it’s necessary to issue a Be On The Lookout (BOLO) and gather the behavioral threat assessment team.

When security teams are enabled with technology, they become more aware of Persons of Interest (POIs) and threats they may not otherwise have on their radar, and they can be more prepared to handle those threats should they actualize.

Explore Now

See how Ontic’s Integrated Research solution can help you better evaluate threats