Q

The value of open source intelligence tools to enterprises

Expert Joseph Granneman offers advice to enterprise security teams on using open source intelligence tools to learn about potential threats.

Open source intelligence has been generating a lot of chatter recently, and as a CISO, I'm curious whether I should have my IT team devote any significant time or resources toward researching activity on social media and online blogs. Do you think monitoring such sources is a good idea? If so, what limitations should be placed on such programs?

It may seem counterintuitive to most CISOs that the greatest source of information about current security threats is actually freely available on the Internet. Executives have grown accustomed to paying for services that pull together threat information from many different sources and provide succinct summaries. But this type of information gathering is time intensive and slow. CISOs often find themselves reviewing information about threats that are several weeks old and may have already penetrated their network defenses.

The Internet is well-suited for information collaboration. Cybercriminals and other black hat hackers have already figured this out and actively use the Web to distribute information. They will even post their victories on the Web through sites like pastebin.com. CISOs need to realize that they could be using these same communication channels to learn about potential threats to their organizations.

I rely heavily on these types of sources. I leave Twitter open on the side of my monitor and scan for any security news of interest. I tend to follow security researchers directly instead of companies because I want unfiltered information. Google alerts are another great way to find information about the latest threats as they evolve. Shodanhq.com is an invaluable tool for reconnaissance for your network, as well as trending attacks and popularly exploited configuration errors. Security podcasts can provide security intelligence for free on the morning drive.

CISOs should monitor how much time their team spends doing this type of research. There is no hard-and-fast rule, but monitoring Twitter won't typically affect employee productivity nearly as much as listening to a security podcast. Podcasts can be approached just like any other online training. You could schedule working lunches where you and your team listen to a certain podcast and discuss the impacts on your network security, for example.

Open source intelligence has many benefits and should be embraced by CISOs. The odds are against organizations because of the sheer number of evolving threats and the limited resources available for defense. When properly managed, open source intelligence can help even those odds and provide a cost-effective means to discover potential threats to your organization's network.

Ask the Expert:
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

This was first published in June 2014
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

2 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close