Open source intelligence has been generating a lot of chatter recently, and as a CISO, I'm curious whether I should have my IT team devote any significant time or resources toward researching activity on social media and online blogs. Do you think monitoring such sources is a good idea? If so, what limitations should be placed on such programs?
It may seem counterintuitive to most CISOs that the greatest source of information about current security threats is actually freely available on the Internet. Executives have grown accustomed to paying for services that pull together threat information from many different sources and provide succinct summaries. But this type of information gathering is time intensive and slow. CISOs often find themselves reviewing information about threats that are several weeks old and may have already penetrated their network defenses.
The Internet is well-suited for information collaboration. Cybercriminals and other black hat hackers have already figured this out and actively use the Web to distribute information. They will even post their victories on the Web through sites like pastebin.com. CISOs need to realize that they could be using these same communication channels to learn about potential threats to their organizations.
I rely heavily on these types of sources. I leave Twitter open on the side of my monitor and scan for any security news of interest. I tend to follow security researchers directly instead of companies because I want unfiltered information. Google alerts are another great way to find information about the latest threats as they evolve. Shodanhq.com is an invaluable tool for reconnaissance for your network, as well as trending attacks and popularly exploited configuration errors. Security podcasts can provide security intelligence for free on the morning drive.
CISOs should monitor how much time their team spends doing this type of research. There is no hard-and-fast rule, but monitoring Twitter won't typically affect employee productivity nearly as much as listening to a security podcast. Podcasts can be approached just like any other online training. You could schedule working lunches where you and your team listen to a certain podcast and discuss the impacts on your network security, for example.
Open source intelligence has many benefits and should be embraced by CISOs. The odds are against organizations because of the sheer number of evolving threats and the limited resources available for defense. When properly managed, open source intelligence can help even those odds and provide a cost-effective means to discover potential threats to your organization's network.
Ask the Expert:
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Related Q&A from Joseph Granneman, Security Management
An IT security governance board is a key feature in security budgeting, but who makes up this body? Expert Joseph Granneman outlines the best ...continue reading
The security data breach public response times from Target and Neiman Marcus were noticeably different. Expert Joseph Granneman explains which one ...continue reading
Security staffing can be tricky, but talent can be found in unconventional places. Expert Joseph Granneman explains the pros and cons of hiring data ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.