Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

The value of open source intelligence tools to enterprises

Expert Joseph Granneman offers advice to enterprise security teams on using open source intelligence tools to learn about potential threats.

Open source intelligence has been generating a lot of chatter recently, and as a CISO, I'm curious whether I should have my IT team devote any significant time or resources toward researching activity on social media and online blogs. Do you think monitoring such sources is a good idea? If so, what limitations should be placed on such programs?

It may seem counterintuitive to most CISOs that the greatest source of information about current security threats is actually freely available on the Internet. Executives have grown accustomed to paying for services that pull together threat information from many different sources and provide succinct summaries. But this type of information gathering is time intensive and slow. CISOs often find themselves reviewing information about threats that are several weeks old and may have already penetrated their network defenses.

The Internet is well-suited for information collaboration. Cybercriminals and other black hat hackers have already figured this out and actively use the Web to distribute information. They will even post their victories on the Web through sites like pastebin.com. CISOs need to realize that they could be using these same communication channels to learn about potential threats to their organizations.

I rely heavily on these types of sources. I leave Twitter open on the side of my monitor and scan for any security news of interest. I tend to follow security researchers directly instead of companies because I want unfiltered information. Google alerts are another great way to find information about the latest threats as they evolve. Shodanhq.com is an invaluable tool for reconnaissance for your network, as well as trending attacks and popularly exploited configuration errors. Security podcasts can provide security intelligence for free on the morning drive.

CISOs should monitor how much time their team spends doing this type of research. There is no hard-and-fast rule, but monitoring Twitter won't typically affect employee productivity nearly as much as listening to a security podcast. Podcasts can be approached just like any other online training. You could schedule working lunches where you and your team listen to a certain podcast and discuss the impacts on your network security, for example.

Open source intelligence has many benefits and should be embraced by CISOs. The odds are against organizations because of the sheer number of evolving threats and the limited resources available for defense. When properly managed, open source intelligence can help even those odds and provide a cost-effective means to discover potential threats to your organization's network.

Ask the Expert:
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

This was last published in June 2014

Dig Deeper on Emerging cyberattacks and threats

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

today challenge is increasing in human environment of which it require the update of the research and finding of threat by the technician.therefore i request your consideration to sponsor me on line so that to share with you what you have gone through to anable me also teach the society here at home land in turkana community. on the issue of security.
it is long time we communicated through the net but since i was away for a short of time now i am available on the net. the cloud security it is one of the best and advanced group with the concept of the training on the net which