Why Context Can be a Game Changer for Your Cybersecurity Program
As a manager of a Security Intelligence Center (SIC), I can say first hand that few things are more frustrating than investing in a cybersecurity product that fails to deliver what your security team truly needs to be successful when it comes to true situational awareness.
Within a security setting, situational awareness is often defined as knowledge and understanding of the current environment that supports timely, relevant, and accurate assessment of friendly and enemy operations.
Situational awareness is pivotal in operationalizing data to improve an organization’s cybersecurity posture. Situational awareness tools should ideally provide context around the data alerts of an attack or potential attack. This context is what informs strategic countermeasures that ultimately protect data, critical infrastructure, and key resources.
Social Media Poses a New Threat to Cybersecurity
Today, employees, and sometimes organizations, unwittingly post information to social media sites that provide enough detail to an adversary to quickly and efficiently breech a company’s network. For example, an online job posting for a technical position may list specific network hardware, software, or cybersecurity infrastructure details. The aggregation of this information exposes companies’ vulnerability landscape and enables adversaries to effectively plan and even test their attacks in a simulated environment before they carry it out. By the time the adversary conducts the actual attack, they have an extremely high level of confidence that it will be a success.
Wouldn’t it be useful to know if your own organization was leaking secure information through social media?
Organizations have used services that retrofit social media aggregating tools, originally designed to determine user sentiment, to gain situational awareness. While these marketing tools are effective for hearing what customers think about a product, their inability to pair the data with threat intelligence (i.e. adversary tactics, techniques and procedures (TTPs)), provides organizations with little to no added situational awareness, and zero return on their investment.
How to Bring Context to Your Cyber Threat Environment
To be truly effective, security operations centers (SOCs) need top-drawer, anticipatory intelligence pertinent to their organizations that delivers context surrounding threats. By using a best-in-class cybersecurity tool, such as Leidos Open-Soure Intelligence (OSINT) technology, that incorporates intelligence from sources like social media sites provides a wider span of context into an organization’s actionable intelligence model. This capability becomes a game-changer when paired with the ability to incorporate sector and cross-sector knowledge concerning cyber-threat trends, and filter that intelligence down to the TTP level to prevent or avoid attacks in the first place.
Our Cyber Threat Analysis service is the only strategic service that produces anticipatory intelligence and relevance. By incorporating open source information feeds, like social media, that are often outside of an organization’s line of sight, OSINT technology provides organizations with the situational awareness they need to effectively defend themselves for today’s cyber threats.