New threats now emerge from surprising places. All of which makes the job of the modern security professional quite complex. So to get the upper hand, businesses have started to invest in new open source intelligence platforms.
After all, it’s far cheaper to proactively spot and mitigate risks than to respond to an unexpected event after the fact.
Open Source Intelligence Basics
Open source intelligence, or OSINT, refers to collecting information from public sources to provide insights for decision-makers.
Technically, this information could come from any open source like books or magazines. In reality, however, analysts nowadays conduct most of their tradecraft online.
In the private sector, leaders exploit OSINT insights to safeguard people and property. And teams use OSINT to complete many corporate security functions. Common applications include executive protection, travel security, and crisis response.
Obviously, most firms can't scan the web 24/7. So to tackle this challenge, security teams use open source intelligence platforms. These technologies automate data collection and analysis. And by mixing and matching the right tools, they can go a long way toward mitigating risk.
Right now is a great time to invest in an open source intelligence platform. But what should you consider when evaluating your options? We have highlighted seven considerations security experts recommend you address.
1. Does it offer comprehensive coverage?
The math behind building any social media monitoring program is simple. The more data sources you track, the less likely you will overlook a threat.
Any open source intelligence solution must go beyond scanning the most popular sites. Additionally, tools must also keep tabs on lesser-known corners of the net, such as chan boards, dark web forums, and alt-tech communities. High-quality OSINT platforms may also include their own proprietary threat intelligence feeds.
Furthermore, users migrate from site to site over time. And the threat landscape can change in the blink of an eye. Vendors must update their platforms frequently to adapt to a changing online environment. Otherwise, security teams could overlook threats to their business hidden in plain sight.
2. Does it fit within your organization?
Small businesses can often make do with a simple, inexpensive open source intelligence platform. Enterprise clients, in contrast, usually have a big physical footprint. That means more assets, employees, and customers to defend. So such businesses likely need to invest in a more robust OSINT solution. Though the best OSINT platforms are the ones that can support teams as they grow and navigate a complex threat landscape.
3. Is it customizable?
If you oversee a small hospital, you won't get much value from a tool designed for a global oil company. Different sectors face different threats. So the best software solution will need to consider your industry's specific needs.
But even general industry information isn’t focused enough. Any intelligence solution should be customizable. And they must allow users to scan for threats targeted at their organization.
4. Does it address alert fatigue?
The sheer amount of content online can overwhelm analysts. An open source intelligence platform needs to filter unrelated posts and false positives.
Moreover, an effective OSINT solution should allow analysts to investigate content. Most software tools simply aggregate data. Or perhaps these systems allow users to run keyword queries to flag posts. But only by connecting data points through investigations can you derive actionable insights.
5. Does the company offer adequate customer support?
Beyond the software itself, you should also consider the vendor behind the technology. Do they offer any training and support beyond the initial onboarding? Do they respond quickly to any unexpected problems? Are they willing to train new members that join your team? Asking these questions can serve as a tie-breaker when evaluating two similar tools.
6. What is the system’s crawl time?
Some security teams piggyback off the marketing department’s social media monitoring tools. In theory, that allows you to gather intel online without investing in a new system. Unfortunately, these marketing applications often have slow crawl times. Or in other words, they only pull data in from sources every few hours.
Marketers generally don’t care about this problem. They rarely need real-time data. But for security teams, slow crawl times can cost responders precious minutes in a crisis.
To address this issue, consider tools designed with security teams in mind. These usually have faster crawl times and a wider breadth of coverage.
7. Does the platform have a simple, intuitive user interface?
Vendors often design their software with the advanced OSINT analyst in mind. In the hands of a skillful user, these tools can represent a real force multiplier.
But such byzantine systems also come with a high learning curve. For your organization, that means investing days or weeks in onboarding employees. It can also make it tough to replace an experienced analyst if they leave your firm.
A good solution, therefore, should have a simple user interface. That means more than a pretty dashboard on the GSOC wall. An intuitive design can slash the time your organization spends on training.
The Final Word on Open Source Intelligence Platforms
The faster you can identify a risk, the better you can protect your organization. To get ahead of threats, leaders are turning to open source intelligence platforms.
Of course, a software tool will never represent a ‘silver bullet’ for any security program. But these technologies can go a long way towards keeping your people and property safe.