Introducing Digital Security Applying Intelligence to Cybersecurity blind spots.

Introducing Digital Security: Applying Intelligence to Cybersecurity blind spots

Like most things related to security and risk management, Intelligence Methodology follows a systematic process with well-defined steps and rules. Let’s see some of the steps and the types of Intelligence applied to cyber security.

Defining Objectives: It is essential to determine the objectives and goals so the intelligence product results in actionable knowledge to progress in the security work.

Defining Assets to be Protected: Similarly, as in the information security process, defining the assets to be protected is crucial. In cyber-intelligence, the assets are determined by attributes; this is how to model them. We could call this an inventory, and as part of the inventory, we categorise the assets and their attributes by risk level.

Defining taxonomies: Taxonomies are a set of terms that help to structure the data gathered in the process. The data-gathering process results in a massive amount of unstructured data from all over the internet. Taxonomies will allow us to structure the data.

Defining Sources: it is important to define the data sources to gather as much relevant data as possible with high trust and accuracy. We can group types of Intelligence depending on the nature of the sources:

    1. OSINT: Open-source Intelligence relates to all the sources on the open web, meaning the indexed part of the web.
    2. DARKINT: Dark Intelligence relates to all the sources from the non-indexed web, such as deep and dark web, misconfigured databases, forums and black markets on the dark web etc.
    3. BREACHINT: Breach Intelligence relates to the data gathered from data breaches, the small and the big ones, as they can result in a lot of vulnerabilities such as new digital identities, mail addresses or passwords, among other relevant things.
    4. HUMANINT: Human Intelligence relates to human vulnerabilities based on the risk type, knowledge, awareness, and impact of the role of an individual in an organisation. Mostly this Intelligence is developed through conducting interviews with individuals. In Sally, we automatised this process using chatbots based on AI and ML to gather this data more effortlessly and time effectively. Please get in touch with us at hello@iamsally.io if you want more information.

Gathering data: Once all the above has been defined, the data gathering process can start by looking for the data across the internet. This can quickly result in a considerable amount of data that must be processed.

Structuring and categorising the data: Due to using taxonomies and defining assets, data can be processed by big data capabilities. At the same time, machine-learning algorithms and AI look for hidden relationships between the data documents gathered and processed to present the relevant data to the analysts.

Analysing the data: Human Intelligence analysts control the data presented to :

  • Eliminate false positives.
  • Work deeper into some of the data to produce intelligence products to achieve the goals defined at the beginning of the methodology.

Dissemination of intelligence products: The different intelligence products should be packaged in different ways and made available for the relevant people and teams in the organisation.

As can be seen, Intelligence is a systematic way of working following a well-defined process that needs to be reviewed from time to time or each time a new objective is included in the process. There are, however, some essential requirements and ways of thinking that should be considered when starting an Intelligence Program:

– Data is the key to the quality of the process: The importance of the accuracy and quality of the data and the quantity of relevant and unique data is key to producing high-quality actionable Intelligence Products. The importance of this can never be underestimated in intelligence methodology. Therefore:

  • Defining the objectives and goals for the Digital Intelligence Process is vital to determine the kind of data that must be gathered.
  • The definition of the proper taxonomies for the relevant goals will increase the equality of the products.

– Access to privilege and relevant data is as well a critical point. It is mandatory to check the kind of data the solutions have access to.

  • The knowledge about relevant sources must be secured from the very beginning.

– Structuring and categorising the data in an automatised way will secure the production time of the intelligence products and avoid much noise generated by insufficient data processing. Big Data capabilities, Machine Learning and AI should be implemented in the solution to short time to production and secure quality.

– The last requirement to consider is finding good analysts that can give the last intelligence touch to the product adding Human Intelligence to discard false positives and point out areas to dive deeper into starting investigations.

– In the implementation process and as a direct consequence of the objectives and goals, disseminating the product inside the organisation is crucial to take advantage of the intelligence products.

A Digital Intelligence Security Program is a systematic way of working with a data-driven security approach to reduce the risk exposure of the company assets in the digital world for early prevention of security incidents before they reach the organisation’s perimeter.

In other words, we could say that Digital Intelligence Security Program is a possible implementation of the “Prevent Breach” strategy that complements the traditional “Assume Breach”.

Sally offers actionable data-driven intelligence insights for different levels of security of the company aiming to introduce all the benefits of Intelligence without investing in tools, people, and data upfront. It is a first step into data-driven digital security and an easy and affordable way to enjoy all its benefits.