Cyber intelligence and OSINT as part of corporate security
Iñigo Ladrón Morales
All organizations try to implement the most appropriate prevention and protection measures that are within their reach due to capacity, resources, budgets, etc., thus protecting different infrastructures, systems, applications, or “sections” of his enormous (ever more) exhibition surface.
These will opt for software solutions, hardware, applications and services On-Premise I Cloud, of all types, self-managed and/or managed by third parties, to protect all possible fronts: antivirus / antimalware, EDRs (Endpoint Detection and Response), MDRs (Managed Detection and Response), firewall, IDSs (Intrusion Detection System), IPSs (Intrusion Prevention System), security protection solutions accessed, 2FA (Double Factor Authentication) and MFA (Multiple Factor Authentication), CASBs (Cloud Access Security Browker), backups, VPNs (Virtual Personal Network), certificates, protection of email, pentesting, awareness, SIEMs (Security Information and Event Management), etc.
However, many of them still do not have approximations to the intelligence, to the cyber intelligence, nor to the techniques OSINT (Open Source Intelligence), which, currently, are essential tools for research and tracking relevant information.
But, first, let's see what each of these concepts is: intelligence, cyber intelligence and OSINT.
The corporate intelligence It consists of a process through which a certain type of information is collected (that related to the objective we seek) that is subsequently reviewed and analyzed to increase knowledge and quality. This task concludes in the generation of a framework, context or better knowledge scenario, thanks to which (more and better information) better and more correct measures and decisions can be made. informed decisions.
In the case of the cybersecurity, the corporate cyber intelligence, the type of information collected and analyzed is that referring to data related to cyber threats, vulnerabilities, cyber attacks, malicious actors, etc. There cyber intelligenceTherefore, it is a specific area of the intelligence which focuses on the Cyberspace And in the cyber threats.
And, where is this information and how is it obtained? Information is located inside and outside the organization and is dispersed in certain “places", devices, computers, servers, databases, email, instant messaging services, third-party cloud, outsourced services, web pages on the Internet, the "Deep Internet” (Deep Web and Dark Web), social networks, operator infrastructures, etc., from which it must be obtained explicitly and with the most appropriate mechanisms or tools for each case.
This process and tools for collecting and obtaining information from all types of sources and publicly accessible sources, without violating any right or security measure in the process, is what is called OSINT (Open Source Intelligence O Open Source Intelligence).
In matters of OSINT and cyber intelligence, you must be scrupulous and cautious, especially when the information is obtained by accessing third-party systems, entities, administrations, organizations and companies, whose security should not be violated.
In that process OSINT and of cyber intelligenceTherefore, there are several stages:
- Determination of goals and requirements.
- Source Identification of relevant information.
- Collection of the information and contrast thereof.
- Prosecution of the information collected (formatting so that it can be analyzed).
- Analysis of the processed information.
- Intelligence. Information transformation worked on useful content for decision making. Report and conclusions.
- Repetition of the process or iteration, if necessary.7
Regarding the place, medium, mechanism, or channel to search, there can be an infinite number, depending on what we are looking for. Among them, the following:
- Search engines (Google, Bing, etc.).
- Domains and IPs (to get information about a certain domain, or a certain address IP, for example, used WHOIS an Internet).
- Social networks (search for users, accounts, profiles and their information in RRSS).
- Images and Videos (image analysis to identify places or people).
- Ports and Services (scan available/accessible ports).
- IP for geolocation (find out the place where a IP, a certain device).
- In the web (Internet content and the websites it hosts).
- HUMINT (Human Intelligence). It consists of the location and collection of information through human interactions, through people (employees, former employees, clients, users, suppliers, etc.), through conversations, questionnaires, etc. It also covers the search for information about people.
- SOCINT (Social Network or Media Intelligence). It consists of the location and collection of information from Social Networks and online services of all types, in search of malicious actors and illicit or illegal activities.
- IMINT (Image Intelligence). It consists of locating and collecting information from images and videos.
- GEOINT (Geospatial Intelligence). Consisting of the location and collection of information from physical location data, such as the origin of a cyber attack.
- SIGINT (Signal Intelligence). Consisting of the location and collection of information from electronic signals (radio, telephone, network monitoring, etc.).
Having this knowledge, to be able to work in OSINTIn addition, we must have special resources and tools. Some can be soaccessible" and "simple" Like the dorks from browsers like Google Chrome, Microsoft Bing I DuckDuckGo, with each of its commands, operators and search parameters.
Furthermore, as to Google Chrome refers, we have Google Images, which allows us to search for information, based on a certain starting image that we have indicated.
In addition to the operators in these search engines, there are many other specific professional tools for this type of work, such as:
- Social Links (to search, extract, analyze and display information from Social Networks, messaging and Dark Web).
- Shodan (to find machines and devices that are connected to the Internet, such as computers, mobile phones, servers, cameras and any other type of IoT device).
- Tinfole (for information via Twitter -now X-).
- Osintgram (for information via Instagram and analysis of accounts Instagram).
- Maltese (graph data and information collected).
- NextVision (search in the dark internet, Deep Web and Dark Web).
- Creepy (to extract information from social networks such as Twitter -now X-, Flickr, Facebook, etc. and also find physical locations).
- DNSDumpster (look for all the information about the domain that we indicate).
- On the Metagophy (extracts the metadata from a certain file that we indicate).
- SEAL (extracts office files related to, or found in, a certain domain that we indicate).
- IPinfo (returns information about addresses IPs as indicated).
As we said, these tasks require training, experience and specialized skills trained over time. In short, profiles that do not exist in most companies, but must be hired externally as specialist professional services.
In terms of security and cybersecurity, these professional and specialist services, can help companies:
- Detect threats that may affect the company.
- Research the competition and the market, obtaining valuable information as a competitive advantage.
- Investigate the level of reputation and brand image of the company to evaluate its positioning and detect possible defamation attacks, etc.
- Assess vulnerabilities, identifying possible weak points of the company (technical, commercial, marketing, image, etc.).
- Track malicious actors, tracking specific profiles and extracting valuable information regarding their possible malicious or illicit activities.
- Assist with regulatory compliance, detecting flaws, non-conformities or non-compliance, in terms of privacy, cybersecurity and legal matters, that can be corrected.
You can expand details about our services visiting the page of THIS.
If you prefer, contact us and we talked.
