On paper, Open Source Intelligence (OSINT) is an opportunity for defenders to finally get ahead of threats. However, in practice, it’s a completely different story. While Open Source Intelligence offers timely data and actionable threat insights, extracting that information at the pace needed to keep up with threats, let alone get ahead, is near impossible for teams. This is due to the vast amounts of manual research and time required for the task. Even workarounds like paid threat intelligence services require manual labor to connect the dots. In this blog, we’ll be exploring the problem with Open Source Intelligence, and the modern solution.
How is Open Source Intelligence used?
In cybersecurity, Open Source Intelligence is instrumental in gathering information about potential threats, vulnerabilities, and emerging attack techniques. Security professionals monitor online forums, feeds, social media platforms, etc. to identify indicators of compromise (IOCs), malicious actors, and cyber threats targeting their organization or industry.
Most medium to large organizations typically employ a small team of analysts to do this. These threat intel analysts monitor various OSINT sources or paid threat intel. When they believe that the company has a probability of being a target, analysts will present data that they likely will be or have already been attacked. The next step is instructing engineers to hunt for intrusions.
In contrast, small companies with little budget and resources might attempt to set up RSS feeds to be alerted on threats or they might employ MSSPs to provide them further threat intel.
The problem with Open Source Intelligence
The glaring problem with Open Source Intelligence is that the processes are huge time sinks that require a large manual effort. Searching for a single threat in a company’s environment can take weeks or months. Not to mention, using OSINT often has minimal returns as threat analysts are often chasing ghosts.
Workarounds to Open Source Intelligence like MSSPs or paid threat intelligence are often no better. Here are some key challenges and limitations of Open Source Intelligence:
- Inability to capitalize on timeliness
Unsurprisingly, it is difficult to navigate Open Source Intelligence fast enough to get the most up to date information right away. There are too many sources to keep track of, capitalizing on timeliness requires constant watch, and there is no easy way to quickly verify the most up to date information. - Difficult to decipher
Open Source Intelligence sources are all independent entities and do not follow a uniform template for presenting information. As information on a threat comes out, different media outlets will call the same threat different names. And a comprehensive story on an emerging and evolving threat will be spread across different sources, possibly using different naming conventions per source. - Resource constraints
For organizations with limited budgets, establishing Open Source Intelligence capabilities can be a daunting task. While some may opt to monitor themselves using RSS feeds, this approach often results in significant gaps in coverage. Alternatively, outsourcing to Managed Security Service Providers (MSSPs) introduces its own set of challenges, including the risk of your provider's diluted attention due to the difficulty of prioritizing clients and serving multiple verticals such as different industries, regions, etc. - Quality vs. quantity
On the surface, paid intelligence feeds may look attractive. However, these feeds tend to focus on high-value threats that may not necessarily target every organization. They often lack coverage of the myriad of threats that can be just as high risk tracked by platforms like Fletch. Additionally, traditional intelligence vendors may overemphasize raw intelligence over actionable insights, leading to an abundance of data without practical guidance on mitigating risks. - Implementation of OSINT
One of the primary criticisms of current threat intelligence practices is the failure to implement the insights gained. Many organizations invest significant time and resources into cybersecurity hygiene measures, but without targeted threat intelligence, these efforts may be misdirected. OSINT should serve as a guiding force, directing organizations to focus their efforts on the most pressing threats and vulnerabilities.
A modern solution
Open Source Intelligence has merit but has lacked a medium to make it truly valuable. Current solutions are legacy tools that depend on independent teams' threat intelligence. Fletch’s AI engine is based in Open Source Intelligence and was designed to keep up with the evolving threat landscape.
Fletch utilizes natural language processing and machine learning to automate the manual research, analysis, and correlation. Everyday, the Fletch AI engine scans the threat landscape — 10,000+ articles and 100,000+ indicators are indexed for key insights. Then Fletch’s AI engine organizes the data into a comprehensive record for each threat. Any evolutions to the threat are updated hours after discovery, so that the information is up to date and earlier than other sources.
Lastly, a key element missing from Open Source Intelligence is context. Fletch correlates every threat to your tech, industry, and geographical locations to decipher whether it’s targeting you or not. Now teams no longer have to worry about whether they are vulnerable. If you are, use Fletch’s mitigation advice and educational comms to vastly improve response rates.
Takeaway
While Open Source Intelligence offers a wealth of potential insights, organizations must be aware of its limitations that leave companies vulnerable. Namely, traditional processes that leverage Open Source Intelligence are slow and laborious. Fletch is a modern solution that makes Open Source Intelligence actionable by focusing your work and cutting out manual processes.
Sign up for the Fletch waitlist to utilize the world’s first OSINT based cybersecurity AI.
