Open source intelligence plays a growing part in both cyber offense and defense. In this report, QOMPLX Senior OSINT Specialist Joe Gray describes four ways that individuals and organizations can sharpen their open source intelligence gathering.
"The best defense is a good offense," as the saying goes. That's long been true in the world of sports. It's increasingly the case in cyber security, where in the last decade organizations have embraced 'offense as defense' with the use of penetration tests and "red teaming" by dedicated internal teams or third party contractors.
But harnessing offensive hacking to improve the security of your organization draws on a different set of skills than traditional network defense. Notably: activities like social engineering and open source intelligence gathering play a big role in successful red team and pen testing exercises, but aren't generally a part of the network defender's tool kit.
The private sector has rushed to fill that gap, with a wide range of new threat intelligence tools and services. But simply having access to tools and data isn't the same as knowing how to properly apply it in a way that will improve the security posture of your organization's network, applications and users.
To that end, QOMPLX's own Joe Gray has put together a new guide to help IT security professionals become efficient and responsible OSINT investigators. Open Source Intelligence (OSINT) gathering is a "cycle rather than a process with a defined starting and stopping point," akin to the process of writing software applications. "OSINT is very much the same. We have various data types that make up our proverbial engine," Gray writes. Those include email addresses, physical addresses (personal and business sites), phone numbers, technologies, websites and domains, and social media presence." Good OSINT processes need to govern both the collection of that data and its application: "where to collect the data and where to input the collected data to yield more data or an intelligence context."
You can now download Joe's report "Four Steps to Better OSINT Collection." It lays out some simple steps to improving OSINT collection, storage and application. Registering will give you access to the report and subsequent posts on OSINT best practices from QOMPLX.