Open Source Intelligence: Harvesting and enrichment to inform organisations of their risk and threat profile.
With the rapid growth of cyber-enabled adversaries, and the reduced barrier for entry to acquire cyber-weapons online, organisations need to refine their efforts to concentrate on the threats which are most applicable to their industry and public profile. This information is not easily acquired or digested based on their disparate sources and formats.
How does an organisation discover, correlate, enrich and evaluate threats to their organisation? And how does knowing the threat vectors and risk profile change the organisation’s culture and decision making process?
In my day to day job, I am a Security Operations Manager (SOM), a role which I find both creative and very challenging at the same time. The scope of the work I am involved in covers most aspects of protecting the business from external attack, and the sometimes mundane aspect of evaluating spam and phishing emails and campaigns, through to evaluating supply chain risk introduced through projects being run through our organisation.
I am also an active Royal Australian Air Force reservist where I utilise my experience from my role as a SOM to assist my sponsoring squadron to develop their own policies, processes and knowledge to understand information security risk (in both the physical and digital realm).
The common thread in the two roles being, the evaluation of the environment and industry vertical the organisation is operating in, and evaluating external information sources to develop an intelligence program aimed at supporting the decision making of the organisation, in a manner which attempts to inform and mitigate against external threat vectors.
The aim of this project is to develop and deliver a paper with an associated detailed design and proof of concept virtualised environment which incorporates the knowledge gained.
The paper will describe the different types of data, and how with refinement and correlation it may be made more valuable to an organisation. It will also describe how this information may be interpreted to give an organisation an informed view of the potential threat vectors, and what threat actors are known to utilise those threat vectors.
The detailed design and proof of concept virtualised environment is aimed at validating the techniques and processes described within the paper, whilst also serving as a roadmap for future evolutions and expansions on the concept of OSINT collection and refinement.
- Project Schedule with Key Tasks and Milestones
- Weekly Status reports
- Regular blog posts
- Detailed Design Documentation for a virtualised environment
- Seminar presentation
- Research Paper
Resources which are estimated to be used within this project include:
- Peer review papers, whitepapers, books and articles
- Open Source Feeds for Precursors and Indicators of Compromise
- Threat Intelligence feeds for Security Researchers
- Private and Public Cloud hosted virtual infrastructure
- Open Source Software
- Malware Information Sharing Platform
- Elasticsearch, Logstash and Kibana
- Cuckoo Malware Sandbox