Professional Documents
Culture Documents
October 2013
Inside:
New
context
on
Web
Intelligence
The
need
for
external
data
in
enterprise
context
Making
better
use
of
web
intelligence
CTOlabs.com
Web Intelligence: A new category of actionable information
Web Intelligence is the parsing of millions of sources of Internet connected information in a way that is useful to decision-making. It enables the harnessing of the global information grid and adds predictive power to functions such as strategy development, investment decisions and risk assessment/mitigation. This paper, sponsored by Recorded Future, examines this new category of Web Intelligence in a cyber defense context and provides information you can use in deciding the best ways to integrate Web Intelligence into enterprise cyber security operations.
Recorded Future and their Temporal Analytics Engine organize web information for analysis to yield new insights. Recorded Future specializes in analyzing human writing to detect events, actions and descriptions of actions and then place this information in a time-based (temporal) context. These timelines and topics can be aggregated and correlated to ensure information on the same event can be viewed by multiple angles. This enables analysis in the light of all related information, including historical information. Recorded Future ingests, in real time, over 300,000 real time sources, performing over 50 extractions per second and building a deep history at the same time. They have already amassed a fact based of over 5 billion facts in multiple languages including English, Chinese, Russian, Arabic, Farsi, Spanish, and French.
CTOlabs.com
Background: The Roots of Web Intelligence
The origins of web intelligence for cyber security can be traced to the beginning of organized enterprise cyber security activities that began after the famous Morris Worm of November 1988. In the worms aftermath, responders noted shortcomings in their ability to know information from outside their organizations. Since then: Most major organizations have established dedicated efforts to stay informed on external threats. There has been an explosion in original content publicly available on the web, including blogging, niche publications, social media, but also vast stores of commercial data that were once locked away and inaccessible to others. Increasingly, both threat actors and defenders are openly sharing valuable information on open source web channels, making totally new sources of information available
McAfee ESM
DPI and log data. Database monitors. No all source capabilities. New release provides speed and scale and ability to add external threat feeds, showing potential for integrating Web Intelligence. Dashboarding capabilities important. Leveraged for log based and network data analysis
Splunk
RSA NetWitness
IBM-Q1 QRadar
Log and event management with behavior analysis. Netflow data a strength. A purpose-built big data SIEM tool. Ability to take data feeds and integrate other information shows promise.
Sensage
CTOlabs.com
Most enterprises are also leveraging link analysis and related investigative tools, including IBMs Analyst Notebook (which is ubiquitous), and the rapidly proliferating Maltego. Some use the advanced capabilities of Palantir. Users of current versions of these systems can rapidly and easily move information to and from advanced web intelligence platforms like Recorded Future.
Our recommendations:
1. Establish your enterprise vision for the use of Web Intelligence in support of your security posture. 2. Launch a proof of concept leveraging Recorded Futures Software as a Service cyber intelligence application. This application enables rapid delivery of capability that can put Web Intelligence to use in your enterprise almost instantly. During the proof of concept formulate evaluations on criteria like: a. Ability to meet your vision for web intelligence support to cyber operations b. Ability to leverage the full spectrum of intelligence information from the Internet and your internal sources c. Ability to enable shared situational awareness across all levels of your organization d. Ability to drive proactive mitigation of threats.
More Reading
For more federal technology and policy issues visit: CTOvision.com- A blog for enterprise technologists with a special focus on Big Data. CTOlabs.com - A reference for research and reporting on all IT issues. FedCyber.com Focused on federal cyber security J.mp/ctonews - Sign up for technology newsletters including the Security Technology Weekly.
CTOlabs.com