A review of the past 10 years in cyber security opened our eyes here at Massive. Reflecting on over 50 international security conventions, hundreds of white papers and government policies, we now see the gaping whole in security industry comes down to one thing.
This word is the ultimate head-scratcher of CSOs and security professionals globally. It is the fall-down of every great integrated security system available. Lack of it results in the confusion and anger of Board of Directors and CEOs who have invested thousands if not millions into security upgrades when they are facing the reputation crisis of a new system breach. Failing in it has fooled tech and media giants such as Google, Sony, Twitter, The New York Times and many more.
To solve this problem, industry leaders in digital security have created a myriad of solutions such as HP’s Enterprise Solutions or Dell Connected Security and several others. In an attempt to solve the problem of prediction we see global security intelligence being gathered from networks, terminals, servers and much more to alert, learn and protect.
Great tech, but the problem is the breach is already in progress by this stage.
The solution becomes to look earlier.
Any attack of a sizeable nature has to be planned, strategized and discussed. This means that somewhere there is a trace of the attack happening now having been discussed much earlier. In an article on malwarelist.net, the topic of pre-planned cyber criminal activity is covered well.
Internet monitoring for Brands has been around for a while. Primarily used for reputation or trend-mapping, use of tools like Radian6 are a fantastic for PRs, CMOs and Marketing Executives, but for the Chief Security Officer they are close to useless.
The bulk of cyber criminal activity, planning, scheming, trading, recruiting and training is done on blacklisted websites (not indexed on Google due to known criminal activity) or on the Dark Web.
Let’s take the infamous Silk Road as an example. The underground hub of online drug dealing, illegal trading, hiring hitmen, paraphernalia and other sordid subjects like child porn; the underground Black Market protected itself nicely in the TOR Network. Covered in-depth in this article by Jivan Achreja, the TOR Network was the perfect, anonymous play ground for such a blatant criminal activity to thrive on for over 2 years until it was shut down by the FBI and NSA.
See also: Can the Dark Web Affect Your Company?
There is nothing wrong with TOR. In fact, for those who are not familiar with it, it has immense benefits for private browsing and anonymity. But this also makes attractive for cyber criminals. They can’t be traced.
Regardless of WHO is behind it, those responsible for the security of a brand and its online or internal assets just want to know that is is being planned what the enemy strategy is well before the attack occurs. Art of War.
Brand Protection Through Actionable Intelligence
Now, getting back to the subject of prediction as it relates to security, we can now see that to do this we need to:
- Name all locations where cyber criminal activity congregates and,
- monitor those dark web locations the same way we can monitor the public web for mentions and postings (such as keyword tracking, acronyms, website mentions, unique data signatures and financial data) while,
- doing this in as close to real-time as possible.
With the above we would have actionable security intelligence which could be used for counter-strategies with incredible prediction on impending attacks on your brand and its assets.
So that sums it up. Internet Monitoring is now vital for 2014 Brand Protection. The headlines tell the tale.
Oh, and I forgot to mention. We do all of the above and more. Check it out.