Internet monitoring is becoming increasingly popular amongst companies who have high value digital assets, depend on their public image or have a lot to lose in the the scenario of a data breach.
There are 2 types of monitoring. a) internal monitoring of network systems for employee or user behaviour patterns and regulation or 2) external threat monitoring on the world wide web and the multiple layers it is composed of. Here we are referring to the latter, external threat intel through internet monitoring. This intelligence has 3 facets:
- Threats related to the company;
- Sensitive data loss;
- Reputation damage.
The issue with most internet monitoring services is that they are keyword/key phrase based, meaning they will only pick up on content readily available by the search engines which directly mentions one or more of the keywords provided. This may work for customer service departments or PRs, but when it comes to protecting the brand for all 3 categories above this keyword monitoring approach is very limited.
Peer Intelligence Sharing
Most established companies in high risk sectors such as banking, insurance, healthcare and energy, have one or more sources of security intelligence. As an example, banks signing up with the FS-ISAC or equivalent body receive valuable industry intelligence on security threats from all corners of the globe. Though extremely useful, it is not focused intelligence the individual banks but rather, broader intelligence which may or may not affect them.
Monitoring the deep and dark web
The ‘deep web’ is that part of the internet which has been hidden by search engines, ISPs or the website owner themselves due to the nature of the content. The ‘deep web’ is actually different to the ‘dark web’ in terms of classification of what is available. Clarification on the difference between the two is important in internet monitoring.
Monitoring of the deep web gives us the largest incidents of intellectual property violations, piracy, counterfeit merchandise, black hat communities and illicit material.
Th dark web is is classified as, “a small portion of the Deep Web that has been intentionally hidden and is inaccessible through standard web browsers”. Here we see hotspots for cyber criminal activity, malware and exploit trading and planned attacks on the digital infrastructure of corporations and government.
Both form of deep internet threat monitoring are vitally needed for predictive intelligence and proactivity against those actions which are tuned to directly harm a person or entity.
Internet reputation monitoring
To pick up on public concerns and sentiment across the entirety of the web, instead of just through the usual free social media trackers, requires an online monitoring system which has algorithmic properties, capable of receiving manual entries and rules to guide it so that it does not overwhelm with false positives.
Monitoring for regulatory violations
The overused phrase of, “____ is only as strong as its weakest link” is well known to companies looking for online monitoring solutions. Monitoring for regulatory or ethical violations amongst employees on social media, cloud sharing, forums and the open internet can be valuable in that gives ample time to shut down a potentially damning situation. In the US and Europe, the FCC, HHS, ICO and many other regulatory bodies are responsible for overseeing corporate implementation of data protection protocols.
Sensitive document monitoring
Even though cloud storage and NAS drives are a great way to store all of your sensitive and personal data, cloud stored data is only as safe as the security protocols that the provider has established. Additionally, human error, violation of BYOD policies, social engineering and even direct exploits of a company system can expose classified or highly sensitive internal documents and information. Monitoring for these documents can protect a firm in more ways than one — corporate programs and confidentiality are vital to modern day business strategies.