DIY approaches to powering secure, anonymous online research may seem cost-effective, but hard and soft costs combined show that’s not the case.
For sensitive online research, a solution is needed to ensure that the research you’re doing isn’t tied back to you or your organization. Without this critical capability, you’re at risk of being blocked, targeted, infected or identified by adversarial targets of your research.
Many organizations decide the cost-effective approach to disguising researcher identities (i.e., preventing attribution of their research) must be to build their own in-house solution. But when looking at the total investment in time and resources, this isn’t the case.
Using a SaaS for non-attributable web access is definitively less expensive from a hard and soft costs perspective than a build-your-own solution. SaaS solutions can also offer better protection against attribution and web risks as well as improve research efficiency.
Read the solution brief: Hidden costs of DIY research networks >
Using a traditional browser like Chrome, Safari or Firefox can be disastrous when conducting sensitive online research. For one, they don’t provide any separation between the researcher’s machine and network and the web content they’re interacting with. This means malicious content can get in and sensitive information can get out.
What’s more, these browsers are built to track users. They disclose dozens of identifying details about the researcher’s device, browsing behavior and more to every website they visit. With enough unique details in combination, webmasters can understand who they are and why they’re visiting their site.
Learn more about what’s in your digital fingerprint and how managed attribution can help you blend in with the crowd on sites you’re investigating. What is managed attribution and how does it improve online investigation? >
When speaking with online research practitioners, their need for a dedicated setup to browse the web comes down to avoiding these three things: getting blocked, identified and targeted.
This can happen in two ways. One is getting blocked by corporate IT solutions like firewalls and web gateways that aim to protect the network from malicious/unsavory websites.
The other is getting blocked by external parties based on your fingerprint; for example, when a Brazilian website blocks connections from U.S. IP addresses.
Both cases prevent investigators from getting the access they need, leading to incomplete intelligence or searching for a solution to get the special web access they need.
See how this SOC needed to bypass access blocks to investigate region-specific malware , and turned to Silo for Research to give give threat hunters full view of the malware in a secure environment >
By combining the dozens of details of a researcher’s digital fingerprint (their IP address; device settings such as language and keyboard preferences, time zone; hardware, software and plugins; browser in use; etc.), webmasters can create a profile of a website visitor and uncover who they really are and/or who they’re working for.
Learn how to blend in with the crowd when performing online investigations in this Silo for Research demo >
Being identified can lead to a number of additional issues. If online research can be traced back to the employee’s corporate network or — even worse — their home network, the subject of the research can potentially try to infect or target the researcher or scrub intelligence before it can be collected.
Once identified by a research subject, they may choose to target you digitally (i.e., via malware) or physically (i.e., in the real world). Physical targeting can take strange and scary forms:
It’s evident that non-attributable networks are critical to performing secure and effective sensitive online research. To achieve this, organizations typically take one of two approaches: buy a service or attempt to build their own in-house solution.
Here’s one of my favorite blogs that talks about the “buy vs. build” dynamic and how financial crime analysts and IT find a solution that makes both parties happy >
While the in-house approach may seem attractive from a cost perspective, it carries lots of issues:
This one is simple. An analyst gets blocked by corporate IT and requests a web access exception to visit the site. This solves the problem of getting blocked because it gives the analyst access to the site so they can gather intelligence, but opens up a number of other issues.
Relaxing web permissions is an easy solution for getting blocked, but it’s not a good solution for the other reasons mentioned above.
Again, this solves the problem of getting blocked and stopping an analyst from getting to the websites they need to visit, but puts individual employees and their companies at risk.
Companies should not require analysts to use their own personal resources to conduct online research on behalf of the company, and analysts shouldn’t — and usually don’t want to — sign up for jobs that require them to put themselves at risk.
Using personal resources for online research opens the analysts up to risk because the company isn’t willing to accommodate them with proper tools, and it opens the company up for risk because they have no ability to control or audit the analysts' online research set up.
I’ve heard it all, from kiosks in the corner that are “off-network” to naughty rooms in the broom closet that can be used to do research separate from the company. In short, building your own setup comes with a number of issues. It requires IT to constantly build and maintain a separate non-attributable computer network.
Having a proper risk-free setup for conducting online research is necessary for anyone conducting sensitive online research. Without the proper setup, it can lead to being blocked, targeted, infected, or identified.
Building your own in-house solution for conducting online investigations isn’t a good option because it’s costly, complicated, requires constant upkeep, doesn’t scale and doesn’t provide the ability to secure/audit/control in an enterprise way. Even if you’ve got the time and resources and attempt to build your own, it’s imperfect. And you have to rely on end users to be savvy enough to understand how to use it — and trust them to use it correctly.
To learn how Silo for Research provides steadfast security and anonymity in online investigations through a cloud-based platform, visit our product page.