It’s time to be done with dirty networks, firewalls with more holes than Swiss cheese, and clunky DIY research environments that make IT and researchers want to pull their hair out.
Amidst turbulent economic times, high inflation, global conflict and a lingering pandemic, organizations — and their employees — are being forced to do more with less.
For professionals performing sensitive online research, this means shortening their time-to-insight to tackle more missions faster. Because threats, illegal activity and other targets of investigations haven’t let up.
While board rooms and management are pounding the productivity drum, being more productive is a tougher hill to climb, not the least of which because of how the human brain is wired to work.
Although we have more productivity tools at our fingertips than ever before, people still have their limits in terms of how long they can focus on tasks. According to a much-cited survey of 2,000 U.K. office workers, employees are only productive about three hours a day. The remaining hours of their required workday are spent socializing on and offline, surfing the web and (my personal favorite) “making hot drinks” — what a blast!
As the Inc Magazine article points out, this isn’t necessarily a bad thing but simply a matter of fact. And while some companies may react by locking down internet access and putting away the hot water kettle, others will recognize that when an employee is ready to work, you don’t want anything to get in their way.
How homegrown solutions get in researchers’ way
Sensitive online research is fraught with risk. For one, it takes place on the internet, meaning there can be malware anywhere that could end up on researchers’ machines and the company’s network. Another risk is attribution: that the investigative targets researchers are looking into could identify who’s snooping around and why, and react accordingly.
To counteract these risks, organizations have relied on various means of protection, placing a patchwork of safeguards between unwanted risks and their organization. However, those measures are also between the researcher and them getting the information they need, complicating access and hampering productivity.
If researchers have to go to a separate location, work on a different machine, wait for virtual desktops to load-crash-reload, or make ad hoc requests to poke a hole in a firewall in order to do their job, you’re going about this the wrong way. Here’s why:
DIY isn’t as cost-effective as you think
Setting up and maintaining a dirty network is expensive. It requires a significant investment in hardware, software and infrastructure, as well as regular maintenance and updates to keep the network secure and up-to-date.
DIY isn’t as cost-effective as you think, seriously
Yes, I’ve said this already, but it’s worth saying again. It’s not just the dirty network itself that’s expensive. Workflow inefficiencies and productivity loss hurt an organization's bottom line. In addition to the access inefficiencies mentioned above, once a researcher gains useful data, it has to be safely transferred back to their core work environment. Disjointed tooling bogs down collection and analysis efficiency; deploying a multi-vendor stack also requires IT integration and researcher training.
Oh, the complexity!
Dirty networks are complicated and time-consuming to set up and maintain. They require advanced technical skills and cybersecurity expertise, as well as a thorough understanding of the latest malware and cyberthreat trends in order to provide the intended protection.
Cost of getting it wrong
Does this mean that DIY isn’t as cost effective as you think? It does. But I didn’t have the heart to hit you with that headline again. Dirty networks are reliant on VPNs whose connections are notoriously unstable, which could undermine the intent of the network in the first place. VPNs also do not prevent malware from reaching the machine. Sensitive business data stored on the local network can become exposed when the VPN connection drops unbeknownst to the researcher in the course of their investigation.
Dirty networks by definition are segregated environments. Visibility into analyst activity through detailed logging and the ability to enforce enterprise policy are typically non-existent. This is a risky proposition in terms of compliance and audit needs because of the types of research performed — on the surface, deep and potentially dark web.
Getting out of the way of productivity
The push for productivity should steamroll the dirty network. When researchers are ready to work, they should be able to access an anonymous, secure research environment from the device they use every day, from anywhere, at any time.
Thanks to the cloud, this isn’t just possible, it’s the way today’s researchers should work.
- Giving researcher’s access to a cloud-based environment to perform sensitive online investigations means risks are offloaded to the cloud as well: The researcher’s device is 100% isolated from malware — no malicious code ever touches the local machine.
- A managed attribution SaaS like Silo for Research also gives users access to a managed network of dozens of global points of presence around the world — web activity is never attributed to the organization or a VPN.
- And it’s designed with efficiency in mind. Researcher’s can access the surface, deep or dark web from the same solution — with nothing to download. An integrated tool suite, automated collection and centralized, secure access to third-party external tools and workflows mean researchers can stay focused and productive.
Empower your employees performing sensitive online research where they are: online. With a managed attribution SaaS, researchers have the anonymity, security and productivity tools they need at their fingertips wherever they roam and whenever they need to launch into action.Anonymous research OSINT research