What is operational security? Why is it important for the CISO?
What’s an intelligence cycle, and how do you successfully execute its data collection phase?
What are the common mistakes that companies make trying to collect intelligence from the internet, and how do you avoid them?
Authentic8 teamed up with Forrester to host an on-demand webinar anchored by two cybersecurity veterans to answer these questions and share real-life stories from their tenures in public and private sector organizations.
Forrester Senior Analyst Brian Kime draws upon his more than 15 years of military and cyberthreat analysis experience to share what happens when you try to collect information on adversaries without proper attribution, using regular corporate networks and devices. (You guessed it, nothing good!)
Kime describes the pain of using homegrown processes and tools to isolate threat analysts’ work from the corporate IT environment. Let’s just say it involved purchasing gift cards to pay a VPN provider and some awkward conversations with the IT team explaining why he needed a device without the company’s logo.
Then there were long hours building and copying images to manage multiple personas and constant worry about accidentally downloading malware or tracking pixels to the actual network when copying his findings for further analysis. The job of managing and maintaining a “burner” laptop turned into a more stressful and time-consuming task than doing his actual job.
Authentic8’s Matt Ashburn reflects on his cybersecurity adventures, including time spent working at the CIA and serving on the National Security Council at the White House. Matt shares best practices on how organizations can safely conduct cyber threat intel and get the best return on investment from their SOC.
Most CISOs look at the impressive security stacks they have accumulated over the years and still wonder: How do adversaries continue to be successful? What are we missing?
That’s where cyberthreat intel comes in – it helps organizations prevent intrusions, rather than detect attacks and respond to them after they happen. But while cyber intel analysts watch adversaries, they watch us, hoping for a slip-up that could tie researchers’ efforts to their corporate identity and reveal their mission. Matt calls it “wearing rubber gloves when handling toxic code” – you have to be super careful to blend into the environment, disguise your identity and not leave a trace.
Sure you can go the route of building and maintaining a whole new isolated network architecture to manage protections and dissociations; however, you have to be prepared to shoulder the mounting costs and additional headaches (like how often to change things up or safely transfer the content you found).
Or you can use a tool like Silo for Research (Toolbox) – a cloud-based web browser to research, analyze and capture content without putting your identity or environment at risk. With Silo, you can be anonymous to your adversary by customizing your language, time zone, keyboard setting and more.
We invite you to listen to this short (45 minutes, including all the “housekeeping” stuff) on-demand webinar, where Matt and Brain trade stories and share best practices and tool recommendations on how to practice safe OpSec and build a secure and effective intelligence gathering practice.