How Does Traditional SIEM = Traffic Helicopter?

Published June 23, 2022

Remember the iconic traffic helicopter and our dependence on information gleaned from each hover? Fast forward to 2022, and our reliance is now on crowdsourced, live traffic and road condition updates including stopped vehicles, potholes, police activity and expected hold times at specific jams. Waze, a crowdsourced app is faster by an average of 2 minutes and 41 seconds in alerting law enforcement than any other source. On top of that, the US Department of Transportation (USDOT) now relies on such crowdsourced apps to predict and prevent crashes.

Now, what does this have to do with a Security Information and Event Management (SIEM) tool? The parallel here is our reliance on SIEM amid a global spend of more than $150 Billion in 2022, and with a predicted cumulative spend of $1.75 Trillion by 2025. What if there is a parallel to that crowdsourced traffic and map app? The answer is, Open Source Intelligence (OSINT). OSINT a top business priority for many enterprises in 2022 and it should be yours too. OSINT is intended to augment your SIEM and compliance needs, but not replace it. OSINT provides a framework and means to prepare and deal with fresh threats that emerge at a rate that far outpaces SIEM detection tools and methods. In other words, OSINT is the targeted collection, processing, and analysis of public (open source) data to gain insights, drive decision-making, and mitigate risks. It uses technology and investigatory techniques to overcome challenges associated with the vast size of public data and home in on relevant information (Source: Technology Magazine). OSINT Market size exceeded USD 5 billion in 2020 and is poised to register gains at over 25% CAGR between 2021 and 2027.

OSINT: Comes with Proven and Expected Business Benefits

The foremost benefit is speed-to-market followed by compliance support and cost savings. You get to readily plug into prebuilt tools that deal with large sets of live data and thereby avoid buying expensive proprietary tools and long setup times. Multiple risk and compliance needs are met as well since information is proactively shared and curated live. Indisputably, cost savings is an innate feature that comes with OSINT thanks to the shared grunt work of collecting, curating, and sharing intelligence that could impact every business. In other words, you are not solving for cyber security all by yourself!

OSINT: Now a Conversation in the Fortune 500 C-Suite

Fortune 500 CISOs are now paying attention and building their OSINT competency. This quote says it all: “If you’re not using open-source intelligence (OSINT) as part of your security defense strategy, you’re already on the back foot — and may not even know it.” The underpinnings of open-source intelligence are not just live information feed from across the globe, but also the continual curation by live users/consumers with live feedback on impacts. A good OSINT framework that is meaningfully integrated with your existing SIEM can, not only deal with the vast amount of information but also with the disinformation that can cause damage and waste cycles.

OSINT: Meant to be Quickly Enabled

Infinitive’s practical methods with tool-enablers and open-source accelerators for OSINT have helped customers including one of the nation’s top 5 financial institutions. The challenge of integrating various information feeds from across the Surface Web, network security, encryption, web vulnerability scans, penetration testing, antivirus, network intrusion and detection, packet sniffers, firewalls and managed alert service can be overwhelming, and can be overcome with a comprehensive framework that accommodates quick-wins, measurable security and resiliency, analyst feedback, and a means to process and act on data.

Other Things to Consider:

While you are maturing your SIEM tools and processes, it is important to evaluate your digital protection methods, hack verifiers, threat hunters, predictive threat models and applied cyber intelligence, collectively called “cyber posturing” in today’s world. Reevaluating your Security Operations Center (SOC) or Managed Cybersecurity controls against levers provided by OSINT in combination with features offered by AWS, Snyk, and Datadog are worth a conversation. At Infinitive, we have the knowledge to help your organization integrate OSINT with your SIEM to ensure compliance and mitigate risks. For more information, contact us today.