Adam Mikrut, Founder & CEO
As the founder of an advanced OSINT (Open Source Intelligence) platform, I'm frequently asked by customers how our technology improves security analysts' detection of threats. The answer lies in moving away from traditional methods of relying on "threat terms" and embracing a more scalable, effective, and efficient approach to threat detection.
Why Guessing "Threat Terms" Is No Longer Effective
In the past, security analysts (including me!) relied on their intuition and experience to guess "threat terms" when searching for potential threats against high-profile targets. This manual and subjective approach leads to several limitations.
Guessing at "threat terms" unnecessarily restricts the scope of search queries, which in turn poses the risk of missing out on critical data, patterns, and signals of impending threats. It's challenging to specify the exhaustive universe of words and terms associated with threatening and hateful statements in a single language, and dependencies on context and other factors make it a nearly impossible task.
A conservative estimate for the complete body of explicitly threatening terms in English alone is roughly 1000-2500 words and phrases. Relying on your intuition or experience to guess that matching result set will inevitably lead to false positives or negatives, wasting time and resources and putting assets at risk.
Equally limiting, the manual process of searching through vast amounts of data consumes valuable time and effort, reducing the capacity of security teams to focus on higher-value tasks that drive threat mitigation
Building and Processing a Archive of Data for Threats
An alternative approach -- and a foundational feature of the DigitalStakeout OSINT platform -- is the automated aggregation of information into a customized archive. Data points such as executive names or company names are the starting point. This tailored approach significantly enhances the platform's effectiveness in detecting threats against specific individuals or organizations.
By building an archive centered around specific individuals, such as executives or high-profile personnel, the platform ensures continuous monitoring of the vast digital landscape for potential threats against them. A "build an archive first" approach for people, places and things provides more opportunities to process the accumulated data. Focusing broadly on an executive or company name allows ALL relevant data to be gathered from various sources, including social media, news outlets, and online forums -- even the deep and dark web. This focused data collection ensures that the platform has access to the most appropriate and comprehensive information, enhancing its ability to identify threats as they emerge.
Using AI to Scale Your View of Risk and Threats
Clearly, a sizeable archive of OSINT data requires new analysis techniques to filter out irrelevant findings (the "noise") and identify the relevant patterns of data (the "signal"). Cutting-edge technology is applied in order to maximize the classic "signal-to-noise ratio" and detect threats at scale.
Technology now enables large-scale OSINT aggregation and analysis:
Artificial Intelligence (AI): By harnessing the power of AI, platforms like DigitalStakeout can process and analyze vast amounts of data at unprecedented speeds. Leveraging AI allows for real-time threat detection and eliminates the need for analysts to guess "threat terms" manually.
Natural Language Processing (NLP): NLP enables the platform to understand and process human language, allowing it to identify potential threats within text-based content. Security-specific NLP vastly improves threat detection accuracy, reducing false positives and negatives.
Contextual Analysis: Context is key, and platforms must go beyond simple keyword matching by analyzing the context of online content. Using linked entities and building context enables the identification of hidden or subtle threats that traditional methods will miss.
Continuous Learning: We're designing our platform to learn and adapt using fine-tuned model techniques to continually refine its understanding of threats and improve its threat detection capabilities. Continuous evolution ensures that the system stays updated with the evolving threat landscape.
Automation: Increasingly, threat protection processes can be automated, removing mundane, repetitive work from human security analysts and freeing them to focus on high-value tasks, such as analyzing threats and developing mitigation strategies. This results in more efficient use of resources and reduces human error.
Moving from Intuition to Intelligence-Driven Monitoring
The days of relying on human intuition to guess "threat terms" or "threat keywords" are behind us. A more scalable, effective, and efficient approach to threat detection is not only possible but necessary. By embracing the rapid advancements in technology, security analysts can better protect executives and organizations from a wide range of threats, ensuring the safety and security of all involved. By focusing on personalized monitoring and targeted data collection, DigitalStakeout empowers analysts to stay one step ahead of potential threats and significantly enhances the security of high-profile individuals and their organizations.
If you are hesitant to adopt AI or NLP for threat detection and mitigation or require additional support for specific use cases, consider employing a "Bag of Words" and automated "tagging" approach. DigitalStakeout's Word List filtering feature allows you to track up to 2,500 terms and phrases (per list) within your collected data, ensuring comprehensive coverage of your areas of interest. By leveraging DigitalStakeout's automation, you can efficiently annotate records with matching word list items, streamlining the threat identification and analysis process.