3. What’s this session about?
What is OSINT?
How can technology like this be
leveraged to provide early
indication of safeguarding issues
A few simple steps to become
more effective and efficient
I’m just (X), how can NCSC help
me?
!
4. OSINT = Open Source Intelligence = our “Digital
Exhaust”
We all leave it behind us
everywhere we go
Cookies
Social Media
WhatsApp Groups
‘Free’ WiFi
‘Loyalty’/Cashback Schemes
‘Free’ ANYTHING
Digital Economy now extant,
that horse has bolted
Security vs Privacy? Data is the
new currency
“Online Life” & “Real Life” are
merging, as are the norms
expected in both
A new form of Social Contract
is emerging
5. The Need: Automated Real-Time Anomaly Detection &
Prevention
Ransomware
Fileless Malware
Cyber-Bullying
X-ism
Organised Crime
Phishing
Any Vehicle
Email, Browser, Apps, Files
Any Traffic
Encrypted, Unencrypted
Any Network
Wired, Wireless, Mobile, Cloud
Any Device
PC, Tablet, Phone, IoT
Inspect all SSL/encrypted traffic
Machine learning
Multi-engine, CPU-tracking cloud sandbox
Block files until a verdict is rendered
Integrated security platform (firewall,
endpoint, wireless, email, CASB, Wi-Fi)
Security center (SOC)
7. SonicWall Capture Labs
Analyzed
7.2 billion
malware attacks
January to September
2019
Identified
113K+ never-before-seen
threats in 2019
Credited
Discovery of
hundreds of unique
variants every day
Established
in Mid-’90s
Dedicated
World-class threat and
machine learning
engineering team
Extensive
Malware Library
Thousands of terabytes of
data/artifacts
8. My problem isn’t with malware it’s with
behaviour
Large and diverse young population
No control over devices
Security vs Privacy is in a different realm:
oOften need to secure one from another
oSafeguarding is not the same as Cyber
oPastoral care & Intervention often more
important than “policing”
o Early detection of issues thus becomes the desired
outcome of technology introduction
9. OSINT Analytics
Automated Internet-Mediated Research Module
OSINT Analytics combines a dedicated search engine, context-
adjusted normalized social media analytics, and AI-powered
sentiment analysis into a powerful package.
OSINT Analytics provides snapshot insights of social media
ecosystems – revealing popular posts, opinion leaders, and topic
initiators with text and visualization.
CONNECTING
THE DOTS
INTO THE DEEP
WEB
SHORTER TIME
TO
INTELLIGENCE
INFLUENCER
IDENTIFICATION
10. P.O.I.
Automated Trend Forecasting
P.O.I. generates a dynamic
activity view built around
keyword searches and topic
selection to reveal inflection
points and conversation drivers.
P.O.I. uses Machine Learning
algorithms to aid in pattern
identification and false profile
detection.
INFLUENCER IDENTIFICATION
Since social networks are not just text and keywords, OSINT Analytics contextually
analyzes organic connections and content – more accurately identifying, flagging, and
ranking inflection points..
EARLY WARNING
Activity timelines and other graphical data displays within P.O.I. allow you to stay ahead
of changes in trends within any domain. Know when things are heating up, before they
boil over.
SUGGEST AND IDENTIFY
View activity patterns and post history – identify fake profiles and botnets at a glance.
Then, pass the information on to other operators, using integrated in-system notification
AUTOMATED AND DYNAMIC TOPCIS OF INTEREST
Create cross-platform social media monitors on any topic in seconds, and let P.O.I.
continuously float inflection points to your attention, based on preset queries of
popularity, sentiment, platform, activity, influence etc. or custom queries in real time.
11. What can I do in the meantime?
Talk to us: Bill Orme/David Peace:
borme@sonicwall.com
dpeace@sonicwall.com
Use the NCSC’s Protective DNS
https://www.ncsc.gov.uk/information/pdns
Talk to people like the Cyber Foundry in Manchester
https://gmcyberfoundry.ac.uk/
Tell your student populations up front about what is OK/!OK on your
networks (short policies in big letters)
The Capture Labs team pulls from the Capture Threat Network – which includes data from the following sources:
Intelligence sharing consortiums of threat researchers,
1 million sensors located across the globe.
Continuous real-time monitoring.
We collect 100K malware samples per day and analyze 100k events per day.
We have a team of over 50 engineers
Dedicated to identifying the latest threats
Over our 28 years – have amassed hundreds of terabytes of data / artifacts.
All of our cloud capabilities integrated into our cloud platform.
[ADVANCE]
This is technology that is central to SonicWall’s offering, makes us unique in the market, and a key component to our Capture Cloud Platform.
We scan incoming traffic – PDFs, office docs, etc. and look at artifacts in those files that represent malicious activity.
We utilize Machine Learning (all the data we’ve gathered over 27 years) with deep learning algorithms and block files until a verdict is rendered.
If we suspect something, we send it to the Capture Cloud.
First, we check it against the hundreds of terabytes of hashed artifacts that we’ve collected.
If it isn’t found, we run through our multi-engine sandbox (analogy of a hurt arm).
It has to pass all four engines with a green check.
If it’s bad we hash the artifact, and it’s shared globally amongst the SonicWall products – FW, endpoint, email, client.
Note that Capture renders a verdict for ~80% of all files in less than 2 seconds.
Note the unique capability around RTDMI (can detect Meltdown, Spectre, Foreshadow); executes the malware in memory; less than 100 nanoseconds; patented.
RTDMI is extremely effective and detects ~98% of what the other engines find.
Important to note that we have the IP around RTDMI.
We have a solution that can help. Our vision, straight up, is that we will provide automated breach detection and prevention in real-time.
Run through the advanced threats, the challenges, and then the critical components needed to protect against this.
Aligns directly with the cyber arms race and the cyber skills gap.