A presentation by Bill Orme, central government and defence lead, SonicWall UKI at the Jisc security conference 2019.

1. JISC Conference
Technical decision support for
PREVENT
November 2019

3. What’s this session about?
What is OSINT?
How can technology like this be
leveraged to provide early
indication of safeguarding issues
A few simple steps to become
more effective and efficient
I’m just (X), how can NCSC help
me?
!

4. OSINT = Open Source Intelligence = our “Digital
Exhaust”
We all leave it behind us
everywhere we go
Cookies
Social Media
WhatsApp Groups
‘Free’ WiFi
‘Loyalty’/Cashback Schemes
‘Free’ ANYTHING
Digital Economy now extant,
that horse has bolted
Security vs Privacy? Data is the
new currency
“Online Life” & “Real Life” are
merging, as are the norms
expected in both
A new form of Social Contract
is emerging

5. The Need: Automated Real-Time Anomaly Detection &
Prevention
Ransomware
Fileless Malware
Cyber-Bullying
X-ism
Organised Crime
Phishing
Any Vehicle
Email, Browser, Apps, Files
Any Traffic
Encrypted, Unencrypted
Any Network
Wired, Wireless, Mobile, Cloud
Any Device
PC, Tablet, Phone, IoT
Inspect all SSL/encrypted traffic
Machine learning
Multi-engine, CPU-tracking cloud sandbox
Block files until a verdict is rendered
Integrated security platform (firewall,
endpoint, wireless, email, CASB, Wi-Fi)
Security center (SOC)

6. 1.0M+
Sensors
50+
Industry
research
organizations
in which
intelligence is
shared
24x7x365
Monitoring
<4 Hr.
Response to
never-before-seen
vulnerabilities
140K+
Malware
samples
collected
daily
28M+
Malware
attacks
blocked
daily

7. SonicWall Capture Labs
Analyzed
7.2 billion
malware attacks
January to September
2019
Identified
113K+ never-before-seen
threats in 2019
Credited
Discovery of
hundreds of unique
variants every day
Established
in Mid-’90s
Dedicated
World-class threat and
machine learning
engineering team
Extensive
Malware Library
Thousands of terabytes of
data/artifacts

8. My problem isn’t with malware it’s with
behaviour
Large and diverse young population
No control over devices
Security vs Privacy is in a different realm:
oOften need to secure one from another
oSafeguarding is not the same as Cyber
oPastoral care & Intervention often more
important than “policing”
o Early detection of issues thus becomes the desired
outcome of technology introduction

9. OSINT Analytics
Automated Internet-Mediated Research Module
OSINT Analytics combines a dedicated search engine, context-
adjusted normalized social media analytics, and AI-powered
sentiment analysis into a powerful package.
OSINT Analytics provides snapshot insights of social media
ecosystems – revealing popular posts, opinion leaders, and topic
initiators with text and visualization.
CONNECTING
THE DOTS
INTO THE DEEP
WEB
SHORTER TIME
TO
INTELLIGENCE
INFLUENCER
IDENTIFICATION

10. P.O.I.
Automated Trend Forecasting
P.O.I. generates a dynamic
activity view built around
keyword searches and topic
selection to reveal inflection
points and conversation drivers.
P.O.I. uses Machine Learning
algorithms to aid in pattern
identification and false profile
detection.
INFLUENCER IDENTIFICATION
Since social networks are not just text and keywords, OSINT Analytics contextually
analyzes organic connections and content – more accurately identifying, flagging, and
ranking inflection points..
EARLY WARNING
Activity timelines and other graphical data displays within P.O.I. allow you to stay ahead
of changes in trends within any domain. Know when things are heating up, before they
boil over.
SUGGEST AND IDENTIFY
View activity patterns and post history – identify fake profiles and botnets at a glance.
Then, pass the information on to other operators, using integrated in-system notification
AUTOMATED AND DYNAMIC TOPCIS OF INTEREST
Create cross-platform social media monitors on any topic in seconds, and let P.O.I.
continuously float inflection points to your attention, based on preset queries of
popularity, sentiment, platform, activity, influence etc. or custom queries in real time.

11. What can I do in the meantime?
Talk to us: Bill Orme/David Peace:
borme@sonicwall.com
dpeace@sonicwall.com
Use the NCSC’s Protective DNS
https://www.ncsc.gov.uk/information/pdns
Talk to people like the Cyber Foundry in Manchester
https://gmcyberfoundry.ac.uk/
Tell your student populations up front about what is OK/!OK on your
networks (short policies in big letters)

12. Product Architecture
CAPTURE Security Center (Management, Analytics, Threat Visibility)
CAPTURE Advanced Threat Protection
Cloud App Security
Email Security
NSv and WAF
CAPTURE Client
Network Security Platforms Cloud & SaaS IoTEmailMobile & EndpointsWi-Fi

13. AutomatedReal-TimeBreachDetectionand PreventionTechnology
DEEP LEARNING
ALGORITHM
Machine Learning
Artifact 1
Artifact 2
Artifact 3
Artifact 4
Data File
MS Office
PDF
Streaming Data
Classified Malware
RANSOMWARE
Locky
RANSOMWARE
WannaCry
TROJAN
Spartan
UNKNOWN
CLOUD CAPTURE SANDBOX
Hypervisor
GoodBad BLOCK
until
VERDICT
SENT
Emulation
Virtualization
BLOCK
Analyzed
7.2 billion malware attack attempts
from Jan. 19 to Sept. 19
Memory/RTDMI
Protecting PDFs, MS Office and
Chip-based Processor / Memory
Network
Security
Appliances
Wi-Fi
Cloud
& SaaS
Email
IoT
Endpoints

14. Thank You | SonicWall.com