CyberOSINT banner

More Variables Than Technology for Enterprise Security to Consider

June 29, 2016

For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,

“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”

Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.

 

Megan Feil, June 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Newly Launched Terbium Software to Monitor Dark Web for Enterprise

April 11, 2016

Impacting groups like Target to JP Morgan Chase, data breaches are increasingly common and security firms are popping up to address the issue. The article Dark Web data hunter Terbium Labs secures $6.4m in fresh funding from ZDNet reports Terbium Labs received $6.4 million in Series A funding. Terbium Labs released software called Matchlight which provides real-time surveillance of the Dark Web and alerts enterprises when their organization’s data surfaces. Consumer data, sensitive company records, and trade secrets are among the types of data for which enterprises are seeking protection. We learned,

Earlier this month, cloud security firm Bitglass revealed the results of an experiment focused on how quickly stolen data spreads through the Dark Web. The company found that within days, financial credentials leaked to the underground spread to 30 countries across six continents with thousands of users accessing the information.”

While Terbium appears to offer value for stopping a breach once it’s started, what about preventing such breaches in the first place? Perhaps there are opportunities for partnerships with Terbium and players in the prevention arena. Or, then again, maybe companies will buy piecemeal services from individual vendors.

 

Megan Feil, April 11, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The Progress and Obstacles for Microsoft Delve When It Comes to On-Premise Search

March 7, 2016

The article titled Microsoft Delve Faces Challenges in Enterprise Search Role on Search Content Management posits that Microsoft Delve could use some serious enhancements to ensure that it functions as well with on-premises data as it does with data from the cloud. Delve is an exciting step forward, an enterprise-wide search engine that relies on machine learning to deliver relevant results. The article even goes so far as to call it a “digital assistant” that can make decisions based on an analysis of previous requests and preferences. But there is a downside, and the article explains it,

“Microsoft Delve isn’t being used to its full potential. Deployed within the cloud-based Office 365 (O365) environment, it can monitor activity and retrieve information from SharePoint, OneDrive and Outlook in a single pass — and that’s pretty impressive. But few organizations have migrated their entire enterprise to O365, and a majority never will: Hybrid deployments and blending cloud systems with on-premises platforms are the norm… if an organization has mostly on-premises data, its search results will always be incomplete.”

With a new version of Delve in the works at Microsoft, the message has already been received. According to the article, the hybrid Delve will be the first on-premise product based on SharePoint Online. You can almost hear the content management specialists holding their breaths for an integrated cloud and on-premise architecture for search.

 

Chelsea Kerwin, March 7, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The Intersection of the Criminal, Law Enforcement and Technology Industries

February 26, 2016

A ZDNet article covers Arrests made over Bitcoin laundering scheme, Dark Web drug deals

Dutch police made several arrests related to laundering of criminal profits orchestrated through an unindexed section of the web called the Dark Web. The article says suspects allegedly laundered up to 20 million euros from online drug deals. With the information originating from Reuters, this article summarizes the arrests made by Dutch Fiscal Information and Investigation Service and public prosecution department:

“According to the publication, some of the men arrested are traders, while others are “Bitcoin cashers” — traders of Bitcoin online who cash these funds then withdraw money from ATMs. It is possible to find cashers online who run shadow services which exchange “dirty” coins for clean currency. Law enforcement in the United States, Australia, Lithuania and Morocco also participated in the raid.”

Just as criminal offenses are taking place increasingly online, so too must the law enforcement industry have turn to technology to aid its efforts. As the case unfolds, it will be interesting to uncover how these suspects were identified. Perhaps something innovative will be at the source.

 

Megan Feil, February 26, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Google Search and Cultural Representation

January 6, 2016

Google Search has worked its way into our culture as an indispensable, and unquestioned, tool of modern life. However, the algorithms behind the platform have become more sophisticated, allowing Google to tinker more and more with search results. Since so many of us regularly use the search engine to interact with the outside world, Google’s choices (and ours) affect the world’s perception of itself. Researcher Safiya Umoja Noble details some of the adverse effects of this great power in her paper, “Google Search: Hyper-Visibility as a Means of Rendering Black Women and Girls Invisible,” posted at the University of Rochester’s InVisible Culture journal. Not surprisingly, commerce features prominently in the story. Noble writes:

“Google’s algorithmic practices of biasing information toward the interests of the powerful elites in the United States,14 while at the same time presenting its results as generated from objective factors, has resulted in a provision of information that perpetuates the characterizations of women and girls through misogynist and pornified websites. Stated another way, it can be argued that Google functions in the interests of its most influential (i.e. moneyed) advertisers or through an intersection of popular and commercial interests. Yet Google’s users think of it as a public resource, generally free from commercial interest15—this fact likely bolstered by Google’s own posturing as a company for whom the informal mantra, ‘Don’t be evil,’ has functioned as its motivational core. Further complicating the ability to contextualize Google’s results is the power of its social hegemony.16  At the heart of the public’s general understanding and trust in commercial search engines like Google, is a belief in the neutrality of technology … which only obscures our ability to understand the potency of misrepresentation that further marginalizes and renders the interests of Black women, coded as girls, invisible.”

Noble goes on to note ways we, the users, codify our existing biases through our very interaction with Google Search. To say the paper treats these topic in depth is an understatement. Noble provides enough background on the study of culture’s treatment of Black women and girls to get any non-social-scientist up to speed. Then, she describes the extension of that treatment onto the Web, and how certain commercial enterprises now depend on those damaging representations. Finally, the paper calls for a critical approach to search to address these, and similar, issues. It is an important, and informative, paper; we suggest interested readers give it a gander.

 

Cynthia Murrell, January 6, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Latest Perspectives Version from Tom Sawyer

December 29, 2015

Data visualization and analysis firm Tom Sawyer announces the latest release of their flagship platform in, “Tom Sawyer Software Releases Tom Sawyer Perspectives, Version 7.1, .NET Edition.” There is a new “timeline” view, and they promise a boost to layout performance. The press release specifies:

“Users can dynamically manipulate sliders in a timeline view to choose a specific time period. Once a time period is chosen, the elements within other views are filtered and updated accordingly to hone in on events based on time of occurrence.

“Users can now see how data progresses through time and focus on the events they are most interested in. Visualize the spread of an epidemic, the progression of crime in a city, or uncover how information disseminates across an organization’s departments.

“Tom Sawyer Perspectives, Version 7.1 also includes enhanced examples and user experience. New Crime Network, Commodity Flow, and Road Safety example applications are included, the look and feel of the tutorial applications is modernized, and neighborhood retrieval is improved. In addition, many quality and performance enhancements have been made in this release, including up to 16 percent improvement in layout performance.”

The write-up includes screenshots and links to further information, so interested readers should check it out. Founded in 1992, Tom Sawyer helps organizations in fields from intelligence to healthcare make connections and draw conclusions from data. The company maintains offices around the world, but makes its headquarters in Berkeley, California. They are also hiring as of this writing.

 

Cynthia Murrell, December 29, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Cyber Threat Intelligence Across the Enterprise

December 28, 2015

A blog series from iSightPartners aims to help organizations make the most of Cyber Threat Intelligence. The series is introduced in, “How CTI Helps Six Groups Do Their Jobs Better: A New Blog Series!” Writer Christina Jasinski explains:

“The importance of Cyber Threat Intelligence (CTI) has become more widely recognized in the past year.  But not many people realize how many different ways threat intelligence can be utilized across an enterprise. That’s why now is a good time to drill down and describe the wide range of use cases for employing threat intelligence for many different functions within an IT organization.

“Are you a CISO, SOC Analyst or an Incident Responder? Stay tuned….

“This is the first post in an iSIGHT Partners blog series that will delve into how IT security professionals in each of six distinct roles within an organization’s information security program can (and should) apply threat intelligence to their function.   Each post will include 3-4 use cases, how CTI can be used by professionals in that role, and the type of threat intelligence that is required to achieve their objectives.”

Jasinski goes on to describe what her series has to offer professionals in each of those roles, and concludes by promising to reveal practical solutions to CTI quandaries. Follow her blog posts to learn those answers.

Cynthia Murrell, December 28, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

A Bezos Style World Domination Video

December 4, 2015

Oh, 1999, what a year that was!  It was full of people afraid of Y2K, TV was still analog, email was still a novelty, and AOL still reigned as the supreme Web browser.  Nobody really knew what Amazon was as many people did their online shopping on individual Web sites or on eBay.  Recode takes a look at a video blast from the past in “Watch Jeff Bezos Lay Out His Grand Vision For Amazon’s Future Dominance In This 1999 Video.”

In 1999, Amazon was a four-year-old company with $1 billion in annual sales.  It started out primarily selling books, CDs, and movies.  The Jeff Bezos video is of a talk he gave at the Association of American Publishers annual meeting, it played on Book TV and nobody watches that, which it is why it probably has gone unnoticed for so long.  While it is a good retrospect about how the company has grown, it also offers some useful information for business entrepreneurs.  The entire video is fifty-five minutes long, but the article contains some of Bezos’s best quotes.  Our favorite is this one about favoring growth versus profits:

“Amazon.com is a famously unprofitable company. And the question is: Are we concerned about it? The answer is, in the short term, no; and in the long term, of course. Every company needs to be profitable at some point in time … Our strategy and we’ve consistently articulated this, is that we believe that this opportunity is so large that it would be a mistake for any management team not to invest in it very aggressively at this kind of critical category formation stage.  We don’t claim it’s the right strategy. We just claim it’s ours. But we do think it’s right. And that it would be a mistake to try to optimize for short-term profitability.”

Jeff Bezos’s advice about favoring growth versus short-term profit definitely worked for him.  Amazon is one of the world’s retailers and it is still growing.  It is set to dominate TV, software-as-a-surface, and air delivery.

 

Whitney Grace, December 4, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Big Data Myths Debunked

December 4, 2015

An abundance of data is not particularly valuable without the ability to draw conclusions from it. Forbes recognizes the value of data analysis in, “Text Analytics Gurus Debunk Four Big Data Myths.” Contributor Barbara Thau observes:

“And while retailers have hailed big data as the key to everything from delivering shoppers personalized merchandise offers to real-time metrics on product performance, the industry is mostly scratching its head on how to monetize all the data that’s being generated in the digital era. One point of departure: Over 80% of all information comes in text format, Tom H.C. Anderson, CEO of, which markets its text analytics software to clients such as Coca-Cola KO +0.00% told Forbes. So if retailers, for one, ‘aren’t using text analytics in their customer listening, whether they know it or not, they’re not doing too much listening at all,’ he said.”

Anderson and his CTO Chris Lehew went on to outline four data myths they’ve identified; mistakes, really: a misplaced trust in survey scores; putting more weight on social media data than direct contact from customers; valuing data from new sources over the customer-service department’s records, and refusing to keep an eye on what the competition is doing. See the article for the reasons these pros disagree with each of these myths.

Text analytics firm OdinText  promises to draw a more accurate understanding from their clients’ data collections, whatever industry they are in. The company received their OdenText patent in 2013, and was incorporated earlier this year.

Cynthia Murrell, December 4, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

All You Can View Patents

November 18, 2015

Patent information is available to peruse via the USPTO Web site and Google has an accurate patent search (that is significantly easier to use than USPTO’s search), but this does not tell the complete story of US patents.  GCN announced that the USPTO plans to remedy missing patent information in the article, “USPTO Opens The Door To Four Decades Of Patent Data.”

With the help of the Center of Science and Innovation Policy (CSSIP), the USPTO launched the new tool PatentsView:

“The new tool allows individuals to explore data on patenting activity in the United States dating back to 1976. Users can search patent titles, types, inventors, assignees, patent classes, locations and dates. The data also displays visualizations on trends and patent activity. In addition, searches include graphic illustrations and charts.”

People will be able to conduct the equivalent of an “advanced search” option of Google or an academic database.  PatentsView allows people to identify trends, what technology is one the rise or dropping, search a company’s specific patents, and flexible application programming interface to search patent information.

The USPTO wants people to access and use important patent and trademark data.  It faces the issue that many organizations are dealing with that they have the data available and even with the bonus of it being digital, but its user interface is not user-friendly and no one knows it is there.  Borrowing a page from marketing, the USPTO is using PatentsView to rebrand itself and advertise its offerings.  Shiny graphics are one way to reach people.

Whitney Grace, November 18, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »