The document discusses the creation of a cyber threat intelligence gathering system leveraging open-source information, emphasizing that even individuals with limited technical knowledge can build such a system. It covers various aspects including threat monitoring, creating alerts, intelligence sorting, and sharing within organizations to enhance cybersecurity preparedness. The presentation aims to encourage proactive measures against cyber threats rather than reactive responses.

1. The Making of a simple Cyber Threat
Intelligence Gathering System
Using open-source information gathering
to create your own Cyber Threat
Intelligence gathering system.

2. Presenter’s Intro
Presenter: Niran Seriki
Role: Senior Security Consultant
Education: Industry Certifications plus Masters Degree
in Information Security, Royal Holloway, University of
London.
Specialised areas of interest: Cyber Security,
Vulnerability Management & Cyber Threat
Intelligence.
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
2

3. Table of Contents
1. Introduction
2. Definitions
3. Cyber Threat – More Real than ever
4. Threat & Vulnerability Watch
5. Open-Source Intelligence Gathering
6. Creating Alerts & Feeds
7. Intelligence Sorting
8. Intelligence Sharing
9. Conclusion
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
3

4. 1. Introduction
• This simple talk is meant to help throw some light to
how anyone, with little technical knowledge, can
produce a Cyber Security Threat Intelligence
Gathering System based purely on open-source
information or feeds.
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
4

5. 2. Definitions
Important terms to note:
1. Cyber Security
2. Threat
3. Intelligence Gathering
4. Vulnerability
5. Risk
6. Severity Scores
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
5

6. 3. Cyber Threat – More Real
than Ever
• US assisting Middle Eastern allies against cyber threats
from Iran, the Guardian Sunday 9 June, 2013.
• Banks get hacked, Government Institutions hacked,
websites defaced, confidential data stolen, etc.
• And many other News on cyber attacks daily
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
6

7. 4. Threat & Vulnerability
Watch
1. Every organisation can have a Threat &
Vulnerability Watch – monitoring threats, especially
those ones that are serious enough to negatively
impact business.
2. No doubt, it is a huge task, but it is not impossible!
1. Watching does not make us 100% secure but at
least, it keeps us on our guard!
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
7

8. 5. Open-Source Intelligence
Gathering
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
8

9. 6. Creating Alerts &
Feeds
The Open Source Intelligence gathering list cannot be
exhausted as there are new labs and researchers being
added daily.
Next thing to do to make the job easier, is to create alerts
and feeds.
Some of the websites have also made it easy by adding
icons for easy subscriptions in form of:
RSS Feeds Facebook Google+
LinkedIn Twitter
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
9

10. 6b.Creating Alerts &
Feeds
You can also set up:
1. Google Alerts with specific keywords
2. iGoogle homepage can be used for feeds from
the various sites
3. Internet explorer feeds
4. MS Outlook RSS feeds
5. Internet Explorer favourites
6. Set up multiple screens for real time threat info, etc.
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
10

11. 7. Intelligence Sorting
The Information gathered can now be sorted into:
1. Threats to watch and monitor
2. Hacking activities, e.g. defacement, etc.
3. Data Leakage & Theft
4. New Malware
5. New Vulnerabilities
6. Zero day attacks
7. Spam
8. Botnets, etc.
It all depends on what your organisation is interested
in, to protect itself.
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
11

12. 8. Intelligence Sharing
• Information or intelligence gathered can now be
shared with interested parties within the
organisation.
• Using the RASCI model, some in the Organisation
may need to be:
• Responsible to take immediate action
• Accountable for approvals
• Support sought to carry out specific tasks
• Consulted because they may have knowledge of
specific subject
• Informed of what is going on.
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
12

13. 9. Conclusion
This presentation simply shows how
internally, we can carry out certain
tasks to help us to be aware of the
Cyber attacks and warfare that
have come to stay and at least, be
proactive rather than just being
reactive.
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
13

14. Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
14

15. Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
15

16. Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
16

17. Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
17

18. Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
18

19. Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
19

20. 10.Useful Resources
No doubt, there are more resources in the wild, both
free and others also, that go with subscriptions.
Many Cyber Threat Intelligence labs and organisations
also offer this as services (SaaS).
Please find out and do the best for your organisation
and remain SAFE!
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
20

21. Questions?
•Thank you!
12 June 2013
Niran Seriki on Cyber Intelligence
Gathering System
21
Niran Seriki – Senior Security Consultant
niran@siscltd.co.uk