Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Using Social Media for Security Monitoring


Published on

Social media platforms have become the norm for companies to engage with customers and communicate information with the rest of the world. These networks also provide data that, when used with social monitoring tools, can be used to mitigate security issues before they become a major problem.

In this presentation you can learn how some of the world’s leading companies are using social intelligence to monitor security threats, identify liabilities, and get ahead of risk.


Cyber security attacks
Fraud detection
Intellectual property protection
Executive and talent threats

Published in: Social Media
  • Be the first to comment

Using Social Media for Security Monitoring

  1. 1. #SecurityWithSysomos
  2. 2. #SecurityWithSysomos Agenda • Introduction • Why Threat Detection? • Types of Threats: Cyber, Physical • Means of Protection: Digital Property, Fraud, Copy Cat • How to Start • Q&A
  3. 3. #SecurityWithSysomos Why Monitor Threat Detection?
  4. 4. Why Monitor Threat Detection? • Social Media is great for broadcasting information…for positive actions as well as malicious ones • Remember: there are no limits to what people will post on social media • Marketers leverage Social Media as their “haystack” for brand, competitive, and influencer purposes • We can utilize these same ideas and tools for security and threat detection • We will expect a relatively small number of mentions, but when they occur, they are extremely actionable and relevant. All it takes is one.
  5. 5. How susceptible is your business to security threats?
  6. 6. What If You Don’t Monitor for Security and Threats? PROACTIVE is always better than REACTIVE when it comes to security threats.
  7. 7. #SecurityWithSysomos What Is the Cost of Not Looking Out for Threats?
  8. 8. #SecurityWithSysomos Use Case: Cyber Security • One of the largest news sources and news distributors in the world • Owns many digital news properties that are relied on heavily by their advertisers • Same digital properties are very attractive targets for hackers • DDoS (Distributed Denial of Service Attack): Overloads company website/network by sending numerous packets of information – making users unable to access
  9. 9. Use Case: Cyber Threats • Can Social Predict DDoS attacks and other Cyber threats? Indirectly, yes. • Utilizing email alerts • Setting post frequency threshold limits for a ‘true attack’ • Creating the threshold: from historical attacks in the past year, 1000 mentions signified an attack and an unusual number of mentions • Cost to a company between $5,000 to $100,000 /hr • 49% of DDoS attacks last between 6 – 24 hrs
  10. 10. Use Case: Cyber Threats • Finding the bad apples and repeat offenders With a social media research platform you can actively find and make lists of social users and accounts who have: • Targeted you in the past • Act as early warning systems for attacks • Use language that indicates attacks • Are part of communities often involved in attacks
  11. 11. #SecurityWithSysomos Use Case: Physical Threats • Same large news source and distributor • Has many publically known and recognizable on-air talents, personalities and executives working for them • Regularly receive physical threats against these people • Solution was to use long complex trigger tags with keywords for every possible scenario of a physical threat
  12. 12. Use Case: Physical Threats • Example of a trigger tag: "John Doe Harm"~3 OR "John Doe Hurt"~3 OR "John Doe Vandalize"~3 OR "John Doe Vandalizes"~3 OR "John Doe Vandalizing"~3 OR "John Doe Strike"~3 OR "John Doe Attack"~3 OR "John Doe Loss of Life"~3 OR "John Doe Kill"~3 OR "John Doe Killed"~3 OR "John Doe Killing"~3 OR "John Doe Find"~3 OR "John Doe Hackers"~3 OR "John Doe Hacking"~3 OR "John Doe Cyber Attack"~3 OR "John Doe CyberAttack"~3 OR "John Doe CyberAttacker"~3 OR "John Doe Cyber Army"~3 OR "John Doe CyberArmy"~3 OR "John Doe Al-Qaeda"~3 OR "John Doe AlQaeda"~3 OR "John Doe Al Qaeda"~3 OR "John Doe Hacker"~3 OR "John Doe Threat"~3 OR "John Doe Threatening"~3 OR "John Doe Threatened"~3 OR "John Doe Plane Crash"~3 OR "John Doe Suicide Attack"~3 OR "John Doe Suicide Bomber"~3 • A tag like this can trigger an email alert, be routed into a custom dashboard, or be integrated through an API feed into a command center with additional data points outside of social • Many different trigger tags can be made for every possible security or threat scenario • Once these are made they can be replicated for locations, peoples names, various business assets and more #SecurityWithSysomos
  13. 13. Use Case: Copy Cat • Every time a Twitter handle pops up with the brand name – any derivation thereof – an alert is triggered • Allows risk and security staff to identify and take action on unauthorized user accounts • Ensures the reputation of the brand is not compromised by a malicious attack (from:a*_widget OR from:b*_widget OR from:c*_widget OR from:d*_widget OR from:e*_widget OR from:f*_widget OR from:g*_widget OR from:h*_widget OR from:i*_widget OR from:j*_widget OR from:k*_widget OR from:l*_widget OR from:m*_widget OR from:n*_widget OR from:o*_widget OR from:p*_widget OR from:q*_widget OR from:r*_widget OR from:s*_widget OR from:t*_widget OR from:u*_widget OR from:v*_widget OR from:w*_widget OR from:x*_widget OR from:y*_widget OR from:z*_widget OR from:widget_a* OR from:widget_b* OR from:widget_c* OR from:widget_d* OR from:widget_e* OR from:widget_f* OR from:widget_g* OR from:widget_h* OR from:widget_i* OR from:widget_j* OR from:widget_k* #SecurityWithSysomos
  14. 14. #SecurityWithSysomos Use Case: Piracy Protection • Multinational Media Brand, and a Multinational Sports Entertainment Group • Heavily rely on revenues generated from pay per view content, as well as protected content, such as TV shows, and movies • Major issue with leaked content before release dates as well as illegal streaming of content during events
  15. 15. Use Case: Piracy Protection • Finding the source of illegal streaming, and also those helping to broadcast it • Look for the most retweeted content, and the largest retweet spreads • Find the original post promoting an illegal streaming source • Create lists to track, monitor, and be alerted to these sources ((stream OR streaming OR torrent OR livestream OR online OR free OR “free download” OR “streaming online” OR “watch the”) AND ("the martian" OR martian OR themartian) AND NOT (trailer)) #SecurityWithSysomos
  16. 16. Use Case: Fraud Detection • Using visual cues – or ‘listening’ – as a means to capture and track image-driven content • Illegal tickets • Unauthorized apparel • Phishing Scams #SecurityWithSysomos
  17. 17. #SecurityWithSysomos Three Things to Know 1. Survey the landscape and out what existing conversations regarding threats are happening on social To surface conversations, think and search social channels on: • Related industries • Known threats and security events from the past • Various market segments you are involved in
  18. 18. #SecurityWithSysomos Three Things to Know 2. Monitor for threats against your brand, your executives, your office locations, etc. Things to Consider: • Have we scoped out a process and workflow for any threats that may occur? – What resources need to leveraged internally when a threat takes place? • Can we identify malicious actors that need to monitored on an ongoing basis?
  19. 19. #SecurityWithSysomos Three Things to Know 3. Look beyond the text Not all conversations about security will happen via copy – think about how people are sharing information: • Instagram • Facebook • Tumblr • Reddit
  20. 20. #SecurityWithSysomos After the Presentation • Feel free to contact us for follow up questions @Sysomos • Please visit to sign up for great Sysomos webinars
  21. 21. Thank You! @Sysomos