How Web Intelligence Helps Cyber Security Professionals

January 4, 2014 • Ken Buckler

Editor’s Note

The following interview is with Ken Buckler and is from our Web Intelligence Perspectives Series. Ken is a professional cyber security consultant.

What is it about web intelligence that is such an important opportunity to you?

Web intelligence provides the ability to be forewarned of new cyber threats in real-time. For the average person, cyber security just isn’t interesting – so cyber threats are severely under-reported in the mainstream media. Through web intelligence, cyber security professionals can stay up-to-date on emerging threats, and verify the proper defenses are in place before an incident occurs.

What drives interest in web intelligence in your community? What hole in your world does it fill?

Without web intelligence, unless you have a multinational spy network with a confidential informant in every hacking group around the world, your response to cyber threats will always be reactive instead of proactive. Web intelligence helps cyber security professionals adequately allocate limited resources to prepare for upcoming threats.

What does a critical insight from web intelligence look like?

Some critical insights can be extremely obvious, such as an announcement by a hacking group of a pending coordinated website defacement attack. However, sometimes the most critical insights are the least obvious without being taken in context, such as a random piece of code on a social networking site. Sometimes these seemingly random pieces of code just happen to reference a vulnerable file as part of an vulnerability which is currently unknown to the software vendor.

Critical insights can often go unnoticed unless you’re specifically looking for mentions of that specific file. After all, the best place to hide something is in plain sight.

What’s your vision of how web intelligence could be used?

Web intelligence could be and should be used to obtain a 360 degree view of cyber threats, such as coordinated cyber attacks or new malware and exploits. Think of the internet as a huge distributed database of information. Like any database, you need to learn how to properly query for the information you’re looking for – the challenge is that unlike SQL, there is no set query language (yet), and not all of the data sources are easily accessible. In order to obtain a complete picture, web intelligence must evolve to provide easy access to the “dark” parts of the web, such as Tor, I2P, or peer-to-peer file sharing networks.

Will web intelligence become a standard piece of tradecraft in your community? Will it “go viral”?

I am a huge supporter of proactive security, and as such I believe web intelligence is absolutely essential to the cyber security community not just in the future, but right now.

Every day new exploit code or malware is posted to the internet. By monitoring the web, early warning can be provided before a major malware outbreak occurs. However, if no one is looking for the new exploits or malware, then we are forced into reactive security – responding to incidents after they occur. Cyber threats are constantly evolving, and in order to effectively respond to new threats, the cyber security industry must continue to evolve as well.

Ken Buckler

Ken Buckler is a professional cyber security consultant. Over the years working for various contractors, he has provided services for clients such as Defense Information Systems Agency and the United States Department of Veterans Affairs. He maintains a threat intelligence platform called Caffeine Security, which includes a cyber security blog and cyber threat watch tools. You can also follow Ken on Twitter for up-to-date security news and information.