The Importance of Threat Intelligence for Law Enforcement Agencies
June 10, 2021 • The Recorded Future Team
Law enforcement officials are increasingly facing more and more data points they must sift through to identify potential threats, and it can be difficult to understand what poses a real threat and what doesn’t. It’s especially crucial to determine the real threats in a timely manner to protect potential victims and identify perpetrators before it’s too late.
Recorded Future’s Senior Vice President of Intelligence Levi Gundert recently gave an interview with Federal News Network where he discussed the necessity of using intelligence for law enforcement. “We’re obviously living in a time where technology plays a large role in everyone’s lives and especially for law enforcement—whether it’s the local, the state, or the federal level there’s so much information and so much data,” he said.
“When you think about the mission of law enforcement and what they’re there to do—whether it’s terrorist threats, or physical threats, protecting our economy, and of course cybercrime— there is just an enormous amount of data that has to be collected, processed, and analyzed. The fact of the matter is that it’s basically impossible to do that at scale without some pretty significant technology.”
The major challenge that law enforcement agencies face is that activity moves so quickly online that these agencies can’t afford to sit back and wait until something transpires. Many times it’s too late and investigations can take years before there’s any sort of resolution.
“If law enforcement doesn’t have availability to data and they’re not able to analyze the data ahead of the curve, they’re fundamentally starting their day at a disadvantage,” Gundert said.
All of these disparate data sources are incredibly difficult to monitor in real time, especially with limited resources. A human being can’t possibly sort through every possible piece of information at once, or identify multiple threats in real-time. Add in the hurdle of threat actors also constantly shifting their tactics, platforms, and strategies and law enforcement can quickly be on their heels.
Gundert explained how these different sources create headaches, “There’s all sorts of mobile chat applications popping up, decentralized applications. It’s actually making law enforcement jobs that much more difficult. They have to ensure they’re part of these conversations, that they’re on these platforms, that they’re observing potential incitement to violence. It’s more challenging than ever before for law enforcement because it’s not just centered in those typical platforms that you know about, it really is all over the place.”
But not all of these platforms are open to just anyone, and again, the time and resources required to monitor every possible data point are immense. So what are law enforcement agencies to do?
Employing threat intelligence is the best way for agencies to stay constantly aware of threats and important information—and maybe more importantly, contextualize everything to properly prioritize a course of action. “When you start with proactive intelligence law enforcement can take things the last mile because they have tools at their disposal. So they can start with great intelligence and then they can use those tools—whether it be subpoenas, search warrants to further investigations—ultimately to start pulling on the thread and develop an investigation on quality intelligence,” Gundert said.
A threat intelligence platform allows law enforcement agencies to pinpoint their needs, but allow the platform to monitor everything they need. “The first thing we do when onboard our clients is customization and tailoring intelligence requirements that the client has. We can automate alerting through an API, or we can alert through email or other various types of channels.
“We work with the client to understand what sources are important, what sort of terms, what sort of events are the types of things that you need to be alerted to and we do that charting to ensure there is a high fidelity signal.”
The customization and tailoring of a threat intelligence platform enable the law enforcement agency to cast a net over exactly what they’re interested in. It gives them access to all of the information they need, but also provides the context they need to prioritize next steps. With all of that at their fingertips these agencies can feel empowered to know they’re making informed decisions based on real-time data.
As Gundert put it, “As an intelligence professional or law enforcement professional you sort of feel like a kid in a candy store when you first look at Recorded Future.”