Intelligence Gathering

흥신소 Intelligence gathering is the process of identifying and prioritizing intelligence requirements and translating them into observables. It is the beginning and end of the intelligence cycle.


Existential risks involve high levels of uncertainty that make it difficult for intelligence communities to allocate resources to them. They include nuclear winter (which would result in extraordinary climate change and mass starvation) and human extinction.

Open Source Intelligence (OSINT)

OSINT uses information publicly available on the internet to gather intelligence. This includes websites, social media, public records and news sources. It also includes the vast expanse of data known as the dark web.

Unlike running a simple Google search, OSINT requires a keen eye to find the information needed to protect an organization from threats. This is why CISOs rely on OSINT tools like specialized recon tools to help them discover and mitigate risks.

These specialized tools can perform multiple tasks at once. They can parse and organize raw information, connect it to other data points and display it for easy viewing. They can even automate the process, saving time and resources. For example, a tool like the ADSB Exchange allows users to track questionable aircraft activity by analyzing satellite-based transmissions of air traffic.

Other OSINT tools include Maltego, a software program that 흥신소 can uncover relationships among people, companies and domains using graphical link analysis. It can also identify typo-squatted domains and automatically check inputted information against O365 infrastructure to locate malicious activity. Another OSINT tool is the reNgine, a reconnaissance framework that streamlines the recon process and includes automated alerts based on threat feeds. Other tools include Lampyre, a software application designed specifically for OSINT gathering; theHarvester, a penetration testing tool that collects email addresses, hosts, subdomains and open ports; and Searchcode, a highly specialized source code search engine.

Covert Intelligence

Covert intelligence is primarily gathered by the use of agents. Although the classic spies of popular fiction still play a role in this kind of collection, most clandestine gathering is now done by machines using sophisticated sensors and cameras that can see in total darkness or record details from hundreds of miles away. These technologies can also detect sounds and images in crowded places or at high altitudes, and provide data that can be analyzed and stored for future use.

To be useful, collected information must be systematically evaluated to determine what is important and what isn’t. Unless this is done, large amounts of data may be collected unnecessarily and the decision maker will ultimately be left without pertinent information to make decisions. To evaluate intelligence, the data must be classified according to its reliability and its likelihood of being true or false. This information is then transformed into a usable form and stored for future use.

Another form of covert intelligence is the use of paramilitary operations, such as funding and training groups to carry out lethal action. This allows a country to address national security concerns without risking public embarrassment or retaliation. The United States uses this type of covert intelligence to address terrorist threats, track the development and proliferation of weapons of mass destruction, and assess leadership profiles of foreign officials.

Third-Party Intelligence

The collection process includes identifying intelligence requirements and developing collection guidelines. This ensures that the information gathered is relevant to those requirements. The intelligence production phase involves eliminating redundant or erroneous information and providing finished intelligence products for known or anticipated purposes and applications.

Obtaining third-party data sets is a common way for marketers to expand the scope of their audience data, improve machine learning initiatives, and create innovative location-based campaigns. By incorporating third-party data, marketers can also increase the accuracy of their predictive models by better matching data points.

Threat intelligence platforms like ZeroFOX allow enterprises to detect and respond to cyber attacks targeting third-party organizations in their vendor network and supply chain. This can be done by monitoring hacker forums and dark web marketplaces for early indicators of breaches, malware, and attack techniques.

A key element in achieving third-party risk management is to understand the dynamic level of risk that each third-party faces. Elite third-party intelligence solutions like Recorded Future enable security teams to assess and reduce third-party risk at scale by continuously monitoring the public attack surface for signs of vulnerabilities, active threats, and malicious activity targeting their vendor ecosystem.

Intelligence collection capabilities include IMINT, SIGINT, and MASINT. These technologies are expensive and require significant technical expertise to operate. As a result, they are only accessible to nations that have signed treaties granting them access to these capabilities.

Cyber Intelligence

Cyber Threat Intelligence (CTI) is the practice of proactively gathering information about threats that could impact a business. It can be automated by using solutions that scan the clear, dark, and deep web or manually performed by security teams. CTI is vital to preventing data breaches and protecting sensitive assets. It helps security teams avoid chasing false positive alerts that can waste time and resources and distract them from true malicious activity. According to a Ponemon Institute survey, more than 80% of organizations that have suffered a potential breach believe CTI would have prevented it.

Gathering threat intelligence uses a six-stage process borrowed from military and government intelligence agencies: direction, collection, processing, analysis, dissemination, and feedback. The direction stage involves defining the goals of the project. For example, a C-level executive may want to know about trends in attack methods used by adversary nations and companies to gain access to proprietary business information.

The collection phase focuses on gathering the right sources of intelligence. This includes open source intelligence such as search engines, web services, IP addresses, website footprinting, email headers, DNS interrogation, and human intelligence techniques such as interviewing or hacktivist activity. The processed data is analyzed and categorized into bite-sized pieces that can be easily understood and digested by stakeholders. It is then compiled into threat intelligence reports and disseminated to the appropriate audiences, including security tools for automating response.