Security teams today are inundated with data but lack actionable insights. The rise of public data sources—ranging from social media and blogs to leaked databases and dark web forums—offers new opportunities for real-time threat detection and risk management. But with this wealth of information come significant challenges: noisy data, false positives, and the need for rapid context.
This article captures key challenges and opportunities covered in a recent SC Media webcast featuring Adrian Sanabria, Host of Enterprise Security Weekly, Jack Carraway Field CISO at Dataminr, and Michael Farnum, Advisory CISO at Trace3.
Understanding Public Data and Its Potential
Public data encompasses a wide range of sources, including traditional and social media, government advisories, code repositories, and even the deep and dark web. Jack Caraway explained that while many associate OSINT with intelligence agencies or dark web forums, much of this information is benign and readily accessible. Examples include regional blogs, public databases, and even niche sources like the New York City Taxi and Limousine Commission’s trip data.
The challenge lies not in finding data but in filtering it. Caraway highlighted DataMiner’s approach, which involves sifting through over a million data sources across 150 languages and 220 territories. Advanced AI models enable the extraction of actionable insights without overwhelming teams with noise.
The Value of Early Detection
Farnham emphasized the importance of early detection, particularly in responding to emerging threats like zero-day vulnerabilities. “If you know something is trending on the dark web or within hacker forums, you can assess your exposure and take action before an attack materializes,” he noted.
One key challenge is operationalizing public data effectively. Farnham pointed out that many organizations rely on manual processes or limited datasets, which slow down their response times. Automation and AI-driven tools like DataMiner significantly enhance the ability to prioritize and act on relevant data.
Proactive Risk Management
A major theme of the discussion was proactive risk management. Caraway explained how DataMiner’s tools help organizations identify vulnerabilities in their own environments and those of third-party partners. “We’re seeing more companies use public data to monitor their supply chains and alert their partners to risks they might not even be aware of,” he said.
This capability is crucial in mitigating risks tied to supply chain attacks. As Farnham highlighted, third parties often disclose vulnerabilities publicly before notifying their partners. Accessing this information in real time allows organizations to safeguard their systems proactively.
AI as a Force Multiplier
The webcast delved into how AI is transforming the use of public data. Caraway introduced DataMiner’s ReGenAI, a blend of predictive and generative AI that creates continuously updated summaries of unfolding events. For example, in a high-profile breach scenario, ReGenAI compiles and updates relevant information from multiple sources, reducing the time teams spend gathering and synthesizing data.
This efficiency is particularly valuable in time-sensitive situations. Caraway shared an example where DataMiner reduced the time to process and act on critical information from 30 minutes to just 90 seconds, freeing up teams to focus on strategic decision-making.
Addressing Challenges and Building Trust
While AI offers immense potential, its application must be carefully managed. Caraway and Farnham discussed the importance of reliability, accuracy, and contextual relevance. Ensuring that AI systems are trained on domain-specific data helps minimize errors and build trust among users.
Caraway also cautioned against prematurely adopting agentic AI—systems that execute decisions autonomously—without robust safeguards. “We need to approach these innovations with good risk management principles and ensure they’re applied where the impact of errors is minimized,” he said.
Conclusion
Publicly available data, when harnessed effectively, can be a game-changer for security teams. By leveraging advanced AI tools like DataMiner, organizations can transform raw data into actionable insights, enabling faster responses and more proactive risk management. As threats grow more complex, the ability to filter, contextualize, and act on public data will become an indispensable part of cybersecurity strategies.
As Farnham aptly put it, “Speed and efficiency are everything. The more we can automate and streamline, the better equipped we are to defend against evolving threats.”
© Copyright 2024 CNB Tel. All rights reserved