Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

Recently, I discussed the importance of situational awareness to Security Operations Center (SOC) effectiveness. Without anticipatory intelligence and context surrounding cyber-threats, SOCs receive a lower return on investment on tools such as threat feeds and endpoint solutions.

The intended value of threat intelligence feeds is to provide proactive information to organizations so they can better defend their data and networks. Unfortunately, improper use of data from threat feeds is a major reason for a reactive cybersecurity posture. And, this inability to proactively use threat intelligence is often driven by an organization’s lack of cybersecurity maturity.

According to one IDC report, 77% of companies survey equated SIEM to threat intelligence and another 35% associated threat intelligence with shared information provided within the security community. These two points demonstrate the shallow level of cybersecurity maturity of many organizations.  

If a SOC’s cybersecurity maturity can be increased by having more knowledge about threats and the threat intelligence it consumes, than it is incumbent on threat intelligence providers to provide customers with more relevancy and context, e.g. situational awareness in the content they provide.

After defining a threat feed, the next step is to understand the data’s relevance to your organization or its context. In this capacity, SOCs need to challenge the value of threat feeds to their organizations. 

To enhance the intelligence gathered from your own environment, it is important to incorporate anticipatory intelligence from other data sources, like social network intelligence, to instill a greater sense of context. Leidos Cyber Threat Analysis through Open-Source Intelligence is the only strategic service that produces this level of anticipatory Intelligence and provides the ability to extrapolate anticipatory intelligence from social networking sites. It allows your organization to incorporate sector and cross-sector knowledge concerning cyber-threat trends, and filter that intelligence down to the adversary tactics, techniques and procedures (TTPs) level to prevent or avoid attacks.

Similar to how advanced RADAR systems combined with powerful algorithms can help forecast weather patterns, OSINT technology can help predict incoming attacks or potential dangers, both inside and outside your sector or geography. By applying trend and pattern analysis and visualization of various types of cyber data, OSINT technology supports better cyber threat forecasts. They include:

  • Threat topics, messages discussing Indicators of Compromise (IOC’s);
  • Attack tools and methods, DDOS, Spear Phish, Man-in-the-middle, etc.;
  • Reports on groups such as Hactivists, Criminal Organizations, Terrorist Groups, State Sponsored hackers and others of interest to SOC analysts;
  • The positive and negative tones surrounding those topics, people, locations and organizations;
  • And the propagation of threat intel among web communities and a quantitative scale for ranking the most authoritative and influential authors and sources.

Recently, Leidos used OSINT technology to help a client make a successful, strategic business decision concerning a proposed geographic move. By leveraging the actionable intelligence from OSINT technology, the client was able to avoid a series of forecasted attacks by not moving to the new location. This is just one example of how the anticipatory intelligence of OSINT technology can help organizations well beyond the capabilities of any other threat intelligence service.

To learn more about how OSINT technology can provide your SOC with critical situational awareness, request a meeting with one of our experts.


Chris Coryea is the Head of International Cyber Intelligence Services for Leidos. In this role, he oversees the EMEA and Asia-Pac Security Intelligence Centers for Leidos and is responsible for leading a global team of Cyber Intelligence Analysts, Pen Testing Engineers, Incident Responders and Open-Source Intelligence (OSINT) Analysts. In 2003, Chris joined Lockheed Martin in the United States where he helped to establish the Corporate Information Security Office. He held various cybersecurity leadership roles across US and moved to London in 2010 to assist global organizations in the application of a proven cybersecurity tradecraft against the ever-evolving threat landscape. Applying the knowledge gained from his 14 year journey with Lockheed Martin and Leidos, Chris is a prominent speaker who has delivered numerous presentations across the globe including a recent keynote speech at RSA Singapore and Black Hat Europe. Chris enjoys providing thought leadership on cybersecurity and has authored numerous white papers and blogs for Lockheed Martin, Leidos and industry. Chris holds a BS in Management Information Systems from Kansas State University and a MS in Information Technology Management from Rensselaer Polytechnic Institute.