Article
Discover how combining your investigative research into a configurable, cohesive report can help surface more from your findings.
By: Harris Maidenbaum | January 4, 2024
Over the past few articles, I’ve shared my perspective on why building the right data structure matters. I’ve also emphasized the importance of finding security solutions that can surface critical information fast. Next, I want to touch on the significance of combining reports from multiple investigative research tools into one cohesive intelligence analysis.
Here’s the challenge as I see it – the lack of connectivity between investigative research tools and systems hinders our ability to see the full view of the threat.
For example, OSINT solutions help gather and analyze open-source data anonymously. They help us search the Dark Web, social media channels, court records, and other publicly available data. Despite all this helpful information, the tools lack a critical element – context and connectivity.
Some OSINT solutions produce pretty reports that show adverse media headlines but lack the breadth and depth to provide clear context. For example, oftentimes, the data gathered only scratches the surface. The surface-level data, while displayed nicely, doesn’t provide confidence that the information is validated, forcing you to spend time validating and digging into the results.
There’s another layer to the challenge of connectivity and context between multiple investigative research tools – unnecessary (and unwanted) repetition.
When you’re investigating multiple threats, you need to keep track of which report was created and when. The process goes: request a report, click a button, wait, read, log. Request a report, click a button, wait, read, log, etc… over and over and over again.
To sum it up, there are great research tools out there and several strong data providers. However, there are not a lot of systems that connect research tools together and combine the research with a custom database or configurable report builder.
So, how do you find the right tool for you and your team?
Part of my job is to gain a deep understanding of the industry, the tools our clients use, and the problems they’re looking to solve with emerging technology.
There are three areas that Ontic clients and industry insiders consider when choosing an investigative research tool.
Customization
Look for a solution that lets you customize security reports. For example, some leaders look for high-level categories and detailed data points like motive category, motive target, target, relationship to target, property involved, and case reporter.
A lot of solutions out there just give you one PDF and doesn’t allow you to combine different data sets into one report. They don’t allow you to add additional context, such as analyst notes, or a description for colleagues, which enables dissemination of information and ensures every recipient has all of the necessary context.
Configurability also allows you to create different templates of reports for different situations or audiences. This makes sure there is no wasted space and that the reports are tailored to what the recipient needs to know, such as executive leadership.
Cohesiveness
Avoid the repetitive process of pulling multiple reports from different places and logging them into a spreadsheet. Instead, consider a solution that automatically pulls various reports, including those you may not know you need, with a single click.
Continually, your chosen solution should make it easier to combine the reports into a cohesive summary for you to present intelligently.
Ontic’s Federated Research is an example of a solution that provides a more precise assessment of the threat by creating multiple reports, bringing them together into a single report, and providing context for interpreting that data.
Clarity
An experienced intelligence analyst can look beyond data identification to extract meaningful observations and share them with their teams.
The ability to search, analyze, and collaborate with security teams across an organization via one singular security solution is critical.
Part of your job may require you to advise business decision-makers on known and unknown threats. And that starts with clear, verifiable data.
Based on connected and verified data sources, you can tell the whole story with intelligence that lets you take meaningful action on threats.
Structuring the Unstructured examined how we can bring order to a disordered profession. We’ve looked at three specific areas that we can leverage to gain control – using the right data structure, surfacing critical information fast, and combining multiple reports into one brief with colorful context.
Separately, each area has an essential role in our investigation. But when we bring all the parts together, we can form a better and safer security strategy.
The post Structuring the Unstructured: Consolidating Reports into One Cohesive Record appeared first on Ontic.
*** This is a Security Bloggers Network syndicated blog from Article - Ontic authored by Harris Maidenbaum. Read the original post at: https://ontic.co/resources/article/structuring-the-unstructured-consolidating-disconnected-reports-into-one-cohesive-record/