Cobwebs Technologies Ltd. - Experts & Thought Leaders
Latest Cobwebs Technologies Ltd. news & announcements
Cobwebs Technologies (Cobwebs) has launched the only available, fully automated web investigation platform capable of unified identity resolution to the corporate security market. The ability to work in stealth mode and bridge the digital and physical world will boost the corporate security team’s threat intelligence and mitigation capabilities. The law enforcement grade platform’s AI and machine learning (ML)-powered algorithms’ ability to extract targeted intelligence from the web’s big data and deliver trustworthy threat intelligence is unprecedented. Battle-proven technology “Currently, corporate security teams have limited investigative, threat intelligence and detection capabilities because many use disparate systems only capable of monitoring the surface web." "Some still use time-consuming and error-prone manual investigative processes. Cobwebs makes these outdated processes redundant,” explains Johnmichael O’Hare, Sales and Business Development Director at Cobwebs Technologies. “Cobwebs allows corporate security teams to bridge the digital and physical world with its ability to deanonymise threat actors anywhere. No one else has this capability. Our technology is already battle-proven and used by law enforcement agencies and homeland security departments around the world.” How does it work? The Cobwebs web investigation platform works similarly to a search engine. An analyst enters their search terms and the platform conducts wide and deep threat monitoring across the web. When something suspicious is found, the platform moves into the web investigation phase. Here, it not only locates and analyses the activities of threat actors in a myriad of digital and social media channels across the open, deep and dark web but it also proactively thwarts their planning and activities with precision. Investigative process The process seamlessly culminates in the deanonymisation and confirmation of the nefarious individual’s identity irrespective of their online or global location. Corporate security analyst’s identity is masked and secured via Cobweb’s secured browsing tool The threat actor’s identity together with threat intelligence data relevant to the search terms is then displayed on an intuitive dashboard. Throughout the entire investigative process, the corporate security analyst’s identity is masked and secured via Cobweb’s secured browsing tool. Strengthens risk profiles Cobwebs strengthen the risk profiles of companies using the platform and deliver true threat intelligence. “Our platform will give the teams and departments responsible for protecting some of America’s most important businesses the investigative capabilities they need to enhance their field intelligence with actionable and trustworthy data.” “This allows them to manage their internal and external risks, and cyber threats, protect their bottom line, and boost their situational awareness. Company employees, digital and physical assets, and intellectual property remain protected,” adds O’Hare. User protocols From a privacy perspective, the platform is only able to locate information already in place on the surface, deep or dark web. All corporate security teams using Cobwebs Technologies have their own internal user protocols and oversight that govern the appropriate use of the technology. Cobwebs provide the web intelligence platform, trains corporate security teams on how to use it, and provides after-sales support to all clients. It does not carry out investigations on behalf of clients.
Insights & Opinions from thought leaders at Cobwebs Technologies Ltd.
Corporate global security operations centres (GSOCs) bear the responsibility for protecting C-suite executives from physical and reputational harm amid the social upheaval, extreme weather events, and escalating cyber threats. That mission, daunting as it is, becomes more difficult when GSOCs lack the data necessary for conducting a comprehensive threat assessment. Threat intelligence Unfortunately, many centres never move past basic threat intelligence which focuses on scenario-driven queries such as “what” could go wrong and “where” the event could occur. They fail to capture information that could help them identify threat actors, the critical “who” and “who else” is involved, and uncover their plans before a plot unfolds. Addressing threat environment GSOC's approaches should span all aspects of executive protection, from pre-mission planning to real-time operations GSOC executive protection teams must expand their narrow-focus intelligence capabilities to deal with an increasingly complicated threat environment. They need to obtain a wide-angle view that strategically places individual events into a broader context, while also uncovering the bits of data that, when correlated, can make all the difference in diffusing a potential crisis. In addition, these intelligence approaches should span all aspects of executive protection, from pre-mission planning to real-time, location-based operations. Here then are five intelligence-based capabilities all executive protection teams need today: 1) Advanced scouting intelligence GSOCs often rely on threat intelligence companies to alert them to dangerous situations or compromises that could impact the executives under their protection. While threat intelligence is important, it stops well short of providing the complete picture. Executive protection teams need more than superficial information gleaned from news feeds or international weather reports. The centralised GSOC, serving as the risk HQ, must take a proactive approach to mine intelligence data. To that end, GSOCs should provide advanced scouting intelligence. Data-driven insights If an executive aims to attend an event in another country, the centre should provide data-driven insights for pre-mission planning. That means digging into local news, international news, the geopolitical structure, and weather conditions among other factors. GSOCs should also probe the deep and dark layers of the web in addition to the commonly used and well-traveled websites, forums, and online platforms. A thorough understanding of the pending event and its context lends executive protection teams an intelligence edge when it's time to deploy. 2) An understanding of threat actors' intelligence capabilities GSOCs should use "red teaming" to get inside the head of a threat actor and uncover an executive's vulnerabilities But advanced scouting doesn't end there. GSOCs should also use "red teaming" to get inside the head of a threat actor and uncover an executive's vulnerabilities. Red teaming determines what an adversary might be able to find out about executives, their family members, and entourages. What's their level of exposure? Publicly available photos posted online can prove particularly harmful. For example, a photo of an executive's private jet could reveal a tail number that a threat actor could track, via open-source intelligence, to determine where the plane is heading. Images of vehicle license plates can be similarly exploited. Ways to strengthen vulnerability assessment A red team may also find images of the executive's family members, tagged in online photos and readily identifiable. Online sources may also reveal where family members work and mention where their children attend school. This investigative intelligence should explore three or four degrees of separation, not just immediate relationships. The GSOC's red team can also check for data leaks, breaches, and evidence of doxing to strengthen the vulnerability assessment well before the executive travels to the event. 3) Deep, dark web intelligence Open-source intelligence often relies on information gathered from the surface web of everyday use. GSOCs, however, must also look for threats lurking beneath the familiar online world. The deep web, for example, houses myriad sites that aren't indexed and, therefore, can't be searched using standard web browsers. The dark web, a subset of the deep web, is even less accessible, requiring specialised software such as an anonymising browser. Situational awareness The dark web, in particular, demands a GSOC investigator's attention. Threat actors use this web layer to communicate, collaborate and plan operations with a relatively high degree of secrecy. Failure to tap this information resource can dramatically reduce threat visibility and limit an executive protection team's situational awareness. GSOCs, however, can conduct deep and dark web investigations, provided they have the know-how and technology tools to do so. Exploiting the dark web Acquiring such skills requires time, commitment, and, potentially, new investigative policies Acquiring such skills requires time, commitment, and, potentially, new investigative policies. Existing guidelines, for example, may prohibit GSOC personnel from downloading an anonymising browser. In addition, investigators could stumble upon an exploit in the dark web, which could compromise their computers and networks. A computer used to explore the dark web should be isolated from the GSOC's production network as a matter of policy. With the proper tools, investigative techniques, and procedural guardrails in place, a GSOC can tap a valuable intelligence source. 4) Deanonymisation of threat actors Typical threat intelligence offerings help a GSOC answer the "what" question as they prepare to protect executives on the move. That is, they provide information on a particular incident in the executive's vicinity. But it's critically important to address the "who" question as well. That task calls for savvy investigators augmented by artificial intelligence. GSOCs can use AI to craft custom searches spanning the surface, deep and dark webs. Casting such a wide net lets investigators pursue threat actors, who can move rapidly between commonplace public networks and more obscure platforms. Artificial intelligence A crackdown on surface web activities, for instance, will drive threat actors to a dark web hideout. An investigator confined to the surface web will soon lose the trail. A scouring of all the web's layers will generate loads of data, which GSOCs will need to parse. AI can also prove an asset here, accelerating the process of extracting actionable intelligence from, potentially, terabytes of data. Manual data analysis can take days, if not longer, bogging down investigations and delaying the flow of crucial intelligence to teams on the front lines of executive protection. Automated approaches and network monitoring Learning about networks becomes important when a security team needs to exfiltrate an executive Automated investigative approaches can quickly correlate the bits of data collected in a web search – threat actors' online handles, IP addresses, phone numbers, and photos, for example. String together enough informational breadcrumbs can help deanonymise threat actors. Once an identity is unmasked, platform analysis lets investigators uncover additional relationships and entire networks of threat actors. Learning about networks becomes important when a security team needs to exfiltrate an executive. A threat actor network could operate in several geographic locations, not just the area in which an incident occurred. It makes no sense to evacuate an executive from one dangerous location only to relocate him or her to another trouble spot. 5) Real-time situational intelligence The traditional intelligence approach still in use is reliant on historical data to help organisations make executive protection decisions. GSOCs have to move past this and incorporate real-time situational intelligence as a core component of their executive protection programs. On the ground security teams will then be able to ensure that the strategies and protocols used to safeguard executives are based on current, actionable and trustworthy intelligence gleaned from multiple verified sources. Perimeter protection Real-time situational intelligence requires analysing data that is relevant to a specific event within a geographical area and time. This strategic approach will require a virtual perimeter to be placed around the geographic area in which an executive will be active – a conference venue and the surrounding city, for instance. GSOC analysts can then evaluate all online activity emanating within the predetermined boundary. This examination can take place before and during an event and the resulting intelligence can be fed through to ‘on-the-ground’ protection teams in real-time while an incident unfolds, or before an event. Unstructured data analysis GSOCs must be able to analyse unstructured data in various formats including online platforms and remote sensors Additionally, analysis of publicly available information can yield important locational clues such as photos of well-known landmarks, images containing signage, or other objects with text that can offer additional geographic markers. But to take advantage of such intelligence sources, GSOCs must be able to analyse unstructured data in various formats including online platforms and remote sensors. Interpreted correctly this will provide real-time data that can be used as a basis for actionable and trustworthy intelligence. This ability will also bolster the on-the-ground situational capabilities of the security team. Alert notifications Forward-deployed executive protection teams can also contribute their real-time situational intelligence as events unfold on the ground. Teams receiving alerts from the central GSOC can vet that information based on what they are seeing locally. They can disseminate that intelligence back to the GSOC, which in turn can incorporate those insights into their data and adjust an alert level accordingly. Direct communication between the GSOC and on-the-ground executive protection teams is crucial. This flow of intelligence completes a virtuous circle: The pre-mission planning intelligence supports the executive protection team and the team's real-time intelligence informs and refines the GSOC's guidance. Restricting data limits visibility The current threat landscape, more varied and complex than ever, requires a comprehensive response. GSOCs and their executive protection teams need to take in as much data from as many intelligence sources as possible. Restricting data gathering to a few conventional websites severely limits visibility. The multitude of online platforms, and the staggering amounts of structured and unstructured data they generate, make technology an important asset for getting the intelligence job done within a reasonable timeframe. Toward a bigger intelligence picture It's not all about automation, however. Highly skilled personnel, including red teams, are a major part of the intelligence operation. Policies and best practices for intelligence gathering round out the list of requirements. GSOCs must pursue the big picture when it comes to executive protection. A narrow view of data sources, techniques, and technologies won't suffice. It's no time for tunnel vision when lives and reputations are at stake.
Palm vein recognition
DownloadThe key to unlocking K12 school safety grants
DownloadPhysical access control
Download5 surprising findings from OT vulnerability assessments
DownloadHoneywell GARD USB threat report 2024
Download