This is another open source intelligence tool with its own twist. We like the twist enough to designate them SC Labs Approved. The twist? Silobreaker started life looking at an open source intelligence landscape that had little or nothing to do with cyber-threats. A UK company, it built its focus on general open source intelligence gathering over the internet and became a solid service with significant reach and analytical capability. We have been using Silobreaker in the SC Labs for several months and it is a real workhorse in our intelligence analysis tasks.
The biggest benefit that Silobreaker gives us is that it is not cyber-specific. The biggest issue in applying open source intelligence is context. Silobreaker helps provide context. It is a cloud-based service and is accessed via a web interface. The interface is straightforward and configuration, while not exactly intuitive, isn't all that difficult.
AT A GLANCE
Price Company subscriptions start at £16,692.60 per year.
What it does Solid open source intelligence gathering and analysis tool that brings non-cyber context to cyber threat intelligence analysis.
The tool has a lot of resources that it uses to gather information. Its 400,000-plus sources include blogs, web pages, social media, research reports and quite a few other types. One unique feature of the tool is its ability to create custom dashboards extremely quickly. You can create dashboards that are the basis for ongoing monitoring or you can create dashboards on the fly to answer a particular question.
For example, we needed to get a quick understanding of a particular botnet from which we were beginning to see activity. Within less than 10 minutes we had a dashboard that gave both an historical and a current trending view of the important factors in the problem. Because Silobreaker explicitly follows well over 200 specific hacker groups, context is fairly simple to develop for any given problem that revolves around hacking, ops or other types of cyber-attack campaigns.
There are several widgets that you can use to create dashboards and you can develop your own core data sets as well. For example, you can create a list - for the project mentioned, we created a list of all of the prevalent exploit kits. We can play that against a list of malware that Silobreaker maintains. Now there are several things we can do with that combination. We can look at them together in what Silobreaker calls a network. This shows relationships as generated by interactions between elements in the lists over the internet.
So if we are looking at exploit kits and malware, and a particular exploit kit uses a particular malware - as reported in the internet sources that Silobreaker uses - that connection will show up on the network. You can then drill down all the way to the indexed source documents.
A big benefit of the tool is its ability to track trends. We can look at a list and see what elements of the list are trending hot or cold (increase or decrease in hits over the internet) in a sliding one-day or seven-day window. We also can see the specific number of hits in those two windows.
OUR BOTTOM LINE
This is a general open source intelligence tool with a solid, though not extensive, focus on cyber-intelligence. It is, however, extremely strong in providing context between cyber issues and non-cyber issues. You can focus on key words, people, companies and several other types of entities. You can create these entities yourself on the fly, if they don't yet exist in the Silobreaker library. The tool has become a real workhorse for us in the SC Labs because of its ability to develop those contexts.
It is straightforward to set up and creating dashboards becomes a breeze with some practice. For some types of cyber-information, you must get a bit creative with what you ask for but, again with some practice, you can get really useful results. We designate Silobreaker SC Labs Approved.
So, our bottom line is this is a powerful open source intelligence tool with the significant benefit of tying cyber intelligence to non-cyber intelligence. It has a lot of internet resources, the ability to build custom dashboards quickly and relatively easily, and it is a fine tool if you are a bit creative in how you look for solutions to the problem you are researching. It lets you create long-standing dashboards, some that are maintained by Silobreaker.
We believe that increasing focus on cyber-issues is an important next step, especially in this marketplace where the focus on cyber-intelligence is important. Just as important in our view, though, is the ability to glean context from non-cyber issues that impact cyber-attacks. These issues, such as politics and economics, play significantly but not always obviously in the cyber-world.
Prices are US based and therefore indicative only.