using social media for security monitoring
TRANSCRIPT
![Page 1: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/1.jpg)
#SecurityWithSysomos
![Page 2: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/2.jpg)
#SecurityWithSysomos
Agenda• Introduction • Why Threat Detection?• Types of Threats: Cyber, Physical • Means of Protection: Digital Property, Fraud, Copy Cat• How to Start• Q&A
![Page 3: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/3.jpg)
#SecurityWithSysomos
Why Monitor Threat Detection?
![Page 4: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/4.jpg)
Why Monitor Threat Detection?• Social Media is great for broadcasting information…for positive actions as
well as malicious ones
• Remember: there are no limits to what people will post on social media
• Marketers leverage Social Media as their “haystack” for brand, competitive, and influencer purposes
• We can utilize these same ideas and tools for security and threat detection
• We will expect a relatively small number of mentions, but when they occur, they are extremely actionable and relevant. All it takes is one.
![Page 5: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/5.jpg)
How susceptible is your business to security
threats?
![Page 6: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/6.jpg)
What If You Don’t Monitor for Security and Threats?PROACTIVE is always better than REACTIVE when it comes to security threats.
![Page 7: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/7.jpg)
#SecurityWithSysomos
What Is the Cost of Not Looking Out for Threats?
![Page 8: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/8.jpg)
#SecurityWithSysomos
Use Case: Cyber Security
• One of the largest news sources and news distributors in the world
• Owns many digital news properties that are relied on heavily by their advertisers
• Same digital properties are very attractive targets for hackers
• DDoS (Distributed Denial of Service Attack): Overloads company website/network by sending numerous packets of information – making users unable to access
![Page 9: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/9.jpg)
Use Case: Cyber Threats• Can Social Predict DDoS attacks
and other Cyber threats? Indirectly, yes.
• Utilizing email alerts
• Setting post frequency threshold limits for a ‘true attack’
• Creating the threshold: from historical attacks in the past year, 1000 mentions signified an attack and an unusual number of mentions
• Cost to a company between $5,000 to $100,000 /hr
• 49% of DDoS attacks last between 6 – 24 hrs
![Page 10: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/10.jpg)
Use Case: Cyber Threats• Finding the bad apples and repeat
offenders
With a social media research platform you can actively find and make lists of social users and accounts who have:
• Targeted you in the past• Act as early warning systems for
attacks• Use language that indicates
attacks• Are part of communities often
involved in attacks
![Page 11: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/11.jpg)
#SecurityWithSysomos
Use Case: Physical Threats
• Same large news source and distributor
• Has many publically known and recognizable on-air talents, personalities and executives working for them
• Regularly receive physical threats against these people
• Solution was to use long complex trigger tags with keywords for every possible scenario of a physical threat
![Page 12: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/12.jpg)
Use Case: Physical Threats• Example of a trigger tag:
"John Doe Harm"~3 OR "John Doe Hurt"~3 OR "John Doe Vandalize"~3 OR "John Doe Vandalizes"~3 OR "John Doe Vandalizing"~3 OR "John Doe Strike"~3 OR "John Doe Attack"~3 OR "John Doe Loss of Life"~3 OR "John Doe Kill"~3 OR "John Doe Killed"~3 OR "John Doe Killing"~3 OR "John Doe Find"~3 OR "John Doe Hackers"~3 OR "John Doe Hacking"~3 OR "John Doe Cyber Attack"~3 OR "John Doe CyberAttack"~3 OR "John Doe CyberAttacker"~3 OR "John Doe Cyber Army"~3 OR "John Doe CyberArmy"~3 OR "John Doe Al-Qaeda"~3 OR "John Doe AlQaeda"~3 OR "John Doe Al Qaeda"~3 OR "John Doe Hacker"~3 OR "John Doe Threat"~3 OR "John Doe Threatening"~3 OR "John Doe Threatened"~3 OR "John Doe Plane Crash"~3 OR "John Doe Suicide Attack"~3 OR "John Doe Suicide Bomber"~3
• A tag like this can trigger an email alert, be routed into a custom dashboard, or be integrated through an API feed into a command center with additional data points outside of social
• Many different trigger tags can be made for every possible security or threat scenario
• Once these are made they can be replicated for locations, peoples names, various business assets and more#SecurityWithSysomos
![Page 13: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/13.jpg)
Use Case: Copy Cat• Every time a Twitter handle pops up
with the brand name – any derivation thereof – an alert is triggered
• Allows risk and security staff to identify and take action on unauthorized user accounts
• Ensures the reputation of the brand is not compromised by a malicious attack
(from:a*_widget OR from:b*_widget OR from:c*_widget OR from:d*_widget OR from:e*_widget OR from:f*_widget OR from:g*_widget OR from:h*_widget OR from:i*_widget OR from:j*_widget OR from:k*_widget OR from:l*_widget OR from:m*_widget OR from:n*_widget OR from:o*_widget OR from:p*_widget OR from:q*_widget OR from:r*_widget OR from:s*_widget OR from:t*_widget OR from:u*_widget OR from:v*_widget OR from:w*_widget OR from:x*_widget OR from:y*_widget OR from:z*_widget OR from:widget_a* OR from:widget_b* OR from:widget_c* OR from:widget_d* OR from:widget_e* OR from:widget_f* OR from:widget_g* OR from:widget_h* OR from:widget_i* OR from:widget_j* OR from:widget_k*
#SecurityWithSysomos
![Page 14: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/14.jpg)
#SecurityWithSysomos
Use Case: Piracy Protection
• Multinational Media Brand, and a Multinational Sports Entertainment Group
• Heavily rely on revenues generated from pay per view content, as well as protected content, such as TV shows, and movies
• Major issue with leaked content before release dates as well as illegal streaming of content during events
![Page 15: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/15.jpg)
Use Case: Piracy Protection• Finding the source of illegal streaming, and also those helping to
broadcast it
• Look for the most retweeted content, and the largest retweet spreads
• Find the original post promoting an illegal streaming source
• Create lists to track, monitor, and be alerted to these sources((stream OR streaming OR torrent OR livestream OR online OR free OR “free download” OR “streaming online” OR “watch the”) AND ("the martian" OR martian OR themartian) AND NOT (trailer))
#SecurityWithSysomos
![Page 16: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/16.jpg)
Use Case: Fraud Detection• Using visual cues – or ‘listening’ – as
a means to capture and track image-driven content
• Illegal tickets
• Unauthorized apparel
• Phishing Scams
#SecurityWithSysomos
![Page 17: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/17.jpg)
#SecurityWithSysomos
Three Things to Know1. Survey the landscape and out what existing conversations regarding threats are happening on social
To surface conversations, think and search social channels on:
• Related industries• Known threats and security events
from the past• Various market segments you are
involved in
![Page 18: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/18.jpg)
#SecurityWithSysomos
Three Things to Know2. Monitor for threats against your brand, your executives, your office locations, etc.
Things to Consider:
• Have we scoped out a process and workflow for any threats that may occur?– What resources need to
leveraged internally when a threat takes place?
• Can we identify malicious actors that need to monitored on an ongoing basis?
![Page 19: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/19.jpg)
#SecurityWithSysomos
Three Things to Know3. Look beyond the text
Not all conversations about security will happen via copy – think about how people are sharing information:
• Instagram• Facebook• Tumblr • Reddit
![Page 20: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/20.jpg)
#SecurityWithSysomos
After the Presentation• Feel free to contact us for follow up questions @Sysomos
• Please visit sysomos.com/webinars to sign up for great Sysomos webinars
![Page 21: Using Social Media for Security Monitoring](https://reader036.vdocuments.net/reader036/viewer/2022092700/58705f2f1a28aba2118b754f/html5/thumbnails/21.jpg)
Thank You!@Sysomos