Open Source Intelligence (OSINT)

Sapphire’s open source intelligence (OSINT)

Each time an individual uses the internet to visit websites, access search engines or social networking sites they leave behind a digital footprint.

Publicly available information on your employees can form valuable intelligence in the reconnaissance phase of the cyber-attack chain. Be it comments on social media, a Skype call, an app or an email sent – their online history can be seen, tracked and exploited. The threat can be more significant especially if or when the target is senior management or a board member.

As the reliance on digital platforms increases, many organisations are now turning their attention to monitoring the threats posed to their organisation by the manipulation of readily available data.

Sapphire’s Open Source Intelligence (OSINT) service is designed to enable an organisation to identify its digital footprint online and take a proactive approach to increase its cybersecurity.


osint

Why Sapphire?

Sapphire’s OSINT team is tasked with analysing publically available information from common data sources about employees, management teams, suppliers, and partners. This enables them to build a picture of susceptible individuals’ hierarchies and targeting packages, and improve organisational awareness.

Here is why organisations choose Sapphire’s OSINT services to gather and analyse relevant information to reduce security risks:

Informed: Get a clear picture of what your human attack surface looks like as a threat actor for better visibility of human risk, as well as screening recruits and conducting due diligence.

Insightful: Run simulated attacks on individuals within your organisation to prepare target functions, such as finance, for real-world attacks.

Pragmatic: Foster a culture of security by combining simulated attacks with security awareness training.

Get Started |

open source intelligence

business benefits

Unlike social media platforms that have trained algorithms to direct and analyse the flow of information, organisations need to take extra steps to prevent potential threats through employees and leaders.

The most significant benefit of all open source intelligence tools is to give businesses and their leaders or decision-makers complete, timely, and actionable data to influence decision-making positively. With adequate and accurate data, you can prevent attacks or solve them faster should they happen in real-time.

Here are some examples of open-source intelligence (OSINT) in action

1. Gathering data about an organisation, people, and services from search results on social media, search engines, or other social networks.

2. When law enforcement agencies use public resources online for data collection that affects national security.

3. When an organisation’s security professionals use online tools to analyse the system’s security risks.

4. When users collect data, even sensitive information, about employees to run simulated attacks.

open source intelligence: key features


brand protection

One of the key aspects of OSINT is brand protection. Organisations use OSINT to prevent their brand from being exploited online (such as threat actors forging their digital assets). OSINT can also be used to ensure clients (or staff) cannot expose sensitive data to third parties, thus preventing cyber-attacks from becoming more accurate. OSINT can prevent reputational damage at C-Level / Executive protection for large organisations, where a chairman/CEO is known in the public eye or business community. It would be damaging to the person and the organisation if they were being misrepresented.


The security team often approaches Sapphire’s OSINT team within an organisation to demonstrate potential attack vectors to c-level employees. By utilising the open source element of the service (without going to the deep or dark web), an OSINT gathering can discover what information is easily accessible about board members, employees or the organisation.


engaging the board

identify rogue employees

Organisations concerned about their employees can engage with the Sapphire OSINT team. Our team can carry out an investigation that includes background checks and reviewing the individual’s activity and footprint across the internet. Supported by a full forensics investigation consisting of the individual’s devices or corporate servers, it is possible to ascertain if the employee is breaking organisation policies or procedures.


Frequently Asked Questions

Open Source refers to information available for public consumption, whereas Open Source Intelligence, OSINT, refers to the practice of gathering publicly available or published information on a target. It is often used by an attacker when developing the reconnaissance phase of their targeting.

Notably, the open-source information is not limited to what is available on a search engine. For example, you can find some web pages and other resources using the Google search engine also have a lot of sources of open-source information.

OSINT research can come from a variety of sources, including:

  • Academic publications, for example, research papers.
  • Media
  • Websites, social media platforms, blogs, discussion boards
  • Public data such as open government documents

While OSINT is among the many intelligence collection types, still, it has main categories, including:

• Human intelligence (HUMINT),

• Signals intelligence (SIGINT),

• Imagery intelligence and Measurement (IMINT),

• Social media analysis (SOCMINT),

• Measurement and signatures intelligence (MASINT).

In addition, there are three primary methods of OSINT gathering that a person or organisation can use;

  1. Passive open-source intelligence. When you need to gather information from public sources, passive gathering is the easiest method to use. Generally, you can harvest data anonymously using this method, and the target will hardly notice your activities.
  2. Semi-passive open-source intelligence. Reconnaissance activities using this OSINT method resemble regular internet traffic, albeit more detailed than the passive method. The method is used to target specific servers to collect general information without launching attack alarms that would lead to defensive responses from the target.
  3. Active open-source intelligence. Using this method, you are deliberate when interacting with servers like ports, security scanners, and more to harvest most information. As a result, the target will be alarmed by new activity and could trigger a response that locks you out of the system.

When you want to prevent your organisation from any semi-passive and active open-source intelligence, using the best OSINT tools will block any entry point an attacker might attempt to use to interact with your servers.

In a threat context, Open Source Intelligence (OSINT) is often used by an attacker looking to achieve several things:

  1. Identify vulnerabilities to be exploited
  2. Understand suppliers for supply chain attacks
  3. Researching staff for social engineering attacks

A dedicated threat actor can collect the following information types on employees and companies:

  • Physical locations
  • Preferences and personal interests
  • Social media profiles and contacts
  • Preferred websites
  • Email addresses and aliases for personal approaches
  • Mobile information like device type, applications in use, and phone numbers
  • Software and hardware used
  • Issues with internal technology
  • Other PII

Finding the relevant information takes a significant amount of time and understanding of sources, especially if analysing a big group of people, such as a finance team at a large organisation. It is also often deemed outside of responsibilities by front line security teams, who do not have the necessary skills.

OSINT (open-source intelligence) techniques are crucial for offering knowledge for threat intelligence analysts, private investigators, or any senior security consultant to succeed in their field. Operating an OSINT scan can produce hundreds of thousands of results, mostly when external and internal assets are involved. Moreover, these OSINT tools are ideal because they allow users to automate data collection, organise, analyse IP addresses, and find links between all individual information pieces.

When investing in an open-source intelligence team, you need to understand the kind of coverage they offer regarding threat intelligence. For example, while using search engines, even the dark web, they need to do so round the clock and cover different threat types when harvesting data.

Sapphire OSINT tool covers all vulnerabilities from your employees who use any online service through different data sources to allow the best preparedness approaches.

c) Accurate information grouping

While gathering information from a search engine or related data sources is the easy part, making it actionable data is a unique requirement you should have for any OSINT tool. The amount of content posted on the web each second is tremendous, and in any post, there could be a threat to your organisation.

A good open-source intelligence team needs to separate various data points to make harvested information actionable. Sapphire uses specialist skills to filter verified data from unverified data to provide actionable intelligence. At the same time, the verified data is evaluated to determine the order of relevance to help you avert threats to your organisation.

d) Remote assessment

After the Coronavirus pandemic, you might have employees working from home, which can affect the level of threats you are exposed to. When OSINT tools analyse threats, you need to connect them to location intelligence to alert your Human Resource Information System of threats originating from different locations.

Sapphire is a leading cyber security company in the UK celebrating over 25 years of mitigating cyber threats for organisations like yours. In preventing security breaches, your company will be exposed to the appropriate audience, processes and technology. While Sapphire is an experienced company, it also uses the latest technologies to gather, parse, and interpret threats in real-time.

Here are the benefits of using Sapphire for reliable threat intelligence.

a) Cost-effectiveness
Years ago, teams needed to invest in heavy machinery or processes, such as spy satellites or humans, to collect actionable data. But, with the Internet of Things, OSINT collection is easier and more cost-effective. With Sapphire’s OSINT team, you are guaranteed affordable, ethical hacking practices to collect and analyse data that protects you, your organisation, and your employees against suspicious cyber attacks.

b) Early data breach detection
With this new age of information, it is difficult to tell when your employees risk leaking confidential data to awaiting attackers. An attacker can lure an employee into providing data through a search engine, social media, blogs, and more data sources. If the employee does not detect the breach, Saphhire is well-equipped to uncover online intelligence fast.

The Saphire OSINT team is deft at navigating buried data from search engines and more to protect your organisation’s cyber hygiene. With the latest technologies and OSINT techniques, you can ensure that your organisation’s customer information, intellectual property, and more sensitive information will be safeguarded before any threats occur.

c) Brand protection
Your organisation relies on brand trust to survive. Often, it is the work of employees, board members, and business owners who need to keep an appearance online and physically to maintain this trust. However, with more avenues to harvest their personal data, it can be overwhelming to prevent cyber breaches without a dedicated OSINT team. Sapphire offers the latest OSINT resources to inform you ahead of leaks and avert the danger, thus maintaining brand reputation and trust.

On the other hand, understanding that attackers can use search engines and social media pages to harvest sensitive data, Sapphire’s OSINT team crawls through all brand name mentions and engagement on posts to analyse potential threats before they materialise.

d) Prevent real-time crimes on your premises
With Sapphire’s business OSINT, you have a better chance of protecting your employees and premises from physical harm. With accurate OSINT collection, the team can tell when unusual activity in your offices or nearby locations poses physical threats to your organisations and employees.

Using open-source intelligence, the Sapphire security teams will use real-time data collected from employees to investigate physical breaches into your premises.

e) Sniff out rogue employees
When data breaches mar your organisation, the Sapphire OSINT team can perform ethical hacking into employees social media engagements, search engine activities, and all online digital footprints to determine when they breach your data protection policies.

f) Influence public sentiment
The Sapphire OSINT gathering is an invaluable asset when you need to understand the public perception of your organisation’s activities. When collecting information, you will understand how to make better decisions to expand operations or resolve a communication crisis.

g) Preventing information overload
Using a dedicated OSINT tool such as Sapphire’s helps you prepare and act on information as you receive it. As seen, open-source intelligence not only lets you identify a possible attack surface it also allows you to harvest more information about your employees and their online activities. But, without the know-how of using the information to protect your organisation and employees, the information will not be of much help.

OSINT data collection is time-consuming, especially when you need to piece together pieces of information from different data sources to identify a threat. Sapphire analyses discovered information to discover threats and vulnerabilities that could affect your company and employees safety. With accurate information, the OSINT team will interpret this data to your security teams, who will act on it to avert any danger.

While too much information is gathered online, your organisation needs an experienced team to verify its accuracy. As it is available and easy to perform for you, open-source intelligence is also available to potential attackers. Unfortunately, determined attackers can also provide false information to mislead your investigation, which is where Sapphire’s OSINT team can help.

With a team privy to similar techniques used by the attackers, Sapphire can perform the necessary analytical work to verify the authenticity of the information gathered before using it to protect potential targets.

h) Protect your organisation from rogue businesses
When looking to expand operations, you will also want to partner with new clients, and this can have you fall for rogue operators with illegal business dealings. With Sapphire’s OSINT techniques, you will get valuable data on your potential clients to clear any doubts or red flags about their business operations.

At the same time, open-source intelligence will help you deal with counterfeiters. These are businesses or persons who might be copying your business practices or products you sell, thus forcing your business to accrue avoidable losses while also damaging your brand’s reputation.

i) The Sapphire open-source intelligence team will train your employees
When needing to prevent data breaches, you understand how attackers can prey on unassuming employees through daily activities like sending email, invites to subscribe to online services, or to use certain apps. While the Sapphire OSINT team can collect this compromising data and avert danger, you need to train employees on better practices to prevent future breaches.

As part of the OSINT services, Sapphire runs simulated attacks using practical examples to inform your employees how attacks happen and how they can respond to such threats.

j) Sapphire has a holistic approach to cyber security
If there is one thing that rights true, open-source intelligence is not sufficient by itself. Truthfully, while you can collect data, analyse it, and interpret it, you need more security measures to prevent attacks. For this, Sapphire is your best protection against cyber security threats.

Sapphire was founded 25 years ago to help the private sector prevent data breaches. In addition to having open-source intelligence experts, Sapphire also has teams offering managed security services such as vulnerability management, EDR, SOC, SIEM, incidence response, and security awareness training.

On the other hand, Sapphire also offers technical solutions such as cloud, endpoint, email & web, data leakage, malware, and firewall and IPS protection to your entire organisation. Furthermore, as part of the security consultancy, Sapphire offers OSINT, pen testing, digital forensics and data recovery services to guarantee your organisation’s cyber hygiene.

Sapphire is adequately equipped to protect your organisation from data breaches and train your employees on better cyber habits with managed services, technical security solutions, and continuous security consultancy services. With detailed OSINT, the company will introduce better analytical and actionable responses to any threats.

You can get in touch with Sapphire here to launch an application for reliable open-source intelligence services.