top of page
Search

The Best OSINT Tool for Protecting Mobile Assets

Updated: Jul 15


A picture of a phone calling 911.

Open Source Intelligence (OSINT) – publicly available information from open sources such as social media and other open platforms – has become a critical tool for private businesses and public agencies alike. Over 80% of the intelligence the US military and President use is open source. Corporate security functions regularly use OSINT to monitor security threats and assess business continuity risks.

While the need to protect assets from external threats is nearly universal, how this need manifests as day-to-day operations varies widely across industries. For logistics companies, it may be geopolitical risks that threaten supply chains. For power utilities, it may be wildfires that could potentially bankrupt the company.


Security teams tasked with protecting mobile assets face unique challenges when protecting a stationary facility. Mobile assets in unsecured environments face an increased risk of dangers like the assailant who attacked San Jose's mayor security detail while engaging in a street interview. Everyday occurrences from traffic hazards to gun violence are serious threats to safety when they're outside the four walls of a secured environment.


The best way to protect mobile assets from physical harm is to simply avoid threats entirely, and OSINT is a fantastic tool to do that. The right intelligence can give advance notice of an emerging event, allowing security teams to reroute their asset or at least be aware of it. The problem is that not all OSINT is made equal. In the same way safety priorities vary greatly by organization, OSINT itself cannot be seen as a single monolithic resource that solves every problem for all security functions.


Challenges of Traditional OSINT

Traditional OSINT providers mostly aggregate public sources like social feeds and local news. This strategy works for high-level situational awareness – eg. understanding geopolitical risks to business operations – but is inadequate for tasks such as executive protection and keeping field workers safe. These jobs require real-time detection of highly localized risk events like individual violent actors and traffic hazards.


There are three simple reasons why traditional OSINT aggregators fail:


  1. Poor detection: OSINT aggregators can only detect what is available on the open internet. Most localized threat events important to security teams simply do not get posted to the internet.

  2. Delayed intelligence: In the rare cases where physical security threats get posted online, the information only comes hours after the threat is over. When an event like a shooting occurs, posting on X/Twitter is not a top priority for bystanders.

  3. Misinformation: Any individual can freely post content on the internet, and OSINT aggregators shift the responsibility of verifying intelligence onto their customers.


Evaluating OSINT Sources

All OSINT aggregators market intelligence that is "actionable" – often it is not. Security teams who are evaluating these platforms should ask:


  1. Where is the intelligence being sourced from? If mostly from social feeds and local news, is that really sufficient to help protect assets in a dynamic risk environment?

  2. How much time has passed from the time of threat occurrence to the time of threat detection? This is a key distinction. Most OSINT aggregators who share timelines advertising how fast they detected a threat event, usually start the clock from when a journalist hits “publish”, not when the event actually occurred.


Social Feeds

Local News

Availability

High. Content from social feeds is growing exponentially and easy to ingest.

High. Journalists make their work easy to be aggregated.

Thoroughness

Low. Most physical threat events simply do not get posted online, and any security team relying solely on social feeds are liable to miss many alerts.

Low. Local news outlets have limited resources and only cover a fraction of the events important to security teams.

Speed

Medium. Typically, early reports of a threat event may be posted 30 minutes or later after the event has concluded.

Low. What journalists consider "breaking news" usually occurred many hours ago, which is a time frame that is irrelevant to most security professionals.

Accuracy

Low. Misinformation is rife on social media, and getting worse with generative AI.

High. The news can get it wrong, but generally, they trade speed for accurate reporting.


Clearly, traditional OSINT aggregators leave much to be desired for any security team that wants to proactively protect their assets.


New OSINT Strategy: First Responders

Thankfully, a new approach to threat detection is emerging that solves the drawbacks of both social feeds and local news: intelligence directly from first responders.


First responders detect far more events than social media

During emergencies, the general public is trained to call for help. As a result, first responders have visibility into nearly every crisis. Social media and the news do not.


In fact, at Beakon, we did a comparison of risk events detected by social feeds versus a tool that monitors all police radio communications and saw that a tool that focuses on a 911-based strategy detected over 15 times the risk events of a social feed-only tool.


First responders are first to know

They’re called “first'' responders for a reason! In nearly all cases, first responders will be the first to know about unfolding crises, and once on scene, will invariably have more context than anyone else regarding the events unfolding during chaotic situations. When this information is accessed in real-time, a security team's ability to proactively protect their assets is maximized


Intelligence from first responders is easier to verify and analyze

Ask an analyst which part of their workflow takes the most time and effort, and it's likely to be the process of verifying the accuracy of intelligence.

That shouldn’t be surprising. Much of OSINT is unindexed, unstructured, and from questionable sources. In order to act on intelligence, analysts need to weigh the veracity of the intelligence, cross-reference it against other sources, and come to a conclusion on its overall reliability.


Intelligence from first responders, while not always easy to collect and parse, is consistently reliable and can be transformed into highly structured intelligence by the right platform, saving considerable time and resources for security operations teams.


How is this new?


Relying on first responders for intelligence is not a new strategy. Many experienced corporate security professionals have close personal ties to active first responders who may provide intelligence off the record. Although these contacts are a fantastic source of information, this informal system relies on relationships that may get lost over time as individuals transition to other roles and communication channels are lost. Additionally, first responders are typically occupied with conducting their investigations, making outreach to corporate partners a secondary priority, which can consequently cause delays for security teams.


A powerful alternative is to monitor police and fire radios to follow investigations and learn ground truth in real-time. This can be an excellent way of gathering information from first responders at scale - no personal lines into departments necessary.


Ultimately, first responder-based OSINT fulfills a promise that a social feed-only monitoring strategy cannot. Not only does it take advantage of the over one million responders who visually verify facts at the scene of unfolding emergencies, the 911 system itself leverages the eyes and ears of 300 million Americans trained to report danger as soon as they see it. In many ways, 911 is the perfect super app for security operations teams to monitor.


Who should be using first responder OSINT?


First responder-based OSINT is ideal for use cases like Travel Risk Management (TRM), Executive Protection (EP), Workplace Violence Prevention (WPV) and protection of people and assets facing safety risks outside the security of a corporate facility (eg. traveling healthcare workers, field technicians, and delivery workers).


These are all examples where the speed of reliable, accurate information is paramount in order for security teams to avoid risk and protect their assets, not merely react after the fact.


Using a platform like Beakon, security teams can reliably identify emerging security threats on the same timeframe as first responders, not social media users and journalists.


First Responder Shortcomings


A first responder-only strategy isn’t a singular solution for every security operation.


The United States, Canada, and Australia are unique in that they have largely open radio systems. Information sharing between public and private sectors is less readily available throughout the rest of the world.


Even within these countries, some radio systems are encrypted to the general public. Gaining access to these systems is allowed on a case-by-case basis according to each agency’s policy.


Clearly, just because information is publicly available, that does not mean that it is easily accessible. Yet, a truly prepared security team must be able to analyze hard-to-access OSINT like real-time 911 data or risk being blindsided.


Differences Among OSINT platforms


Given the difficulty of ingesting and parsing real-time emergency responder data, few threat intelligence platforms make a claim to monitor it. But even amongst the platforms that do, there are important nuances to be aware of. With the exception of Beakon, platforms that make that claim to monitor 911 are relying on third-party networks of radios that are not under the control of the platform itself and therefore, not enterprise-grade. True to their history as aggregators of open source information, these platforms tap into networks of amateur radio contributors who share their data feeds on a volunteer basis.


There are numerous problems with relying on third-party radio:


Reliability

A network of amateur radios can and do go down – often for weeks at a time – with no recourse for the threat intelligence provider and their customers. Availability gaps can leave businesses at risk of massive blindspots. In fact, the threat intelligence providers using these third-party radio networks aren’t able to detect when a feed goes down, meaning they’re unable to inform their users when coverage is compromised.


Usability

The radio feeds themselves may be unusable. Due to the volunteer nature of these third-party radio networks, they often use consumer-grade equipment such as off-the-shelf radio scanners and low-end computers. This can result in low-quality feeds that can be impossible to parse. This is highly problematic since, in order to get value from these feeds, they need to be intelligible to the humans/AI that are doing the parsing. Low quality feeds mean missed alerts for customers.


Gaps in Coverage

Volunteer radio networks can have gaps in coverage due to the nature of how their radios operate. Radio coverage in a major metropolitan area requires monitoring every available channel. For example, in New York City, critical information can come over the dozens of precinct channels, special operations channels, the fire department, transit police, and more. The radios used by many volunteers essentially “channel surf” by scanning one channel at a time, but not all channels at once. In order to monitor all channels concurrently, the radio feed provider would need to put together a high-end setup and install software that’s able monitor all channels - a lofty demand for a volunteer to fulfill.


The Beakon Advantage


Beakon is the only threat intelligence platform that owns, deploys, and monitors its proprietary network of radios to guarantee 100% uptime. Beakon is also the only enterprise platform that has an in-house team of trained experts with years of experience monitoring radio signals and translating them into actionable threat intelligence.


Beakon works best for organizations that need comprehensive, real-time visibility into all threat events occurring in their area, including incidents that simply won't make the news or get posted to social media.


Get access to Beakon today and see what other OSINT platforms are missing.



84 views0 comments

Comentários


bottom of page