Key Challenges Addressed
Many information sources detail valuable data via OSINT such as usernames, job titles, contact details, and recruitment information that can be used to build a detailed picture of an organisation and their people.
This can be used by malicious actors to target their attack and improve their likelihood of success. To address this, organisations need to understand where information is leaking and how it could be used against them.
However, searching for OSINT can return overwhelming amounts of data, much of which might not prove useful. Instead, organisations need a clear strategy in place for acquiring accurate information that will help them focus their efforts. Given that this requires experience searching for OSINT and a strong understanding of how it can be used, it is uncommon to find these capabilities within most organisations.
Our data privacy specialists will work with you to review your data processing activities to ensure that all personal data is being handled in accordance with regulations.
While using the UK & EU GDPR as a benchmark, the assessment will also note all applicable nuances of global data privacy legislation applicable to your organisation. This includes other legislation and standards such as the Data Protection Act and PECR. A GDPR Gap Analysis from Bridewell can also be used as an external audit of their compliance status and act as a complement to an internal audit, if one has already been performed.
Here are just some of the benefits of trusting Bridewell to assist with Open Source Intelligence Service:
An Understanding of Your Organisation's Footprint
Gain a comprehensive view of your people and processes, and how attackers may look to exploit them.
A Prioritised List of Potential Risks
Understand which risks and attacks pose the greatest risk to your applications and APIs, and how to address them.
Guidance on Securing Information
Bridewell will provide guidance on how OSINT can be removed from public forums or, where this isn’t possible, otherwise secured.
Targeted Awareness Training
Enhance your employees’ understanding of how to prevent sensitive information from leaking to public sources.
How it Works
Bridewell uses a combination of active, passive and semi-passive gathering to collect as much information as possible about your organisation from publicly available sources. In particular, our team searches for:
- Physical security measures for the location
- Infrastructure and networking detail
- Full DNS listings of all associated assets
- Netblock owners (whois data) and email records (MX + mail address structure).
- Any other information relating to organisations and employees which could potentially be used in future exploits
- Information from previous breaches and any passwords associated with your organisation’s accounts
The information gathered during this stage is often used to inform wider penetrating assessments from our team, which can vary depending on the specific requirements of your organisation. Our consultants also use these insights to guide your organisation on how they can remove this information or take actions to mitigate the risk posed by it.
As one of the UK's largest independent cyber security service providers, we're trusted by some of the most highly regulated organisations to protect their data, reputation and business. With our industry-leading certifications and our customer-centric approach, we're optimally positioned to provide end-to-end cyber security services tailored to your business' individual needs.
The term ‘open source’ refers to publicly available information. Open Source Intelligence, OSINT for short, refers to data and information that’s been collected from numerous sources to be used for intelligence purposes.
OSINT is primarily used in law enforcement and business intelligence, but is also valuable and widely-used by security professionals to help them carry out their services, assessments and security testing procedures.
While Open Source Intelligence does derive a great deal of information from publicly available sources, ranging from social media data to online publications, there are concerns for its legitimacy and accuracy.
Penetration Testing Insights
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.