Content

SC Lab Approved: One Year Later: Silobreaker

We've been using Silobreaker for over two years. We used it when we supported Superbowl 50 and we've been using it as we research our Threat Hunter blog. It has become the staple workhorse for researching open source intelligence here in the SC Labs. It is our workhorse for two reasons: It is extremely comprehensive (which gives us deep context for any cyber threat research we are conducting), and it lets us set up a dedicated custom search dashboard in minutes. We have several use cases for Silobreaker. First, we use it for ad hoc research. Because it goes far beyond cyber intelligence we can put the cyber pieces in context with business, government or other environments that may interact with the cyber pieces we are seeking. In short, that lets us see cyber as it fits into a bigger picture and that enables us to answer the important question, “so what?” Our second use case dips into Silobreaker's alerting. We have set up search dashboards for intelligence threads that we are tracking on an ongoing basis. That lets us wake up every morning to the important events that have happened in the past 24 hours. Silobreaker has several different formats in which to deliver its results. It has, of course, the expected summaries of items it finds in its searches. But it also has a network display that correlates information in an easy-to-understand graphical interface. There are specific summaries – such as blogs or social media – and, of course, you can drill down to get the full story. Silobreaker tracks information that appears across the internet from millions of sources and thousands of specialized groups, such as known hackers and threat campaigns. Outside of the unstructured data, such as text files and news stories, Silobreaker can track malware hashes, IP addresses and other indicators of compromise that are being reported on across the web. Drill-down is excellent and we have pivoted on information to dig into a thread that might offer additional information in our research. But Silobreaker is not just a standalone open source intelligence tool. We also use it to feed other tools, both manually and through its API.  For example, we use the API to feed Maltego, a sort of internet link analysis tool. With Maltego, we can see the relationships that develop between entities about which we are interested. Picking an IP address, for example, and running the Silobreaker transforms in Maltego gives us everything that Silobreaker has in its database relative to our search point. Then we can drill down within Maltego and see the results of our correlations. By running a search in Silobreaker and picking items of interest we can drill down within the tool and then pick further items to run in other tools, such as our closed source intel tools. Finding a malware hash or IP block opens up possibilities for further digging in tools that take those sorts of data as input. Intelligence analysis requires a starting point. What that point is generally means what data you start with. If the data – the “givens” – is open source, Silobreaker is a great starting point. If not, the tool likely will appear somewhere along the way in your research. Open source intelligence is about coverage, while closed source is about access. Silobreaker has excellent coverage and is increasing it constantly. More important, though, is how the tool processes the raw data. Using machine learning and smart algorithms, Silobreaker processes Big Data fast and thoroughly. In short, our year with Silobreaker has been rewarding. We have worked closely with the Silobreaker team to provide input as they continually update the product. Because it is cloud-based, we can use it from anywhere that we can access the internet. That lets us use it for training on threat hunting and cyber intelligence analysis. We recommend this tool and award it the SC Lab Approved designation for the coming year. Support is excellent and the product is in a constant state of updating to accommodate customer needs and to improve the sources it uses for intelligence gathering. Nothing on the internet is static and Silobreaker uses that to its advantage. We never have been confronted with a search that it couldn't do with good-to-excellent results. While it may seem pricey at first blush, it actually is at the low end of prices for similar – not as competent – products. Well worth the money! Details Product Silobreaker Online Company Silobreaker Web silobreaker.com/products Price From $37,500 per annum. What it does Open source intelligence. What we liked Ease of use, completeness of available information, huge database and rapid customization. The bottom line In our year-plus of in-lab use we have found this to be our open source intel workhorse. No cyberthreat analyst should be without it. The price is cheap for what it can do for you.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.