Digital Shadows Insights Blog : Intelligence Tradecraft

The latest advice, opinion and research from our dedicated security analyst team.

Open Source Intelligence versus Web Search: What's The Difference?

14 July 2016

“I can get that from Google!” – is a common phrase that has been directed at me during my time as an open source intelligence professional.

Read More

Inconsistencies in Intelligence Collection

28 June 2016

Amid the rising talk of “intelligence” within the security industry, the concept of intelligence collection has gained traction.

Read More


10 May 2016

Artificial Intelligence (AI) is currently going through one of its regular hype bubbles. Another dawn of the super-intelligent machine is upon us.

Read More

Getting Strategic With Your Threat Intelligence Program

27 April 2016

Tactical feeds have dominated the threat intelligence narrative for many years, but there is an emerging understanding that there must be more to threat intelligence than just open source and...

Read More

Uncertainties in the Language of Uncertainty – and why we need to talk about it

17 March 2016

If you know much about Digital Shadows SearchLight, you would know that one of our strengths in the provision of cyber situational awareness is the human in the loop.

Read More

OpIsrael: Looking ahead to April 7 with ABI

15 March 2016

At any one time, there is a host of hacktivist operations announced, discussed and in action.

Read More

Intelligence vs. Infosec: The 3-letter-guy to the rescue?

8 March 2016

Whenever Royal Marines deploy on operations, they take with them their own intelligence analysts. These analysts are fully trained and experienced Marines, meaning they benefit from having been in the...

Read More

Waiter, there’s a hole in my intelligence collection!

10 February 2016

We’re all swimming in data. There’s data everywhere. From packet captures to reputation feeds, it feels like there is a fire hydrant of data flooding analysts.

Read More

The Strategic Corporal and Information Security

19 January 2016

For those unfamiliar with the term “strategic corporal”, it sprung out of the conflicts in Afghanistan and Iraq.

Read More

Lots to learn? Academia and intelligence

4 January 2016

With the ongoing emergence of CTI you could be forgiven for thinking that the discipline of intelligence was new.

Read More

Communicating Intelligence: The Challenge of Consumption

10 December 2015

In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how we inform our clients of individual incidents.

Read More

Communicating Intelligence: Getting the message out

8 December 2015

In my previous blog I discussed some of the challenges associated with communicating intelligence. In this follow up piece, I’ll explain some of the methods we use here at Digital...

Read More

Communicating Intelligence: A battle of three sides

2 December 2015

Good intelligence depends in large measure on clear, concise writing.

Read More

Activity Based Intelligence – Activating your interest?

25 November 2015

Some threat actors love to make noise. Be it a tweet, a forum post, or a chat room message, communicating in the open often takes place.

Read More

The Intelligence cycle – what is it good for?

13 August 2015

It seems that the concept of ‘intelligence’ is a problem. The definition isn’t agreed, and the industry is peppered with vendors and organisations applying a range or meanings and interpretations.

Read More

The Dangers of Groupthink: Part 2

10 April 2015

This post moves on to the second cause of groupthink and tries to understand how organizational structural faults may result in manifestations of groupthink.

Read More

The Dangers of Groupthink

4 March 2015

Over the next few blog posts we’ll be looking at various types of cognitive bias and suggest ways of dealing with them.

Read More

Analytical Tradecraft at Digital Shadows

5 February 2015

This week my colleague and I attended the SANS Cyber Threat Intelligence conference in Washington DC. It was great to hear more from analysts and CTI users from across the community, as well as mingle with the plethora of vendors who were present. This blog explores some of the themes which arose from discussions on analytical tradecraft.

Read More

Source Evaluation

12 November 2014

To organisations, threat intelligence is about understanding the threat landscape – the various actors and campaigns which conduct cyber attacks – so that when they are specifically targeted it can be detected, mitigation put in place, and the risk to their business reduced. Robust source evaluation minimises the chance of crying wolf, or warning of the wrong threat entirely.

Read More

The Intelligence Trinity

30 October 2014

For several years now there has been considerable hype and hubris around the term ‘intelligence’ within the cyber security industry. It feels as if the term has been diluted as its usage has extended to include vendors dealing in a range of issues from bad IPs and Indicators of Compromise, to tip-offs that hacktivist groups are targeting particular sectors and the activities of APT groups, and everything in-between.

Read More