Twitter is a wonderful tool for getting live streaming information from around the world. This isn’t exclusive to information security. Sporting, political, entertainment, and other types of news first break on Twitter. It's also a valuable research tool and forum to discuss security topics. This can work to the advantage of a security team that embraces the social media platform.
I first discovered the value of Twitter when the Heartbleed news broke. Initially, we thought Heartbleed wouldn’t affect us. But after finding a free scan tool via Twitter we discovered that we were dead wrong. Unsure of how this was possible we started investigating. Twitter having served its discovery purpose now shifted into a research tool.
At the time everyone was discussing the vulnerability. There were plenty of links each uniquely analyzing and explaining the vulnerability. XKCD even had a great comic on it. After gaining a basic understanding of the vulnerability we needed to confirm our findings. After some more research, we found a tool for that purpose. Twitter wasn't the only tool we used (Google previously discussed was also used), but it did compliment our efforts for understanding, testing, and ultimately mitigating the vulnerability.
There are several ways a security team can setup Twitter. We ended up creating a brand new account. This allowed us to share the Twitter feed among ourselves and various devices. We then followed as many security professionals and companies as we could find. Hashtags like #infosec are a good place to start when searching for accounts to follow. Other hashtags that can be scouted for infosec accounts to follow include:
- #appsec (application security)
- #dtsr (podcast discussion hash tag)
- #pentesting (red teaming)
- #dfir (digital forensics, incident response)
- and many more.
Twitter also provides the list feature for carving out accounts that focus on an individual discipline. Simply, create a new list and start adding people to it. The great thing about lists is that you don't have to be following the account to add it to a list. This is useful for organization and to keep work from invading your personal Twitter feed constantly (if you have one). Lists are able to be subscribed to, if there's a desire not to start a new account.
Tweetdeck and Hootsuite are two options for managing multiple Twitter feeds. They allow for multiple feeds to be displayed in the browser. I typically have my person feed, personal interactions, the security team feed, and then either a hashtag or list.
If you haven’t incorporated Twitter into your day-to-day monitoring, do it. It’s a powerful tool that leverages live information on news, discussions, and tools. It’s free (which makes it affordable) and it’s simple to use. Keeping a thumb on the pulse of information security is essential for any security team.