Recorded Future

Recorded Future Security Intelligence Platform is a highly specialized security solution that accelerates the work of SOC by providing an unparalleled amount of knowledge about the cyber threat landscape. The entire product uses advanced data analysis algorithms in both predictable and unstructured formats. In order to enrich the content, Recorded Future uses the patented Natural Language Processing algorithms, which enable the system to be fed in real time with information from, among others, press releases, social media, technical articles, research reports, and numerous hacker forums (dark web). At the same time, the platform monitors and analyzes data from various types of reputation databases, including vulnerability databases, enriching the content with the results of the work of an internal cybersecurity research center called Insikt Group. The Recorded Future technology enables the automatic correlation of data from many sources (over 850,000), precise description of the security status and related problems for over 6 billion entities, and the entire analytical results are presented in an accessible and easy way.

Description of technology

SOAR/SOC

Brand Intelligence - Recorded Future platform`s functionality to convey cybersecurity intelligence from the perspective of the organization using it. With the help of the built-in monitoring lists, it is possible to indicate the name of the company and subsidiaries, owned domains, used technology stack and many other elements specific for the protected organization. The analytical engines inside the platform then enable early alerting about threats to our brand, e.g. detecting domain abuse, impersonating an organization, phishing campaigns using our image, planned cyber attacks on our company, leakage of employees' credentials and many others.

Geopolitical Intelligence - a collection of geopolitical information that may be necessary for decision-makers within the organization. The information also covers planned attacks on physical resources such as cities, buildings, regions or countries. The module accelerates the process of making critical decisions using OSINT contextual data on geopolitical threats and trends. The huge data collection within Geopolitical Intelligence includes: dedicated Intelligence Cards for locations and cities and the results of the investigative analysis of the organization`s research teams.

SecOps Intelligence - a mechanism inside the Recorded Future Security Intelligence platform that enables SecOps / SOC departments to make faster decisions based on data inside the platform. The concept of using a reliable source of information allows to accelerate work in response to security incidents at any stage. Organizations adopting SecOps Intelligence can also use the SandBox engines built into Recorded Future for files and URLs. The platform offers many built-in integrations with popular SIEM and SOAR class solutions to automate analytical and reactionary processes in SecOps activities, and is also open to its proprietary use of its capabilities via API.

Third-Party Intelligence - a mechanism for monitoring the security of subsidiaries, business partners, technology partners or related companies. Thanks to this approach, Recorded Future offers an additional portion of data on the security status of the organization within the ecosystem of the protected entity. This tool inside the Security Intelligence Platform extends the level of awareness of SecOps departments and allows for early response in the event of cyber threats from third parties important to us.

Threat Intelligence - one of the functions within the Recorded Future Security Intelligence Platform for quick and immediate access to information on global and local threats, as well as specific for the protected organization. All the intelligence and data inside the solution enables real-time search, presenting a complete set of results, including information about connections and contextual data. The information presented by the solution gives a quick answer to the questions: who may attack us or who did it? What were the motivations for doing this? What IOCs to look for in local systems? For each object associated with a given threat (company, IP address, domain, hash, location, etc.), Recorded Future presents a dedicated Intelligence Card containing a complete set of necessary information.

Vulnerability Intelligence - a functionality of the Recorded Future platform designed to monitor vulnerabilities on a global scale, as well as those applicable to the IT environment of the protected organization. Its main task is to determine the Risk Score for each vulnerability in real time in order to make the level of threat real. This type of contextual information helps security departments to properly define a priority list for actions to correct or compensate for vulnerabilities. The risk level indicated by Vulnerability Intelligence is a reliable indication of the scale of the threat thanks to the monitoring of hacking forums, the vulnerability trading market, or campaigns and their methodologies planned by adversaries.

Helpful files