Building a $100M Threat Intelligence Company
April 22, 2020 • Christopher Ahlberg
For the last 10 years, I have kept saying that we live in an uncertain world. In fact, that is the very premise behind Recorded Future. And now, 40 days into the world of COVID-19, unfortunately, this feels closer to home than ever. A pandemic is ravaging the world, causing death, unemployment, and uncertainty, with downstream effects yet to be seen — and unlikely to be good — be it more death, unrest, economic meltdown, or wars.
We’ve worked hard to build Recorded Future over the last decade, seeded with the very idea that uncertainty drives the need for actionable intelligence. We’ve relentlessly focused on finding answers and insights hidden in data that can help us fight what is bad. The world as it is today is extremely connected, both physically and digitally. The internet is the glue that connects us across continents, countries, and cultures — and that very internet is under attack by threat actors trying to steal money and information. Those very same actors are now taking advantage of COVID-19 to deliver malware, drive phishing campaigns, create scams, and spread disinformation.
It is our mission to apply intelligence to disrupt these threat actors and reduce uncertainty.
After 10 years of being in business, we have hit a fantastic milestone — crossing the $100 million annual recurring revenue (ARR) mark (very few SaaS companies pass that milestone). Our clients use our intelligence to defend their global computer networks in the cloud and at their corporate perimeter against threat actors trying to steal money and secrets. They include the very largest global brands and corporations, large government agencies around the world, but also small companies and organizations. At north of $100M, we’re indisputably the largest threat intelligence company. Late last year, Recorded Future was awarded a $50M threat intelligence contract for accelerated security with U.S. Cyber Command — proof that the private industry can contribute significantly in a field often seen as led by governments.
So, what’s next? My rallying cry internally at Recorded Future for the next 10 years is “Chapter Two.” There is an opportunity to build a significant intelligence company and become a cornerstone of the cybersecurity market, much like SIEMs, firewalls, EDR tools, and so on. We call this security intelligence, with the implication that intelligence will be consumed in many parts of a company. Recorded Future is the platform to do so.
The amazing part of the internet being the inter-connective glue across continents, countries, and cultures is how it is also a fantastic intelligence sensor. I jokingly refer to this as “Ahlberg’s Law of Intelligence” (anno 2011 or so), which states, “Eventually, everything ends up on the internet.” Over time, we’ve figured out how to collect open source intelligence (OSINT) in 30 different languages, dark web intelligence right out of the criminal communities, internet infrastructure data such as domain name registrations and digital certificates, malware and its infrastructure, as well as the very patterns of internet traffic. As you can imagine, this is a potentially overwhelming set of data sets (yeah, sets of sets of data sets).
Historically, such data has been sold as threat intelligence stove pipes, and users have been left trying to figure how to connect the dots. At Recorded Future, we made it our mission to out of the gate, connect the dots across stove pipes and make it dead easy for clients to connect the dots from our intelligence to their own data. Just like Bloomberg built a fantastic business and business model based on data, analytics, workflows, and user experience, we believe we can replicate this in cybersecurity.
There is a lot of work in front of us, data to be collected, intelligence to be created, bad guys to be disrupted, and wins to be had in the meantime!
And yes, intelligence can play a role in decreasing uncertainty, even in the times of COVID-19.
Let’s severely disrupt the adversaries. Godspeed!