Recorded Future at RSA: Platform Capabilities to Drive the Future of Threat Intelligence

Posted: 6th May 2024
By: Kalpana Singh, Denise Lu, Kathleen Kuczma
Recorded Future at RSA: Platform Capabilities to Drive the Future of Threat Intelligence

Recorded Future at RSA

Platform Capabilities to Drive the Future of Threat Intelligence

From credential theft to social engineering and disinformation campaigns, cybercriminals and state-sponsored threat actors continue to evolve their tactics and expand their ambitions.

This week at RSA, Recorded Future is showcasing the ways we’re innovating to help our clients thwart the adversary on every front. We’re doing so with a powerful combination of Recorded Future’s automated threat intelligence solutions and highly skilled expertise, with a mission to prevent business disruption.

A unified platform approach

With our unique unified threat intelligence platform, we’ve built foundational technology that supports our solutions and delivers 99%+ uptime, so our clients always have real-time information about the latest and most relevant cyber threats. Platform infrastructure includes intelligent automation; an Intelligence Graph™ that automatically collects, dynamically links, and analyzes data in real time; an API first approach and 100+ out-of-the-box integrations; Collective Insights to automate security control validation; and Recorded Future AI.

We further enrich our Platform with specialized offerings - Our Intelligence Services team provides intelligence requirement planning, threat profile monitoring, supply chain monitoring, and more to help clients understand their specific vulnerabilities and risks and stay ahead of risks. Insikt Group, the company's research arm, is comprised of world-class subject-matter experts in technical threat intelligence and foreign adversary tactics, techniques, and procedures (TTPs), including analysts and security researchers with deep government and industry experience as well as native foreign-language skills. Their mission is to produce intelligence that reduces risk for clients, enables tangible outcomes, and avoids business disruption.

Ultimately, our unified platform powers five solutions that address the biggest areas of challenge for enterprises: Ransomware Mitigation, Automate Security Workflows, Mitigate Supply Chain Risk, Exposure Management, and Digital Risk Protection.

Now, we’re excited to announce that we’re making big investments in three core areas of our platform: Recorded Future AI, Collective Insights, and Intelligence Cards.

#1: Readying Our Clients for the Seismic Shifts of Weaponized AI with Recorded Future AI

With global uncertainties around war, politics, and economics, the increasingly complex threat landscape is only becoming more fraught with risk — and the rapid advance of generative AI is a major cause for concern.

As 2024 progresses, we expect to see state-sponsored threat actors using AI to create effective disinformation campaigns, to influence elections. We also anticipate that adversaries will drive scaled spear-phishing campaigns, amplified with other social engineering efforts to impersonate senior executives and imitate company websites to steal information.

To get out ahead of attackers, security teams need more actionable and relevant intelligence. They’re looking to streamline the threat analysis process, upskill their analysts, and get comprehensive visibility into threats to ensure that they can trust the information they’re receiving.

Recorded Future AI was designed to do all of the above by fighting AI with AI. We’re investing heavily in this technology, which leverages data from across our Intelligence Cloud to automatically aggregate and analyze commonalities across attacks, brand exposure, and more. Our AI continuously learns and adapts, giving security teams on-demand access to real-time threat intelligence and actionable insights via a simple natural language interface. Learn more about Recorded Future AI.

With the AI Conversation feature, analysts can ask the Intelligence Graph questions using simple text prompts. With the AI Conversation feature, analysts can ask the Intelligence Graph questions using simple text prompts.

With AI Insights, analysts can generate quick summaries from large amounts of text and data. With AI Insights, analysts can generate quick summaries from large amounts of text and data.

#2: Empowering Security Teams with a Holistic View of Potential Threats via Collective Insights

As Security Operations Center (SOC), Cyber Threat Intelligence (CTI), and Incident Response (IR) teams use a growing variety of tools, it’s becoming increasingly difficult for analysts to see all of their available data and correlate it across the tools.

At Recorded Future, we know that real visibility involves seeing three things: what’s happening in your own environment, what’s happening in the wild, and what’s happening to other companies like yours — whether they’re in your industry or region, or they simply use the same tools you do.

When you combine external data with the internal data from the tools you’ve invested in — like your SIEM, SOAR, EDR, Identity Provider, password managers, and email security tools — you get an invaluable, holistic perspective on the threats that are unique to your organization. That’s what Recorded Future delivers with Collective Insights. The feature provides visual telemetry from a variety of security controls such as Splunk and EDR, all enriched with data sourced from the Recorded Future community and other external threat intelligence, and presented in one consolidated view. Recorded Future has implemented extensive measures to ensure that such data sourced from our community is properly protected, and rendered unattributable to address privacy concerns.

As we’ve heard from Alex Minster, Cyber Security Engineer at Kyriba: “Threat intelligence from Recorded Future makes our team look prophetic. We’re able to say, ‘here’s something we need to be worrying about so let’s raise awareness around that,’ and sure enough, it starts to land on our shores a month or so later. It’s been a great boost to our organization to have Recorded Future provide that early ‘heads up’ so we can get out in front when something bubbles up.”

With Collective Insights, it’s never been easier to unveil patterns and trends so you can identify relevant potential attacks, enhance detections and threat hunts, and prioritize your response. See Collective Insights in action.

#3: Enabling Actionable Investigations with New and Enhanced Intelligence Cards

Time is always of the essence in cyber threat investigations, and our revamped Intelligence Cards save time by providing analysts with a better visualization experience and new data sources.

Analysts can reference the Intelligence Cards to easily see all of the most important information they need for actionable investigation in one view, including Risk Score, Risk Score history, domain, IP, and tags. The MITRE ATT&CK map provides details on tactics, techniques, and procedures (TTPs) across threat actor groups, including the techniques and software they’re known to use.

With these Intelligence Cards capabilities, security teams can quickly identify defensive gaps, assess security tool capabilities, organize detections, hunt for threats, engage in red team activities, validate mitigation controls, and more. Learn more about Intelligence Cards

Accelerating investigation time with Image Similarity Search and Third-party Intelligence

When it comes to scaled phishing campaigns, attackers can make small changes to images, including changes to image resolution and text, making it challenging for security teams to correlate campaign sources and triage investigations. With Image Similarity Search, find similar images, dedupe them, and be able to organize all related images in a table view making investigations easier.

Companies lack comprehensive insights into the security performance of their supply chain across vendors, partners, and suppliers which expands their attack surface and exposes them to potential risk.

Recorded Future’s Third-Party Intelligence enables security teams to create a watchlist of companies in their supply chain as well as potential new vendors. Teams can use the external validation and comparative data in their watchlist to make informed decisions about reducing risk.

Harness Automation to Go from Reactive Threat Management to Proactive Risk Management

Wherever you are in your security journey, Recorded Future can help you harness the power of automation to drive operational efficiency while still maintaining security controls.

With our Platform and solutions, your security team can take a more proactive approach, reducing risk and securely driving your business forward. Contact us today to request a demo.