Recorded Future Announces Its Participation in Splunk's Adaptive Response Initiative

Posted: 28th September 2016

Earlier this year, Splunk announced their Adaptive Response Initiative — an effort bringing best-in-breed security capabilities together in ways that will improve an organization's ability to defend against advanced attacks.

At the core of the initiative is a new version of Splunk Enterprise Security, scheduled to be generally available soon, that facilitates bi-directional integrations from security partners. Through these integrations, each partner's unique capabilities can be coordinated and used for faster threat validation, systematic defensive actions, and better overall security posture.

Since we heard about this initiative at the March, 2016 RSA Conference, we've been interested in joining this select group of partners and enhancing the capabilities of our Splunk ES integration.

Today, we're very pleased to be included in Splunk's announcement about the expanded initiative.

Practically speaking, we've developed a feature using the Adaptive Response Framework that allows an analyst to dispatch an "Enrichment Action" on any notable event. This action, which can be applied to any IP address, domain, hash, or cyber vulnerability, will pull in rich context from Recorded Future (e.g., a comprehensive real-time view of everything that's publicly known about the given entity) into Splunk.

For IP addresses, hashes, and cyber vulnerabilities, Recorded Future risk scores are also delivered into Splunk and include references to the evidence from which the risk scores were derived.

Splunk Adaptive Response

Recorded Future Enrichment workflow using Splunk's Adaptive Response Framework.

While seeming simple in workflow, this is a huge improvement from the current version of Splunk ES and opens up the door for additional automation and coordinated security actions.

As with our own OMNI Intelligence Partners program launched earlier this year, we believe building and supporting integrated capabilities between security products and services is in the best interests of our customers and an important direction the entire security industry is taking. Splunk’s Adaptive Response Initiative is another example of an integrated ecosystem and we're extremely excited to be part of it.